Commit graph

1091 commits

Author SHA1 Message Date
Alexander Larsson
7bb957bf75 Implement non-terminal attach
We use a SOCK_SEQPACKET socket for the attach unix domain socket, which
means the kernel will ensure that the reading side only ever get the
data from one write operation. We use this for frameing, where the
first byte is the pipe that the next bytes are for. We have to make sure
that all reads from the socket are using at least the same size of buffer
as the write side, because otherwise the extra data in the message
will be dropped.

This also adds a stdin pipe for the container, similar to the ones we
use for stdout/err, because we need a way for an attached client
to write to stdin, even if not using a tty.

This fixes https://github.com/kubernetes-incubator/cri-o/issues/569

Signed-off-by: Alexander Larsson <alexl@redhat.com>
2017-06-14 22:59:50 +02:00
Antonio Murdaca
e3170caa2e Merge pull request #593 from sameo/topic/cni
tutorial: Fix CNI plugins URL
2017-06-13 16:59:07 +02:00
Mrunal Patel
bca3f6262a Merge pull request #590 from apilloud/ipv6only
server: add --bind-address flag
2017-06-13 07:42:02 -07:00
Samuel Ortiz
9074d57439 tutorial: Fix CNI plugins URL
And make it clear that we're building the plugins and not only the core
library.

Fixes #592

Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
2017-06-13 16:12:07 +02:00
Andrew Pilloud
c77b5fbea8 Add stream-address and stream-port flags to crio
Signed-off-by: Andrew Pilloud <andrewpilloud@igneoussystems.com>
2017-06-12 16:12:36 -07:00
Antonio Murdaca
67306aff8f Merge pull request #588 from mrunalp/update_roadmap
readme: Update the roadmap to reflect current status
2017-06-13 00:23:47 +02:00
Mrunal Patel
b347a50fa4 Merge pull request #589 from sameo/topic/cni
contrib/cni: Fix README link
2017-06-12 14:59:02 -07:00
Samuel Ortiz
0fb682641b contrib/cni: Fix README link
The CNI plugins are now living in a repo of their own.

Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
2017-06-12 23:14:35 +02:00
Mrunal Patel
0f4aeef288 readme: Update the roadmap to reflect current status
Signed-off-by: Mrunal Patel <mpatel@redhat.com>
2017-06-12 10:58:51 -07:00
Mrunal Patel
2a6db15113 Merge pull request #584 from runcom/start-failed
adjust status on container start failure
2017-06-12 07:26:22 -07:00
Antonio Murdaca
b211061016
copy using bytes pools
Vendor and use docker/pkg/pools.
pools are used to lower the number of memory allocations and reuse buffers when
processing large streams operations..

The use of pools.Copy avoids io.Copy's internal buffer allocation.
This commit replaces io.Copy with pools.Copy to avoid the allocation of
buffers in io.Copy.

Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2017-06-12 12:53:23 +02:00
Antonio Murdaca
0b2f6b5354
adjust status on container start failure
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2017-06-12 12:48:50 +02:00
Mrunal Patel
86a35a1c12 Merge pull request #581 from runcom/readme-irc
README.md: add communication paragraph
2017-06-09 14:52:48 -07:00
Mrunal Patel
b8130b6852 Merge pull request #582 from runcom/fix-logrus
sandbox_status: Infof->Debugf response
2017-06-09 14:18:00 -07:00
Antonio Murdaca
3f56193a15 Merge pull request #577 from runcom/insecure-regisrties
*: support insecure registries
2017-06-09 20:31:43 +02:00
Antonio Murdaca
b5a10084dc
README.md: add communication paragraph
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2017-06-09 17:47:13 +02:00
Mrunal Patel
aab6b4e51c Merge pull request #580 from sameo/topic/ocicni
ocicni: Handle create and write events
2017-06-09 07:54:30 -07:00
Antonio Murdaca
cfec2c4cf4
sandbox_run: correct a defer
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2017-06-09 13:57:45 +02:00
Antonio Murdaca
e28540ca90
sandbox_status: Infof->Debugf response
This was cluttering the logs on my clusters. The log should be just in
debug mode as we do for every request/response flow.

Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2017-06-09 13:04:33 +02:00
Antonio Murdaca
952ae0db1c Merge pull request #571 from alexlarsson/conmon-glib-mainloop
conmon: Use glib mainloop instead of epoll
2017-06-09 12:03:56 +02:00
Samuel Ortiz
b480336dd7 ocicni: Handle create and write events
By only handling create events, we are breaking plugins that don't
create and write atomically, like weave for example.
The Weave plugin creates the file first and later write to it. We are
missing the second part and never see the final CNI config file.

Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
2017-06-09 10:19:26 +02:00
Antonio Murdaca
8b53fabcbd
*: support insecure registries
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2017-06-09 01:04:29 +02:00
Mrunal Patel
8441dca284 Merge pull request #574 from runcom/smarter-pull
image_pull: check image already pulled
2017-06-08 15:38:08 -07:00
Antonio Murdaca
77fc45e7bc Merge pull request #575 from runcom/unit-after-network-online
contrib: systemd: change After to network-online.target
2017-06-08 22:17:00 +02:00
Mrunal Patel
7cd0ab671d Merge pull request #572 from runcom/fix-processArgs
container_create: fix OCI processArgs assemblement
2017-06-08 11:41:43 -07:00
Alexander Larsson
fcac68bf27 conmon: Handle runc exiting before passing terminal fd
We don't want to block on accepting the terminal fd, because then
we can't detect if runc died before calling out to pass the terminal
fd. To handle this we spin the glib mainloop listening to both the
terminal accept fd and a child pid watch.

