Commit graph

2120 commits

Author SHA1 Message Date
Nalin Dahyabhai
1e1d6a512f Build with ostree
Build using a locally-built copy of ostree in testing setups.

Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
2017-07-24 13:03:07 -04:00
Dan Walsh
d76645680f Bump image, storage, and image-spec
Bump containers/image (pulling in its new dependency on ostree-go),
containers/storage, and updated image-spec.

This pulls in the OCI v1.0 specifications and code that allows us to
support 1.0 images.

Signed-off-by: Dan Walsh <dwalsh@redhat.com>
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
2017-07-24 13:01:54 -04:00
Mrunal Patel
5138691c3b Merge pull request #684 from giuseppe/fix-makefile-tests-rule
Makefile: do not rebuild tests every time "make" runs
2017-07-24 09:44:32 -07:00
Ryan Cole
4fe17ee16d Update libkpod New()
update libkpod's New() function to use a config struct, and update
server.New() to call into libkpod.New()

Signed-off-by: Ryan Cole <rcyoalne@gmail.com>
2017-07-24 10:35:39 -04:00
Ryan Cole
49ed4ab710 move reserve/release container name into libkpod
Signed-off-by: Ryan Cole <rcyoalne@gmail.com>
2017-07-24 10:35:31 -04:00
Ryan Cole
d625e0e468 move containerState to/from disk to libkpod
Signed-off-by: Ryan Cole <rcyoalne@gmail.com>
2017-07-24 10:35:20 -04:00
Giuseppe Scrivano
595b0557f3 conmon: use waitpid to wait for terminated processes
During my testing in OpenShift I've noticed that conmon leaves some
zombies processes.  The reason is that we are using
PR_SET_CHILD_SUBREAPER in conmon and runC forks a new process (runc
init) each time we start a container.  Using g_child_watch_add only on
the main runc process and on the container process is not enough as we
do not cleanup any other zombie process.

Since glib doesn't allow to catch SIGCHLD and to better integrate in the
existing code, catch it with signal(2) then raise a SIGUSR1 that glib
handles.

Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
2017-07-24 14:50:50 +02:00
Giuseppe Scrivano
55310f9a95 conmon: do not fail if waitpid is interrupted
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
2017-07-23 18:55:16 +02:00
Mrunal Patel
1aa0d5da86 Merge pull request #686 from sak0/dev
crioctl ctr stop: enable timeout input
2017-07-22 13:22:13 -07:00
Giuseppe Scrivano
a30f84906c Makefile: do not rebuild tests every time "make" runs
bin2img/checkseccomp/copyimg are file targets and should not be .PHONY.
This prevents to build them if not necessary.

Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
2017-07-22 11:37:24 +02:00
Mrunal Patel
c66c633b77 Merge pull request #682 from nalind/build-flags
Build all of our binaries with the same build tags
2017-07-21 19:23:16 -07:00
Nalin Dahyabhai
375ffaee03 Build all of our binaries with the same build tags
Build all of our binaries with the same build tags and the same LDFLAGS.
This means we add $(LDFLAGS) to bin2img, copyimg, and cri-o,
$(BUILDTAGS) to kpod, and both to crioctl and checkseccomp.

Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
2017-07-21 10:28:10 -04:00
Mrunal Patel
7b69d43198 Merge pull request #675 from 14rcole/sandbox-package
Move sandbox into its own package
2017-07-21 07:18:00 -07:00
Mrunal Patel
0e17bf4659 Merge pull request #648 from 14rcole/kpod-inspect
Implement `kpod inspect`
2017-07-21 07:12:08 -07:00
Mrunal Patel
b28b297d8e Merge pull request #680 from nalind/vfs-over-aufs
Force use of the "vfs" driver when testing on AUFS
2017-07-21 07:06:29 -07:00
Mrunal Patel
3a66d70632 Merge pull request #681 from nalind/apparmor-ci
Fix integration tests on systems with apparmor
2017-07-21 07:04:35 -07:00
CuiHaozhi
13fd708f04 crioctl ctr stop: enable timeout input
Signed-off-by: CuiHaozhi <cuihz@wise2c.com>
2017-07-21 09:48:22 -04:00
Ryan Cole
d50dba979e Move sandbox into its own package
If sandbox is in the same package as server, there will be a circular dependency when
kpod create is implemented

Signed-off-by: Ryan Cole <rcyoalne@gmail.com>
2017-07-21 08:15:55 -04:00
Ryan Cole
0d4305a261 Implement kpod inspect
kpod inspect allows the user to view low-level information about
containers and images

Signed-off-by: Ryan Cole <rcyoalne@gmail.com>
2017-07-21 08:11:27 -04:00
Nalin Dahyabhai
d1099a6cc5 Fix integration tests on systems with apparmor
When the integration test image is run on a system with apparmor
enabled, it needs binaries from the 'apparmor' package, so ensure that
it's always there.

Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
2017-07-20 17:32:18 -04:00
Nalin Dahyabhai
4ebcd650e0 Force use of the "vfs" driver when testing on AUFS
Basically none of the clever storage drivers will work when we're on top
of AUFS, so if we find ourselves in that situation when running tests,
default to storage options of "--storage-driver vfs".

Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
2017-07-20 17:29:38 -04:00
Mrunal Patel
3b295967f1 Merge pull request #636 from 14rcole/kpod-push
Add `kpod push` command
2017-07-20 12:44:21 -07:00
Ryan Cole
680f7a6106 Add kpod push command
Push an image to a specified location, such as to an atomic registry
or a local directory

Signed-off-by: Ryan Cole <rcyoalne@gmail.com>
2017-07-20 11:12:40 -04:00
Antonio Murdaca
ab1fef9e1f Merge pull request #667 from 14rcole/containerserver-state
move container state to libkpod
2017-07-20 16:42:31 +02:00
Antonio Murdaca
f8f9488e02 Merge pull request #673 from mrunalp/runtime_spec_v1
Update to OCI runtime spec v1.0.0
2017-07-20 14:33:01 +02:00
Ryan Cole
bd540ac94c Separate container state from sandbox state in server
Move container state data to libkpod, separate from the sandbox
data in server.  However, the move was structured such that sandbox
data could easily be moved over into libkpod in the future

Signed-off-by: Ryan Cole <rcyoalne@gmail.com>
2017-07-20 08:18:55 -04:00
Mrunal Patel
4128bbd7dc Bump up runtime-spec dependency to v1.0.0
Signed-off-by: Mrunal Patel <mpatel@redhat.com>
2017-07-19 21:38:05 -07:00
Mrunal Patel
0eb5cd527f Merge pull request #672 from 14rcole/find-godeps-fix
Fix bug in find-godeps
2017-07-19 16:15:52 -07:00
Mrunal Patel
a7c1745aa2 Merge pull request #643 from umohnani8/kpod_history
Add 'kpod history' command
2017-07-19 16:15:28 -07:00
Ryan Cole
1c820fb06f Fix bug in find-godeps
go list {{.Imports}} outputs imports as an array, and the leading
and trailing square brackets can get caught in the name of a package.
Add a pipe in the dependency command to remove the brackets

Signed-off-by: Ryan Cole <rcyoalne@gmail.com>
2017-07-19 16:49:22 -04:00
Mrunal Patel
115fea46cf Merge pull request #670 from sak0/dev
kpod images --digests output align
2017-07-19 12:42:57 -07:00
Mrunal Patel
093660ea68 Merge pull request #669 from 14rcole/sandbox-public
Refactor server sandbox
2017-07-19 12:42:13 -07:00
umohnani8
ad490708a4 Add 'kpod history' command
Signed-off-by: umohnani8 <umohnani@redhat.com>
2017-07-19 15:11:25 -04:00
Mrunal Patel
b4973e1006 Merge pull request #655 from rhatdan/cri-o
We need to support the name cri-o and crio for rpm and systemd
2017-07-19 10:18:44 -07:00
Ryan Cole
3ddf2efae2 Refactor server sandbox
Make sandbox struct and it methods public, and add accessor methods
for the struct fields

Signed-off-by: Ryan Cole <rcyoalne@gmail.com>
2017-07-19 08:53:45 -04:00
Daniel J Walsh
23c66c7bdf We need to support the name cri-o and crio for rpm and systemd
Adding these aliases will make it easier for users who forget to
use crio or cri-o.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
2017-07-19 07:29:36 -04:00
Antonio Murdaca
a82cc428a9 Merge pull request #664 from 14rcole/libkpod-containerserver
Decouple kubernetes-dependent and non-dependent parts of server
2017-07-19 13:29:26 +02:00
CuiHaozhi
8c3950ad6d kpod images --digests output align
Signed-off-by: CuiHaozhi <cuihz@wise2c.com>
2017-07-18 23:07:29 -04:00
Ryan Cole
64ad902480 Decouple kubernetes-dependent an non-dependent parts of server
Move non-kubernetes-dependent portions of server struct to libkpod.
So far, only the struct fields have been moved and not their dependent
functions

