Commit graph

2257 commits

Author SHA1 Message Date
W. Trevor King
1262234531 conmon: Respect start-pipe read errors
Avoid:

  $ make clean && make conmon.o 2>&1
  rm -f conmon.o cmsg.o ../bin/conmon
  cc -std=c99 -Os -Wall -Wextra -I/usr/include/glib-2.0 -I/usr/lib64/glib-2.0/include -DVERSION=\"1.9.0-dev\" -DGIT_COMMIT=\""74cd1ec97c13a9784ce5e67a9e50e8977b5d2f38"\"   -c -o conmon.o conmon.c
  conmon.c: In function ‘main’:
  conmon.c:1175:3: warning: ignoring return value of ‘read’, declared with attribute warn_unused_result [-Wunused-result]
     read(start_pipe_fd, buf, BUF_SIZE);
     ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

by catching and exiting on any read errors.  A read error here would
be because the caller died before writing to the start pipe, and we
don't want to continue in those cases because it would reopen the
cgroup race discussed in af4fbcd9 (conmon: Don't leave zombies and fix
cgroup race, 2017-06-09, #583).  af4fbcd9 is where this line
originally landed, and it didn't have error checking then.

Signed-off-by: W. Trevor King <wking@tremily.us>
2018-02-23 11:25:29 -08:00
Daniel J Walsh
74cd1ec97c
Merge pull request #1359 from giuseppe/conmon-version
conmon: implement --version
2018-02-23 13:28:39 -05:00
Mrunal Patel
0b87fe448f
Merge pull request #1367 from runcom/fix-selinuxopt
Makefile: fix SELINUXOPT generation
2018-02-23 07:46:07 -08:00
Antonio Murdaca
7f82f9bbe8
Makefile: fix SELINUXOPT generation
This patch fixes selinuxopt generation as found in:

```
install /usr/sbin/selinuxenabled -D -m 644 crio.conf /etc/crio/crio.conf
```

The above is clearly wrong when installing the configuration because
`commmand -v` outputs the path of selinuxenabled as well, resulting in

/usr/bin/selinuxenabled -Z

This patch fixes that by just echoing the -Z as needed.

Issue introduced in
https://github.com/kubernetes-incubator/cri-o/pull/1363

Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2018-02-23 16:06:01 +01:00
Giuseppe Scrivano
6a23a293d7
conmon: add new option --version
Print the version and exit immediately.

Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
2018-02-23 09:41:48 +01:00
Giuseppe Scrivano
96a9afedf6
Makefile: split declarations to Makefile.inc
so that they can be reused by another Makefile

Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
2018-02-23 09:41:48 +01:00
Mrunal Patel
d30663558f
Merge pull request #1362 from wking/install-prerequisites
Makefile: Fix install.* prerequisites
2018-02-22 19:22:58 -08:00
Mrunal Patel
12d097da61
Merge pull request #1364 from wking/drop-man1-uninstall
Makefile: Drop man1 uninstall
2018-02-22 15:59:17 -08:00
Mrunal Patel
33f66195b0
Merge pull request #1363 from wking/do-not-hardcode-selinuxenabled-path
Makefile: Use 'command -v selinuxenabled' instead of hard-coded path
2018-02-22 15:58:49 -08:00
Mrunal Patel
5341430533
Merge pull request #1358 from runcom/master-netns-fix
netns fix
2018-02-22 14:31:27 -08:00
W. Trevor King
10bc4ec96b Makefile: Drop man1 uninstall
This should have happened in f4883dd2 (Makefile: do not install man1
files, 2017-11-08, #1129).  It may have been missed due to the
man1/man8 typo from e61c672a (Add missing man pages and bash
completions for kpod, 2016-12-02, #230).

Signed-off-by: W. Trevor King <wking@tremily.us>
2018-02-22 14:08:11 -08:00
W. Trevor King
fa6b189eb5 Makefile: Use 'command -v selinuxenabled' instead of hard-coded path
The hard-coded path landed in 488216f5 (Make sure selinuxenabled
exists before executing it, 2016-10-17, #154), but there's no need to
require that path.  Using 'command -v' (in POSIX [1]) supports anyone
who has selinuxenabled in their PATH.

