Commit graph

288 commits

Author SHA1 Message Date
Daniel J Walsh
6f81ec8c67 Default all container storage to /var/lib/containers/storage
containers/storage is defaulting to /var/lib/containers/storage
for image and containers storage.  It is also defaulting to
/var/run/containers/storage for all runtime.  The defaults
for CRI-O should match so that lots of other tools that use
containers/storage can share the same storage.

Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
2017-03-24 08:19:08 -04:00
Andrew Pilloud
54c176e336 storage: Support latest containers/image
Signed-off-by: Andrew Pilloud <andrewpilloud@igneoussystems.com>
2017-03-13 08:51:02 -07:00
Daniel J Walsh
cf5b0ae57f Deprecate --storage-option for --storage-opt
container-storage-setup (Formerly docker-storage-setup) is being converted to
run with container runtimes outside of docker.  Specifically we want to use it
with CRI-O/ocid.  It does not know anything about the container runtimes it
is generating options for, so it generates them based on the storage CLI of
docker.  I see no reason to have the storage option for ocid to be different
and we can just depracate the option for now.

Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
2017-02-25 09:09:50 -05:00
Aleksa Sarai
0d7147ff5c
make: revert switch to 'go install'
go install acts incredibly weirdly and rarely does what you want, not to
mention that it's just bad for distribution build setups. Switch back to
go build, which works properly and doesn't have half as many issues.

Fixes: 6c9628cdb1 ("Build and install from GOPATH")
Signed-off-by: Aleksa Sarai <asarai@suse.de>
2017-02-17 03:22:12 +11:00
Antonio Murdaca
9d085aef0a Merge pull request #356 from nalind/helpers
Minor tweaks to test helpers
2017-02-04 15:18:27 +01:00
Nalin Dahyabhai
ff5c485e7f Make sure we don't read a host ocid.conf in tests
When generating an ocid.conf for use when running tests, make sure we
don't pick up any defaults from an installed copy of ocid by forcing our
copy to read /dev/null as its configuration file.

Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
2017-02-03 17:19:29 -05:00
Nalin Dahyabhai
5a89d5381d Wait when restarting ocid during tests
When we restart ocid as part of a test, wait for the daemon to exit when
we send it a SIGTERM, just as we do when we try to stop it for good.

Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
2017-02-03 17:18:26 -05:00
Antonio Murdaca
dfa93414c5 Merge pull request #352 from mrunalp/deps
Switch to github.com/golang/dep for vendoring
2017-02-02 18:32:44 +01:00
Mrunal Patel
d0464b11e2 Merge pull request #348 from runcom/fix-imageid-lookup
storage: fix image retrieval by id
2017-02-01 09:05:36 -08:00
Mrunal Patel
8e5b17cf13 Switch to github.com/golang/dep for vendoring
Signed-off-by: Mrunal Patel <mrunalp@gmail.com>
2017-01-31 16:45:59 -08:00
Nalin Dahyabhai
893593272f Use build tags for bin2img and copyimg
Use the same build tags for bin2img and copyimg that we use for ocid,
and improve detection of the case where we need to use the
"libdm_no_deferred_remove" tag.

Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
2017-01-31 11:57:19 -05:00
Antonio Murdaca
2202c1a460
storage: fix image retrieval by id
kubelet sends a request to create a container with an image ID (as
opposed as an image name). That ID comes from the ImageStatus response.
This patch fixes that by setting the image ID as well as the image name
and fix the login to lookup for image ID as well.

Found while running `make test-e2e-node`.

Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2017-01-31 16:32:30 +01:00
Samuel Ortiz
5569f8b2e1
test: Update and organize README
Document the alternate runtime selection when running integratiom
tests on the host, and at the same time rganize the file a little
better.

Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
2017-01-26 23:21:12 +01:00
Samuel Ortiz
5f0238032f
test: Specify alternate container runtime
When running integration tests on the host, we can now specify
an alternate runtime by setting the RUNTIME variable. For example:

make localintegration RUNTIME=cc-oci-runtime

to use Clear Containers instead of runC.