Signed-off-by: Ryan Cole <rcyoalne@gmail.com>
2017-07-18 14:23:50 -04:00
Mrunal Patel
2b18d58d60 Merge pull request #666 from tklauser/seccomp-x-sys-unix
Use Prctl() and associated constants from x/sys/unix
2017-07-18 09:58:40 -07:00
Antonio Murdaca
4d6ff0b414 Merge pull request #665 from 14rcole/imagespec-removal
Remove ImageSpec dependency from server
2017-07-18 16:54:11 +02:00
Tobias Klauser
92a51af7ba seccomp: use Prctl() from x/sys/unix
Use unix.Prctl() instead of manually reimplementing it using
unix.RawSyscall. Also use unix.SECCOMP_MODE_FILTER instead of locally
defining it.

Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2017-07-18 15:34:23 +02:00
Tobias Klauser
642f2bb70e vendor: update golang.org/x/sys
Update golang.org/x/sys to get newly added functions and constants which
will be used in successive commits.

Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2017-07-18 15:31:00 +02:00
Antonio Murdaca
e659280298 Merge pull request #652 from vbatts/kpod_info
kpod: info subcommand
2017-07-18 09:58:49 +02:00
Ryan Cole
f3efb850b7 Remove ImageSpec dependency from server
Signed-off-by: Ryan Cole <rcyoalne@gmail.com>
2017-07-17 16:21:56 -04:00
ab36ad50be
kpod: info subcommand
Design: The output of the `info` subcommand ought to be directly
consumable in a format like JSON or yaml.
The structure being a map of sorts.

Each subsection of information being an individual cluster under the
top-level, like platform info, debug, storage, etc.

Even if there are errors under the top level key, the value will be a
map with the key of "error" and the value as the message of the
`err.Error()`. In this way, the command always returns usable output.

Ideally there will be a means for anything that can register info to do
so independently from it being in the single info.go, so this approach
is having a typed signature for the function that gives info, but i'm
sure it could be better.

Current iteration of this outputs the following as a limited user:

```yaml
host:
  MemFree: 711307264
  MemTotal: 2096222208
  SwapFree: 2147479552
  SwapTotal: 2147479552
  arch: amd64
  cpus: 1
  os: linux
store:
  error: 'mkdir /var/run/containers/storage: permission denied'

```

and as root (`sudo kpod info -D`):

```yaml
debug:
  compiler: gc
  go version: go1.7.6
  goroutines: 3
host:
  MemFree: 717795328
  MemTotal: 2096222208
  SwapFree: 2147479552
  SwapTotal: 2147479552
  arch: amd64
  cpus: 1
  os: linux
store:
  ContainerStore:
    number: 1
  GraphDriverName: overlay2
  GraphRoot: /var/lib/containers/storage
  ImageStore:
    number: 1
```

And with the `--json --debug` flag:

```json
{
  "debug": {
    "compiler": "gc",
    "go version": "go1.7.6",
    "goroutines": 3
  },
  "host": {
    "MemFree": 709402624,
    "MemTotal": 2096222208,
    "SwapFree": 2147479552,
    "SwapTotal": 2147479552,
    "arch": "amd64",
    "cpus": 1,
    "os": "linux"
  },
  "store": {
    "ContainerStore": {
      "number": 1
    },
    "GraphDriverName": "overlay2",
    "GraphRoot": "/var/lib/containers/storage",
    "ImageStore": {
      "number": 1
    }
  }
}
```

Signed-off-by: Vincent Batts <vbatts@hashbangbash.com>
2017-07-17 14:23:53 -04:00
Mrunal Patel
3f70873aab Merge pull request #662 from rhatdan/master
Make the README.md more useful in links to man page documentation
2017-07-17 11:03:34 -07:00
Mrunal Patel
2fcc6d574b Merge pull request #663 from runcom/fix-arch-goos
oci: fix type mismatch on some platform/arch
2017-07-17 09:55:22 -07:00
Daniel J Walsh
d43e67ad00 Make the README.md more useful in links to man page documentation
This patch will allow people who go to the github page to easily read
man pages.

Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
2017-07-17 16:52:14 +00:00
Antonio Murdaca
47ea873253
oci: fix type mismatch on some platform/arch
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2017-07-17 15:31:19 +02:00