[1]: http://pubs.opengroup.org/onlinepubs/9699919799/utilities/command.html

Signed-off-by: W. Trevor King <wking@tremily.us>
2018-02-22 13:54:34 -08:00
W. Trevor King
ada416b4e5 Makefile: Fix install.* prerequisites
Without this change, hitting these targets directly will fail.  For
example:

  $ make clean
  $ make MANDIR=/tmp install.man
  install  -d -m 755 /tmp/man5
  install  -d -m 755 /tmp/man8
  install  -m 644 docs/crio.conf.5 -t /tmp/man5
  install: cannot stat 'docs/crio.conf.5': No such file or directory
  make: *** [Makefile:150: install.man] Error 1

Signed-off-by: W. Trevor King <wking@tremily.us>
2018-02-22 13:32:54 -08:00
Antonio Murdaca
0fe2aa6e2f
sandbox_stop: close/remove the netns _after_ stopping the containers
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2018-02-22 17:28:23 +01:00
Antonio Murdaca
69257aa85c
sandbox net: set netns closed after actaully closing it
Umount/Remove below can go wrong and next calls to NetNsRemove would
trigger:

 481 Feb 22 14:37:35 ip-172-31-48-190.ec2.internal
atomic-openshift-node[88937]: E0222 14:37:35.291692   88937
remote_runtime.g     o:115] StopPodSandbox
"200a062985ebfda2bbdb1b5d724005d4a0c1be54f277a4de52f9f101d9c43db6" from
runtime service failed: rpc      error: code = Unknown desc = close
/var/run/netns/k8s_psql-1-tht5r_bingli328usyu727s_6a7b8edc-174d-11e8-9e8f-0a46c474dfe0_
0-dda1c649: file already closed

Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2018-02-22 17:28:14 +01:00
Antonio Murdaca
1c540236d1
Merge pull request #1324 from mrunalp/update_k8s
Update k8s
2018-02-22 09:52:14 +01:00
Antonio Murdaca
04779ea79f
Merge pull request #1349 from kubernetes-incubator/debug_exit_file_1.9
1.9: Add container id to exit file missing warning
2018-02-22 09:51:51 +01:00
Mrunal Patel
5f7ac28059 Update code for latest k8s
Signed-off-by: Mrunal Patel <mrunalp@gmail.com>
2018-02-21 11:03:56 -08:00
Mrunal Patel
69bce174ca
Merge pull request #1352 from runcom/bump-cimage-master
vendor: update c/image to handle text/plain from registries
2018-02-21 07:55:03 -08:00
W. Trevor King
c80cdedbee hooks: Use RFC 2119 for the hook configuration specification
Make this more like the runtime spec, using the RFC 2119 keywords for
both JSON-author and CRI-O requirements.  This also clarifies the
regular expression language (POSIX EREs), links to a JSON spec, and
tightens wording for the various matching criteria.

I think the hook-config format could be improved (versioning it, and
reusing the runtime-spec hook structure instead of renaming 'path' to
'hook', dropping 'timeout', etc.).  But I'm leaving that sort of thing
to future work.

Signed-off-by: W. Trevor King <wking@tremily.us>
2018-02-20 15:02:54 -08:00
W. Trevor King
72afb41544 hooks: Punt hook documentation to the runtime spec
No need to repeat the specification here, just link to the version we
generate.

Signed-off-by: W. Trevor King <wking@tremily.us>
2018-02-20 15:02:54 -08:00
W. Trevor King
37f136562b hooks: Remove backticks from CRI-O
These backticks landed with the rest of the hook docs in 139d0841 (Add
support for oci-hooks to libkpod, 2017-08-12, #562).  But "CRI-O" is
the project name, so it doesn't need backticks.  We would need
backticks if we used the executable filename "crio".