Obviously, runC is still the default.

Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
2017-01-26 23:21:09 +01:00
Nalin Dahyabhai
ebe86effe2 Pass --signature-policy to copyimg
When calling copyimg to pull down an image in the integration tests,
don't forget to pass in the test signature policy.

Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
2017-01-26 14:01:47 +01:00
Daniel J Walsh
9c61688098 Default type for containers is not container_t
We usually specify MCS Labels as comma separated pair.
Finally if we run two different containers we want them on different
MCS labels.

Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
2017-01-25 22:11:30 +01:00
Antonio Murdaca
5d86f1f110
test: enable tests in Travis
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2017-01-19 19:14:46 +01:00
Antonio Murdaca
25d40b6927
test: use checkseccomp to test if seccomp is supported
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2017-01-19 18:51:47 +01:00
Antonio Murdaca
0d37c41521
test: add a custom binary to reliable check seccomp support
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2017-01-19 18:51:47 +01:00
Antonio Murdaca
f1f5c635d2
test: change location of the test image
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2017-01-19 18:51:47 +01:00
Nalin Dahyabhai
aeea656581 Limit implicit image pulling to the pause image
The CRI doesn't expect us to implicitly pull an image if it isn't
already present before we're asked to use it to create a container, and
the tests no longer depend on us doing so, either.

Limit the logic which attempts to pull an image, if it isn't present, to
only pulling the configured "pause" image, since our use of that image
for running pod sandboxes is an implementation detail that our clients
can't be expected to know or care about.  Include the name of the image
that we didn't pull in the error we return when we don't pull one.

Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
2017-01-18 10:23:30 -05:00
Nalin Dahyabhai
925806b8fa Add and use copyimg for caching images for tests
Add a basic tool for copying images from one location to another,
optionally adding a name if it's to local storage.  Ideally we could use
skopeo for this, but we don't want to build it.

Use it to initially populate the test/testdata/redis-image directory, if
it's not been cleaned out, with a copy of "docker://redis:latest", and
to copy it in to the storage that ocid is using before we start up ocid.

Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
2017-01-18 10:23:30 -05:00
Nalin Dahyabhai
636d5d8e9a Add and use bin2img for creating images for tests
Add tests which exercise image pulling, listing, and removal.  When running
tests, prepopulate the store with an image with the default infrastructure
container's name, using the locally-built "pause" binary, so that tests won't
have to pull it down from the network.

Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
2017-01-18 10:23:30 -05:00
Nalin Dahyabhai
c0333b102b Integrate containers/storage
Use containers/storage to store images, pod sandboxes, and containers.
A pod sandbox's infrastructure container has the same ID as the pod to
which it belongs, and all containers also keep track of their pod's ID.

The container configuration that we build using the data in a
CreateContainerRequest is stored in the container's ContainerDirectory
and ContainerRunDirectory.

We catch SIGTERM and SIGINT, and when we receive either, we gracefully
exit the grpc loop.  If we also think that there aren't any container
filesystems in use, we attempt to do a clean shutdown of the storage
driver.

The test harness now waits for ocid to exit before attempting to delete
the storage root directory.

Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
2017-01-18 10:23:30 -05:00
Antonio Murdaca
00e6832715 Merge pull request #320 from jawnsy/build-with-go-install
Build with go install
2017-01-18 00:06:13 +01:00
Mrunal Patel
e785e3e07f Remove host ping test
Signed-off-by: Mrunal Patel <mpatel@redhat.com>
2017-01-17 13:43:23 -08:00
Jonathan Yu
6c9628cdb1
Build and install from GOPATH
* Rename 'vendor/src' -> 'vendor'
  * Ignore vendor/ instead of vendor/src/ for lint
* Rename 'cmd/client' -> 'cmd/ocic' to make it 'go install'able
* Rename 'cmd/server' -> 'cmd/ocid' to make it 'go install'able
* Update Makefile to build and install from GOPATH
* Update tests to locate ocid/ocic in GOPATH/bin
* Search for binaries in GOPATH/bin instead of PATH
* Install tools using `go get -u`, so they are updated on each run

Signed-off-by: Jonathan Yu <jawnsy@redhat.com>
2017-01-17 12:09:09 -08:00
Samuel Ortiz
ce54c1e5e9
test: Do not hardcode runc specific output
"executable file not found in" is part of a runc
specific output when 'runc exec' fails.
This prevents the execsync failure to pass when running
ocid with other runtimes than runc.

Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
2017-01-14 02:02:45 +01:00
Samuel Ortiz
8e1af3668a
test: Fix networking helpers indentation
Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
2016-12-21 12:26:18 +01:00
Samuel Ortiz
b6455253c2
test: Add host pod ping test
We create a pod with host networking and we try to ping
it from the host.

Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
2016-12-21 12:24:37 +01:00
Samuel Ortiz
5273bef5d2
test: Add a inter pod ping networking test
We create 2 pods in 2 different networking namespace and
we check if we can ping one from the other.

Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
2016-12-21 11:28:33 +01:00
Samuel Ortiz
b97a57c006
test: Skip networking tests if CNI plugins are missing
If the CNI binaries (bridge and host-local) are not installed,
we skip the tests.

Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
2016-12-20 12:50:23 +01:00
Samuel Ortiz
4c702fb60c
test: Add 2 basic networking tests
We create temporary CNI networking configurations and run 2
functional tests:

- Verify that the networking namespace interface has a valid CIDR
- Ping the networking namespace interface from the host

Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
2016-12-20 12:50:20 +01:00
Mrunal Patel
a418ef8dc2 Fixup cgroup in test sandbox config
Signed-off-by: Mrunal Patel <mpatel@redhat.com>
2016-12-16 13:33:38 -08:00
Antonio Murdaca
e1054cf28e
cmd/client: move pod create to pod run
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2016-12-14 18:15:37 +01:00
Antonio Murdaca
4bb0830c37 Merge pull request #239 from xlgao-zju/reload-apparmor-profile
reload default apparmor profile if it is unloaded
2016-12-13 11:10:26 +01:00
Antonio Murdaca
f22dc5244f
test: add restart ocid with pod stopped test
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2016-12-09 11:56:25 +01:00
Mrunal Patel
0e1db291b6 Merge pull request #251 from sameo/topic/bats
test: Add a pod remove idempotent test
2016-12-08 16:20:41 -08:00
Mrunal Patel
7a6213c3ef Merge pull request #248 from sameo/topic/config.json
testdata: Add missing closed curly
2016-12-08 16:12:02 -08:00
Samuel Ortiz
d701009264
test: Add a pod remove idempotent test
Test if we can remove a pod several times without
generating an error.

Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
2016-12-09 00:43:25 +01:00
Samuel Ortiz
c55d9a5da6
testdata: Add missing closed curly
Typo introduced by PR #244.

Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
2016-12-09 00:11:16 +01:00
fd7a052023
testdata: fix invalid json doc
Signed-off-by: Vincent Batts <vbatts@hashbangbash.com>
2016-12-08 15:23:24 -05:00
Samuel Ortiz
5d8537f270
testdata: sandbox ns options should be under security_context
And not directly under linux.

