Commit graph

1443 commits

Author SHA1 Message Date
Alexander Larsson
4cb4de6cda conmon: Move OOM setup to helper function
Signed-off-by: Alexander Larsson <alexl@redhat.com>
2017-06-22 16:09:27 +02:00
Alexander Larsson
34b75c20c2 conmon: Move terminal control fifo setup to a helper function
Signed-off-by: Alexander Larsson <alexl@redhat.com>
2017-06-22 16:09:27 +02:00
Alexander Larsson
640ebeafb3 conmon: Break out attach socket setup to helper function
Signed-off-by: Alexander Larsson <alexl@redhat.com>
2017-06-22 16:09:27 +02:00
Alexander Larsson
cc3a1615fb conmon: Break out connection socket setup to a separate function
Signed-off-by: Alexander Larsson <alexl@redhat.com>
2017-06-22 16:09:27 +02:00
Alexander Larsson
b269969216 conmon: Don't use fixed size string buffers
We build paths using g_build_filename and g_strdup_printf() instead
which means we don't have any arbitrary pathname lenght issue, and
the code becomes cleaner.

We also convert asprintf to g_strdup_printf so that we can use
the glib OOM checker instead of open coding it everywhere.

Signed-off-by: Alexander Larsson <alexl@redhat.com>
2017-06-22 16:09:27 +02:00
Alexander Larsson
a7c61e4f9f conmon: Remove unused variables
Signed-off-by: Alexander Larsson <alexl@redhat.com>
2017-06-22 16:09:27 +02:00
Alexander Larsson
215ef485df conmon: Add add_argv() helper
This makes adding the arguments to runtime_argv somewhat nicer.

Signed-off-by: Alexander Larsson <alexl@redhat.com>
2017-06-22 16:09:27 +02:00
Alexander Larsson
6aa1075ab6 conmon: Add (and use) get_pipe_fd_from_env helper
This avoids duplicating this code in two places.

Signed-off-by: Alexander Larsson <alexl@redhat.com>
2017-06-22 16:09:27 +02:00
Alexander Larsson
4838d6eb80 conmon: Rename all commandline option variables opt_*
This makes it easier to figure out where they come from

Signed-off-by: Alexander Larsson <alexl@redhat.com>
2017-06-22 16:09:27 +02:00
Mrunal Patel
791d646695 Merge pull request #620 from alexlarsson/conmon-cleanup-exitsync
conmon: Clean up execsync
2017-06-22 07:07:37 -07:00
Antonio Murdaca
6035cff9e4
server: standardize on naming
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2017-06-22 11:55:03 +02:00
Alexander Larsson
81cb788004 conmon: Clean up execsync
This moves the timeout handling from the go code to conmon, whic
removes some of the complexity from criod, and additionally it will
makes it possible to do the double-fork in the exec case too.

Signed-off-by: Alexander Larsson <alexl@redhat.com>
2017-06-21 21:03:17 +02:00
Mrunal Patel
db337699f2 test: Tighten the grep for logging with tty
This tests that our ONLCR takes effect as we match \r\n
in the logs

Signed-off-by: Mrunal Patel <mpatel@redhat.com>
2017-06-21 10:10:16 -07:00
Antonio Murdaca
774c47d00c Merge pull request #615 from mrunalp/test_creation_failure
test: Ensure we get error messages back on creation failure
2017-06-21 11:34:23 +02:00
Antonio Murdaca
5dcbdc05e5 Merge pull request #613 from mrunalp/bump_1_alpha_0
version: Bump up version to 1.0.0-alpha.0
2017-06-21 00:36:24 +02:00
Mrunal Patel
3b3a2929e1 test: Ensure we get error messages back on creation failure
Signed-off-by: Mrunal Patel <mrunalp@gmail.com>
2017-06-20 15:07:34 -07:00
Mrunal Patel
b82df188c6 version: Bump up version to 1.0.0-alpha.0
Signed-off-by: Mrunal Patel <mpatel@redhat.com>
2017-06-20 09:48:12 -07:00
Mrunal Patel
88037b143b Merge pull request #583 from alexlarsson/conmon-reap-zombies
conmon: Don't leave zombies and fix cgroup race
2017-06-20 07:53:52 -07:00
Alexander Larsson
d57ad7af3d RunUnderSystemdScope: Wait until scope is started before we return
We need to do this, because otherwise we will continue and exit the
pid before systemd has a chance to look at it.