Signed-off-by: W. Trevor King <wking@tremily.us>
2018-02-20 10:21:53 -08:00
Mrunal Patel
0b4f49f6d7
Merge pull request #1354 from runcom/1.9.6-toml
releases: add v1.9.6.toml
2018-02-20 10:09:08 -08:00
Antonio Murdaca
d9dd4ce990
releases: add v1.9.6.toml
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2018-02-20 16:03:58 +01:00
Antonio Murdaca
af4585d655
Makefile: stub out ostree in unit tests
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2018-02-20 10:49:05 +01:00
Antonio Murdaca
d551ef4523
vendor: update c/image to handle text/plain from registries
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2018-02-19 18:53:21 +01:00
Antonio Murdaca
ca94095739
server: fsnotify on hooks
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2018-02-19 17:05:37 +01:00
Mrunal Patel
8a0fc5a963 Add container id to exit file missing warning
Signed-off-by: Mrunal Patel <mrunalp@gmail.com>
2018-02-16 16:28:42 -08:00
Antonio Murdaca
6de90e046a
Merge pull request #1348 from mrunalp/debug_exit_file
Add container id to exit file missing warning
2018-02-17 01:02:58 +01:00
Mrunal Patel
d4dd6566ee Add container id to exit file missing warning
Signed-off-by: Mrunal Patel <mrunalp@gmail.com>
2018-02-16 13:13:32 -08:00
Antonio Murdaca
4e6ed3d974
Merge pull request #1344 from mrunalp/1.9.5_release
release: Add v1.9.5
2018-02-16 16:28:18 +01:00
Antonio Murdaca
d6c32fa88e
server|cmd: refactor monitors chan
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2018-02-16 12:52:25 +01:00
Mrunal Patel
ffe436cb9d release: Add v1.9.5
Signed-off-by: Mrunal Patel <mrunalp@gmail.com>
2018-02-15 15:38:56 -08:00
Mrunal Patel
8f5e37a83c
Merge pull request #1249 from theatrus/add-container-stats
Add methods for listing and fetching container stats
2018-02-15 13:29:15 -08:00
Mrunal Patel
ea90be40c4
Merge pull request #1337 from nalind/fix-runasuser-cache
imageService: cache information about images
2018-02-15 11:22:33 -08:00
Mrunal Patel
125ec8a7bd image: Add lock around image cache access
Signed-off-by: Mrunal Patel <mrunalp@gmail.com>
2018-02-15 10:27:39 -05:00
Mrunal Patel
be23a54da4
Merge pull request #1335 from wking/wont-never
oci: Copy-edits for waitContainerStop chControl comment
2018-02-14 18:01:02 -08:00
W. Trevor King
db3962cbc9 oci: Copy-edits for waitContainerStop chControl comment
The old "won't never" was a potentially-confusing double negative.
This commit rewords the comment to avoid that issue and also lands
some other minor cleanups.

Signed-off-by: W. Trevor King <wking@tremily.us>
2018-02-14 16:58:10 -08:00
Nalin Dahyabhai
c53211eacd imageService: cache information about images
Cache information about images that isn't trivially read from them, so
that ImageStatus and particularly ListImages don't have to do
potentially-expensive things for every image that they report.

The cache is an in-memory map, and we prune it after ListImages has
assembled its result set.

Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
2018-02-14 14:41:03 -05:00
Mrunal Patel
fa8cedf981
Merge pull request #1328 from runcom/record-hostnetwork-snb
sandbox: record whether sb is using host network
2018-02-14 10:06:06 -08:00
Yann Ramin
9a86dbabc2 Add logging support for base condition in debug
Signed-off-by: Yann Ramin <atrus@stackworks.net>
2018-02-14 08:10:26 -08:00
Yann Ramin
a2fc41358a Simplify filter block
Signed-off-by: Yann Ramin <atrus@stackworks.net>
2018-02-14 08:10:26 -08:00
Yann Ramin
50c94a9335 Specifying a filter with no filtering expressions is now idempotent
Signed-off-by: Yann Ramin <atrus@stackworks.net>
2018-02-14 08:10:26 -08:00
Yann Ramin
14c1c70407 Add methods for listing and fetching container stats
This uses the previously unusued lib/stats.go code to return data
about container stats to the CRI API. Helpers have been built around
filtering based on the OCI API, and CPU stat reporting has been fixed.

No data on filesystem layer usage is returned at this time.

Fixes one-half of #1248

Signed-off-by: Yann Ramin <atrus@stackworks.net>
2018-02-14 08:10:13 -08:00
Antonio Murdaca
96fb47213e
container_create: correctly set user
We had a bug in ImageStatus where we weren't returning the default
image user if set, thus running all containers as root despite a user
being set in the image config. We weren't populating the Username field
of ImageStatus.
This patch fixes that along with the handling of multiple images based
on the registry patch for multiple images.
It also fixes ListImages to return Username as well.

Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2018-02-14 13:17:20 +01:00
Antonio Murdaca
4cc3d0a508
Merge pull request #1325 from wanghaoran1988/update_gitignore
Add some ide generated files to .gitignore
2018-02-13 13:17:27 +01:00
Antonio Murdaca
ab204b6641
sandbox: record whether sb is using host network
We need to record whether the sandbox is using hostnetwok because the
kubelet needs that information when computing pod changes. Without this
patch it could happen that a pod that's using host network is restarted
just because the sandbox's status isn't reporting that it's running
using host network.

Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2018-02-13 11:45:33 +01:00
Haoran Wang
508a202a69 Update .gitignore to add some ide generated files
Signed-off-by: Haoran Wang <haowang@redhat.com>
2018-02-13 15:53:04 +08:00
Mrunal Patel
9128ffc226
Merge pull request #1320 from runcom/hooks-from-ctr-annotations
Hooks from ctr annotations
2018-02-12 20:35:52 -08:00
Mrunal Patel
7310839369
Merge pull request #1321 from runcom/bump-runtime-tools-cap-fix
vendor: bump runtime-tools to fix caps drop handling
2018-02-12 12:15:40 -08:00