Fixes #243

Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
2016-12-08 18:09:28 +01:00
Xianglin Gao
cb5ed1ce9d reload default apparmor profile if it is unloaded
Signed-off-by: Xianglin Gao <xlgao@zju.edu.cn>
2016-12-07 20:19:29 +08:00
Mrunal Patel
a4021ba179 Merge pull request #235 from runcom/fix-state
server: sync ctr state before checking it
2016-12-06 09:42:43 -08:00
Antonio Murdaca
1b2d4f3d60
server: sync ctr state before checking it
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2016-12-06 12:39:38 +01:00
Antonio Murdaca
f2b4fda554
server: fix ctr filter by truncated id
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2016-12-06 12:16:34 +01:00
Antonio Murdaca
e7492ca12f
server: fix pod filter by truncated id
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2016-12-06 12:16:30 +01:00
Antonio Murdaca
15f23bc6ac
test: fix apparmor detection
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2016-12-06 12:10:32 +01:00
Xianglin Gao
4f323377ee add apparmor build tag and update readme
Signed-off-by: Xianglin Gao <xlgao@zju.edu.cn>
2016-12-06 11:51:15 +08:00
Xianglin Gao
bec3c3e2aa add test cases
Signed-off-by: Xianglin Gao <xlgao@zju.edu.cn>
2016-12-01 21:42:13 +08:00
Antonio Murdaca
78ee03a8fc
add seccomp support
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2016-11-28 22:05:34 +01:00
Mrunal Patel
d12c4b68ac Merge pull request #212 from runcom/execsync-fix
execsync: return proper error description
2016-11-24 08:28:45 -08:00
HaoZhang
bdd817d002 add test for sysctls
Signed-off-by: HaoZhang <crazykev@zju.edu.cn>
2016-11-24 20:32:33 +08:00
Antonio Murdaca
cbe2a68ce5
execsync: return proper error description
The gprc execsync client call doesn't populate `ExecSyncResponse` on
error at all. You just get an error.
This patch modifies the code to include command's streams, exit code
and error direcly into the error. `ocic` will then print useful
infomation in the cli, otherwise it won't.

Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2016-11-24 12:11:04 +01:00
Mrunal Patel
3e415d0c2f Add test for exec sync
Signed-off-by: Mrunal Patel <mpatel@redhat.com>
2016-11-21 13:16:36 -08:00
HaoZhang
018c4db06d add test for container/pod metadata in status/list APIs
Signed-off-by: HaoZhang <crazykev@zju.edu.cn>
2016-11-02 00:37:40 +08:00
Mrunal Patel
2be40e0a31 Add tests for pod filtering
Signed-off-by: Mrunal Patel <mpatel@redhat.com>
2016-10-17 12:51:21 -07:00
Dan Walsh
488216f57b Make sure selinuxenabled exists before executing it
Signed-off-by: Dan Walsh <dwalsh@redhat.com>
2016-10-17 08:48:14 -04:00
Dan Walsh
04807d586a Setup proper labeling for running test with selinux
The rootfs that gets created needs to have an SELinux label that containers
can write to.  Until they get native storage support, this patch will
force the entire storage pool to be labeled in such a way that confined
containers can read/write/execute the content.

Signed-off-by: Dan Walsh <dwalsh@redhat.com>
2016-10-14 17:29:20 -04:00
Mrunal Patel
e1a4b71478 Add more tests for label filtering
Signed-off-by: Mrunal Patel <mpatel@redhat.com>
2016-10-14 12:06:10 -07:00
Mrunal Patel
1d58bc8eae Add a test for label filtering
Signed-off-by: Mrunal Patel <mpatel@redhat.com>
2016-10-14 09:58:09 -07:00
Mrunal Patel
1bb79c9bbb Add a test for container list filtering
Signed-off-by: Mrunal Patel <mpatel@redhat.com>
2016-10-13 12:40:07 -07:00
Antonio Murdaca
8a9395964e
server/sandbox: fix add/release pod/ctr ids and names
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2016-10-13 18:48:23 +02:00
Aleksa Sarai
9fb23bf0dc
ocid: add config subcommand
This subcommand is so that users can get a nice commented version of the
ocid configuration file. This comes from the "current" version of the
configuration (allowing somone to get their custom configuration as a
file). It also has a --default option.

In addition, update the tests to use `ocid config` so that we test this
setup (the loading and saving of the options).