Signed-off-by: Alexander Larsson <alexl@redhat.com>
2017-06-08 19:29:52 +02:00
Alexander Larsson
4494d82cfe conmon: Use glib mainloop instead of epoll
Signed-off-by: Alexander Larsson <alexl@redhat.com>
2017-06-08 16:21:20 +02:00
Antonio Murdaca
3b545abf12
image_pull: check image already pulled
This is an optimization of our image pull code path. It's basically
how docker handles pulls as well. Let's be smart and check the image in
pull code path as well.
This also matches docker behavior which first checks whether we're
allowed to actually pull an image before looking into local storage.

Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2017-06-08 15:03:27 +02:00
Antonio Murdaca
65d4ac8fc2
container_create: fix OCI processArgs assemblement
This patch fixes the following command:

kubectl run -i --tty centos --image=centos -- sh

The command above use to fail with:

/usr/bin/sh: /usr/bin/sh: cannot execute binary file

That's because we were wrongly assembling the OCI processArgs.

Thanks @alexlarsson for spotting this.

This patch basically replicates what docker does when merging container
config and image config. It also replicates how docker sets processArgs
for the OCI runtime.

Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2017-06-08 11:48:11 +02:00
Antonio Murdaca
6a0aab40cb
contrib: systemd: change After to network-online.target
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2017-06-08 01:25:37 +02:00
Mrunal Patel
86b6856faf Merge pull request #573 from rhatdan/manpage
Add missing options from man page
2017-06-07 14:55:50 -07:00
Daniel J Walsh
6fec37d708 Add missing options from man page
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
2017-06-07 21:08:21 +00:00
Antonio Murdaca
45eee4caa8 Merge pull request #570 from mrunalp/detach
Detach
2017-06-07 19:46:21 +02:00
Antonio Murdaca
cb4c6004fc Merge pull request #564 from runcom/vndr-master
vendor: remove dep and use vndr
2017-06-07 10:24:59 +02:00
Mrunal Patel
d0486e542f Support detaching in CRI attach
Signed-off-by: Mrunal Patel <mpatel@redhat.com>
2017-06-06 20:49:54 -07:00
Mrunal Patel
6e53568d15 conmon: Close client on zero read from attach client
Signed-off-by: Mrunal Patel <mpatel@redhat.com>
2017-06-06 20:49:54 -07:00
Mrunal Patel
0b6f68479b utils: Add function to allow copying with detach
Signed-off-by: Mrunal Patel <mpatel@redhat.com>
2017-06-06 20:49:52 -07:00
Antonio Murdaca
148e72d81e
vendor: remove dep and use vndr
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2017-06-07 00:04:21 +02:00
Antonio Murdaca
16f44674a4
Makefile: exclude ./vendor from git-validation
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2017-06-07 00:04:15 +02:00
Mrunal Patel
7c56d20988 Merge pull request #567 from vbatts/tutorial
tutorial: pull the redis image first
2017-06-06 14:59:27 -07:00
Antonio Murdaca
3f7e8e9884 Merge pull request #546 from mrunalp/cri/attach
Attach
2017-06-06 22:43:06 +02:00
e63bace453
tutorial: pull the redis image first
Signed-off-by: Vincent Batts <vbatts@hashbangbash.com>
2017-06-06 16:00:36 -04:00
Mrunal Patel
8f5f7aa5e2 Add code to handle CRI attach
A goroutine is started to forward terminal resize requests
from the resize channel. Also, data is copied back/forth
between stdin, stdout, stderr streams and the attach socket
for the container.

Signed-off-by: Mrunal Patel <mpatel@redhat.com>
2017-06-06 07:36:52 -07:00
Mrunal Patel
1a6825758c conmon: Add control fifo for terminal resize handling
Signed-off-by: Mrunal Patel <mpatel@redhat.com>
2017-06-06 07:36:52 -07:00
Mrunal Patel
065f12490c conmon: Add unix domain socket for attach
Signed-off-by: Mrunal Patel <mpatel@redhat.com>
2017-06-06 07:36:52 -07:00
Mrunal Patel
5c383d13d2 conmon: Add info/warn to syslog as well
Signed-off-by: Mrunal Patel <mpatel@redhat.com>
2017-06-06 07:36:52 -07:00
Mrunal Patel
fee5291495 Merge pull request #563 from rhatdan/master
Need to be consistent in out nameing of OCI
2017-06-05 18:09:52 -07:00
Dan Walsh
4c48e13619 Need to be consistent in out nameing of Oci.
It should always be captitalized.

Signed-off-by: Dan Walsh <dwalsh@redhat.com>
2017-06-05 15:11:03 -04:00
Mrunal Patel
7f2a769f96 Merge pull request #559 from runcom/fix-net-tests-node-e2e-rhel
contrib: test: fix failing networking tests in RHEL
2017-06-04 15:31:00 -07:00
Antonio Murdaca
4369537d32
contrib: test: fix failing networking tests in RHEL
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2017-06-04 19:30:30 +02:00