Signed-off-by: Alexander Larsson <alexl@redhat.com>
2017-06-20 13:56:03 +02:00
Alexander Larsson
72686c78b4 fixup! conmon: Don't leave zombies and fix cgroup race
Signed-off-by: Alexander Larsson <alexl@redhat.com>
2017-06-20 12:18:07 +02:00
Mrunal Patel
0413088ffb Merge pull request #612 from runcom/fixies-profiling
Fixies profiling + conflict run pod sandbox
2017-06-18 22:07:47 -07:00
Antonio Murdaca
94a457d46a
sandbox_run: need to stop sandbox before removing it on conflict
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2017-06-18 11:42:07 +02:00
Antonio Murdaca
20e11e3b90
cmd: crio: enable remote profiler
This patch also hides the profile under the debug flag as there's
runtime cost to enable the profiler.
This removes the old way of profiling (CPU) as that's not really
needed.

Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2017-06-18 11:42:04 +02:00
Antonio Murdaca
b01a7719cb Merge pull request #609 from mrunalp/minor_fixes
Add missing error checks and simplify bool check
2017-06-17 13:48:15 +02:00
Antonio Murdaca
5fc6a0098c Merge pull request #611 from mrunalp/fix_irc_channel
travis: Fix the IRC channel
2017-06-17 10:53:07 +02:00
Mrunal Patel
8fb98a7a73 travis: Fixup the IRC channel
Signed-off-by: Mrunal Patel <mpatel@redhat.com>
2017-06-16 16:27:03 -07:00
Mrunal Patel
bd40bbc30b Add missing error checks and simplify bool check
Signed-off-by: Mrunal Patel <mpatel@redhat.com>
2017-06-16 15:49:16 -07:00
Mrunal Patel
784d03809e Merge pull request #530 from runcom/fix-mounts-leak
server: adhere to CRI for sandbox stop/remove
2017-06-16 15:10:41 -07:00
Mrunal Patel
d2aa49a87b Merge pull request #603 from runcom/test-calico
test: add a test for /etc/resolv.conf in rw/ro mode
2017-06-16 12:16:55 -07:00
Antonio Murdaca
8b4e3036ea
test: add a test for /etc/resolv.conf in rw/ro mode
This patch isn't adding a test for /etc/hosts as that requires host
network and we don't want to play with host's /etc/hosts when running
make localintegration on our laptops. That may change in the future
moving to some sort of in-container testing.

Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2017-06-16 11:01:12 +02:00
Antonio Murdaca
2014f0e14f Merge pull request #568 from mrunalp/fix_terminal_settings
conmon: Set ONLCR for console
2017-06-16 10:17:15 +02:00
Mrunal Patel
2212d34899 Merge pull request #598 from sameo/topic/cni
sandbox_remove: Do not error out when CNI tear down fails
2017-06-15 14:23:17 -07:00
Antonio Murdaca
9f68cb4507
server: adhere to CRI for sandbox stop/remove
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2017-06-15 23:08:30 +02:00
Mrunal Patel
5fb4c99884 Merge pull request #604 from runcom/kube-v1.6.5
vendor: update kube to v1.6.5
2017-06-15 12:07:16 -07:00
Mrunal Patel
2b8e3a0d0f Merge pull request #602 from runcom/busy-loop
oci: remove busy loop
2017-06-15 10:29:33 -07:00
Mrunal Patel
bfd1b83f51 conmon: Modify console terminal settings to match kube settings
We enable ONLCR on the console to match kube's terminal settings.

Signed-off-by: Mrunal Patel <mpatel@redhat.com>
2017-06-15 07:54:12 -07:00
Antonio Murdaca
e36a2a4c83
vendor: update kube to v1.6.5
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2017-06-15 15:20:25 +02:00
Alexander Larsson
af4fbcd942 conmon: Don't leave zombies and fix cgroup race
Currently, when creating containers we never call Wait on the
conmon exec.Command, which means that the child hangs around
forever as a zombie after it dies.

However, instead of doing this waitpid() in the parent we instead
do a double-fork in conmon, to daemonize it. That makes a lot of
sense, as conmon really is not tied to the launcher, but needs
to outlive it if e.g. the cri-o daemon restarts.