Signed-off-by: Aleksa Sarai <asarai@suse.de>
2016-10-11 21:21:58 +11:00
Aleksa Sarai
3f48986ea0
cmd: switch to --connect and --listen flags
Signed-off-by: Aleksa Sarai <asarai@suse.de>
2016-10-11 03:09:59 +11:00
Antonio Murdaca
9b72f29b72
fixups for tests
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2016-10-08 14:57:45 +02:00
Antonio Murdaca
e0364ec633
add containers restore test
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2016-10-08 14:46:39 +02:00
Mike Brown
5ac01ec8f3 removing mount from test/testdata/container_redis.json
Signed-off-by: Mike Brown <brownwm@us.ibm.com>
2016-10-07 12:32:11 -05:00
Mrunal Patel
d4a09fd5c8 Merge pull request #93 from cyphar/dockerless-pause-rootfs
Dockerless pause rootfs
2016-10-03 10:06:04 -07:00
Aleksa Sarai
bac579a9e5
server: create pause rootfs manually without Docker
This lessens the Docker requirement for creating sandboxes (with the
requirement only existing for the actual image pulling that is done when
adding a container to a pod). The interface was chosen to match the
--conmon interface, so that the location of the pause binary can be
chosen by a user.

Signed-off-by: Aleksa Sarai <asarai@suse.de>
2016-10-02 20:11:07 +11:00
Aleksa Sarai
498d2d602e
test: add more debugging output
In several places, we previously didn't output the $output of the
failing command, leading to confusion when debugging. A proper fix is to
alias oci{c,d} in helpers.sh like runC does, but that can come later.

Signed-off-by: Aleksa Sarai <asarai@suse.de>
2016-10-02 19:13:00 +11:00
Mrunal Patel
23858b7ed6 Add pod list and ctr list calls to ctr lifecycle test
Signed-off-by: Mrunal Patel <mrunalp@gmail.com>
2016-09-30 12:24:16 -07:00
Mrunal Patel
a2c2d0d6f1 Add container lifecycle test
Signed-off-by: Mrunal Patel <mrunalp@gmail.com>
2016-09-29 13:33:47 -07:00
Dan Walsh
f51c98b057 Install conmon in /usr/libexec/ocid/conmon
Signed-off-by: Dan Walsh <dwalsh@redhat.com>
2016-09-29 08:55:12 -04:00
Mrunal Patel
c647c908a2 Add a test for pod remove
Signed-off-by: Mrunal Patel <mrunalp@gmail.com>
2016-09-28 13:15:57 -07:00
Antonio Murdaca
17ae9d5d01 Merge pull request #72 from mrunalp/ctr_remove_stop
Stop container first if it is running on RemoveContainer
2016-09-28 22:03:57 +02:00
Mrunal Patel
52ff9e46dc Add a test for ctr remove
Signed-off-by: Mrunal Patel <mrunalp@gmail.com>
2016-09-28 12:54:57 -07:00
Mrunal Patel
189b642908 Remove unnecessary sleep from tests
Signed-off-by: Mrunal Patel <mrunalp@gmail.com>
2016-09-28 12:16:10 -07:00
Mrunal Patel
fd91998ef3 Fix the test by removing sleep and ensuring cleanup
Signed-off-by: Mrunal Patel <mrunalp@gmail.com>
2016-09-27 11:46:16 -07:00
Antonio Murdaca
77c40487de
test: suggests sudo make localintegration
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2016-09-27 14:23:07 +02:00
Antonio Murdaca
22cd20e705
test: fix readme and sleep just 1
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2016-09-27 10:46:50 +02:00
Antonio Murdaca
ab8b65b09e
test: cleanup pods at test teardown
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2016-09-27 10:46:50 +02:00
Antonio Murdaca
3ddf3f21c1
test: fix and add tests
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2016-09-27 10:42:53 +02:00
Mrunal Patel
4606f2a61a Fix the build for ocid to cri-o rename
Signed-off-by: Mrunal Patel <mrunalp@gmail.com>
2016-09-26 16:55:12 -07:00
Antonio Murdaca
8f2744785e
test: add README.md
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2016-09-24 09:59:27 +02:00
Antonio Murdaca
aebd365cf4
test: tweak halpers
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2016-09-24 00:38:06 +02:00
Antonio Murdaca
5fb0252fd2
add tests skeleton
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2016-09-24 00:37:07 +02:00