However, this makes even more obvious a race condition which we
already have. When crio-d puts the conmon pid in a cgroup there
is a race where conmon could already have spawned a child, and
it would then not be part of the cgroup. In order to fix this
we add another synchronization pipe to conmon, which we block
on before we create any children. The parent then makes sure the
pid is in the cgroup before letting it continue.

Signed-off-by: Alexander Larsson <alexl@redhat.com>
2017-06-15 14:20:40 +02:00
Antonio Murdaca
b9f3435bf6 Merge pull request #555 from sameo/topic/workload-trust
oci: Support mixing trusted and untrusted workloads
2017-06-15 13:01:34 +02:00
Antonio Murdaca
9e6359b6f7
oci: remove busy loop
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2017-06-15 12:22:32 +02:00
Samuel Ortiz
4462480e54 sandbox: Check for trusted annotations
If we get a kubelet annotation about the sandbox trust level, we use it
to toggle our sandbox trust flag.

Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
2017-06-15 10:04:41 +02:00
Samuel Ortiz
0e51bbb778 oci: Support mixing trusted and untrusted workloads
Container runtimes provide different levels of isolation, from kernel
namespaces to hardware virtualization. When starting a specific
container, one may want to decide which level of isolation to use
depending on how much we trust the container workload. Fully verified
and signed containers may not need the hardware isolation layer but e.g.
CI jobs pulling packages from many untrusted sources should probably not
run only on a kernel namespace isolation layer.

Here we allow CRI-O users to define a container runtime for trusted
containers and another one for untrusted containers, and also to define
a general, default trust level. This anticipates future kubelet
implementations that would be able to tag containers as trusted or
untrusted. When missing a kubelet hint, containers are trusted by
default.

A container becomes untrusted if we get a hint in that direction from
kubelet or if the default trust level is set to "untrusted" and the
container is not privileged. In both cases CRI-O will try to use the
untrusted container runtime. For any other cases, it will switch to the
trusted one.

Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
2017-06-15 10:04:36 +02:00
Mrunal Patel
7b9032bac7 Merge pull request #579 from alexlarsson/non-terminal-attach
Implement non-terminal attach
2017-06-14 21:45:44 -07:00
Mrunal Patel
29f7cd44d8 Merge pull request #599 from runcom/fix-calico
Fix calico
2017-06-14 16:25:42 -07:00
Alexander Larsson
7bb957bf75 Implement non-terminal attach
We use a SOCK_SEQPACKET socket for the attach unix domain socket, which
means the kernel will ensure that the reading side only ever get the
data from one write operation. We use this for frameing, where the
first byte is the pipe that the next bytes are for. We have to make sure
that all reads from the socket are using at least the same size of buffer
as the write side, because otherwise the extra data in the message
will be dropped.

This also adds a stdin pipe for the container, similar to the ones we
use for stdout/err, because we need a way for an attached client
to write to stdin, even if not using a tty.

This fixes https://github.com/kubernetes-incubator/cri-o/issues/569

Signed-off-by: Alexander Larsson <alexl@redhat.com>
2017-06-14 22:59:50 +02:00
Antonio Murdaca
00444753e7 Merge pull request #596 from mrunalp/ctr_create_debug
oci: Add debugs to print error message on create failure
2017-06-14 18:17:41 +02:00
Mrunal Patel
62c9caeb83 oci: Add debugs for container create failures
This makes it easier to debug container creation failures
by looking at cri-o logs.

Signed-off-by: Mrunal Patel <mpatel@redhat.com>
2017-06-14 07:33:07 -07:00
Mrunal Patel
6a79d25e8c lint: Increase lint timeout to 600 seconds
Signed-off-by: Mrunal Patel <mpatel@redhat.com>
2017-06-14 07:32:37 -07:00
Antonio Murdaca
0dfec710f2
container_create: net files must be ro when rootfs is ro
we were blindly applying RO mount options but net addons like calico
modify those files.
This patch sets RO only when container's rootfs is RO, same behavior as
docker.

Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2017-06-14 15:31:34 +02:00
Antonio Murdaca
d2e1d559b7
container_create: just mkdir on image's volumes
tmpfs'es can override whatever there's on the container rootfs. We just
mkdir the volume as we're confident kube manages volumes in container.
We don't need any tmpfs nor any complex volume handling for now.

Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2017-06-14 15:31:31 +02:00