Antonio Murdaca
4bb0830c37
Merge pull request #239 from xlgao-zju/reload-apparmor-profile
...
reload default apparmor profile if it is unloaded
2016-12-13 11:10:26 +01:00
Samuel Ortiz
0df8200e12
sandbox: Create a symbolic link to the networking namespace
...
In order to workaround a bug introduced with runc commit bc84f833,
we create a symbolic link to our permanent networking namespace so
that runC realizes that this is not the host namespace.
Although this bug is now fixed upstream (See commit f33de5ab4), this
patch works with pre rc3 runC versions.
We may want to revert that patch once runC 1.0.0 is released.
Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
2016-12-12 19:48:23 +01:00
Samuel Ortiz
4cab8ed06a
sandbox: Use persistent networking namespace
...
Because they need to prepare the hypervisor networking interfaces
and have them match the ones created in the pod networking
namespace (typically to bridge TAP and veth interfaces), hypervisor
based container runtimes need the sandbox pod networking namespace
to be set up before it's created. They can then prepare and start
the hypervisor interfaces when creating the pod virtual machine.
In order to do so, we need to create per pod persitent networking
namespaces that we pass to the CNI plugin. This patch leverages
the CNI ns package to create such namespaces under /var/run/netns,
and assign them to all pod containers.
The persitent namespace is removed when either the pod is stopped
or removed.
Since the StopPodSandbox() API can be called multiple times from
kubelet, we track the pod networking namespace state (closed or
not) so that we don't get a containernetworking/ns package error
when calling its Close() routine multiple times as well.
Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
2016-12-12 19:48:23 +01:00
Antonio Murdaca
430297dd81
store annotations and image for a container
...
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2016-12-12 11:12:03 +01:00
Xianglin Gao
ca7d5c77c2
Do not load ocid-default if configured apparmor profile is set up.
...
Signed-off-by: Xianglin Gao <xlgao@zju.edu.cn>
2016-12-12 15:55:17 +08:00
Antonio Murdaca
5a1605bad5
server: fix calls to logrus again
...
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2016-12-11 18:29:59 +01:00
Antonio Murdaca
d9edbe6817
Merge pull request #249 from mrunalp/dev_shm
...
Add support for pod /dev/shm that is shared by the pod ctrs
2016-12-09 09:46:27 +01:00
Mrunal Patel
868e18614a
Fix couple of lint issues
...
Signed-off-by: Mrunal Patel <mpatel@redhat.com>
2016-12-08 15:40:59 -08:00
Mrunal Patel
be29524ba4
Add support for pod /dev/shm that is shared by the pod ctrs
...
Signed-off-by: Mrunal Patel <mpatel@redhat.com>
2016-12-08 15:32:17 -08:00
Xianglin Gao
cb5ed1ce9d
reload default apparmor profile if it is unloaded
...
Signed-off-by: Xianglin Gao <xlgao@zju.edu.cn>
2016-12-07 20:19:29 +08:00
Xianglin Gao
26645c90ac
Make the profile configurable
...
Signed-off-by: Xianglin Gao <xlgao@zju.edu.cn>
2016-12-01 13:26:59 +08:00
Xianglin Gao
1f863846f5
add default apparmor profile
...
Signed-off-by: Xianglin Gao <xlgao@zju.edu.cn>
2016-12-01 13:26:59 +08:00
Antonio Murdaca
78ee03a8fc
add seccomp support
...
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2016-11-28 22:05:34 +01:00
Antonio Murdaca
02ec8754f5
Merge pull request #169 from cyphar/make-configurable
...
server: make more things configurable
2016-11-10 14:55:29 +01:00
Crazykev
87a83e14b0
return pod metadata in container list and status APIs
...
Signed-off-by: Crazykev <crazykev@zju.edu.cn>
2016-11-02 00:37:40 +08:00
Crazykev
54a022defb
restore pod annotations when restart ocid
...
Signed-off-by: Crazykev <crazykev@zju.edu.cn>
2016-11-01 13:49:21 +08:00
Aleksa Sarai
33f47d6a6b
server: make ImageStore configurable
...
It's a bit odd to have ImageStore be part of the config and yet we don't
allow people to modify it. However, leave it out of the commented
version because it's currently unused.
Signed-off-by: Aleksa Sarai <asarai@suse.de>
2016-10-31 23:26:42 +11:00
Mrunal Patel
c89157e45c
Merge pull request #176 from gao-feng/hidden-infra-container
...
store infra container in sandbox
2016-10-25 03:25:17 +00:00
Gao feng
78528d9bd1
store infra container in sandbox
...
infra container is used to implement the pod
sandbox, it should not be exported to user.
this patch stores infra container in sandbox
immediately, only the containers created by user
are stored into container store, this prevents user
from removing/stopping infra container incorrectly.
Signed-off-by: Gao feng <omarapazanadi@gmail.com>
2016-10-24 20:18:19 +08:00
HaoZhang
9c11cc7dba
make conmon inherit env from ocid
...
Signed-off-by: HaoZhang <crazykev@zju.edu.cn>
2016-10-23 19:22:27 +08:00
Mrunal Patel
e999610fd6
Merge pull request #115 from cyphar/toml-config
...
cmd: server: use TOML configuration file
2016-10-11 16:07:25 -07:00
Antonio Murdaca
be2b0cfa50
server/server: skip f no sandbox when restoring containers
...
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2016-10-12 00:36:34 +02:00
Crazykev
f6536bf30e
pod/container name should be released when create failed
...
Signed-off-by: Crazykev <crazykev@zju.edu.cn>
2016-10-11 20:19:51 +08:00
Aleksa Sarai
7bf5110b76
server: refactor to use Config struct
...
This paves the way for having a configuration file that is loaded rather
than everything being set via the command-line.
Signed-off-by: Aleksa Sarai <asarai@suse.de>
2016-10-11 03:10:32 +11:00
Antonio Murdaca
217d278623
server/server: check pods/ctrs directories before restore
...
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2016-10-08 14:46:39 +02:00
Antonio Murdaca
54d6ddb5af
server: containers restore
...
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2016-10-08 14:46:39 +02:00
Dan Walsh
be77b841fa
Add SELinux support to OCID
...
Signed-off-by: Dan Walsh <dwalsh@redhat.com>
2016-10-06 14:13:06 -04:00
Mrunal Patel
0482a4281a
Separate container IDs from container names
...
Signed-off-by: Mrunal Patel <mrunalp@gmail.com>
2016-10-04 16:57:12 -07:00
Mrunal Patel
3e19549232
Add name and id indexes for containers
...
Signed-off-by: Mrunal Patel <mrunalp@gmail.com>
2016-10-04 16:00:04 -07:00
Aleksa Sarai
bac579a9e5
server: create pause rootfs manually without Docker
...
This lessens the Docker requirement for creating sandboxes (with the
requirement only existing for the actual image pulling that is done when
adding a container to a pod). The interface was chosen to match the
--conmon interface, so that the location of the pause binary can be
chosen by a user.
Signed-off-by: Aleksa Sarai <asarai@suse.de>
2016-10-02 20:11:07 +11:00
Dan Walsh
f51c98b057
Install conmon in /usr/libexec/ocid/conmon
...
Signed-off-by: Dan Walsh <dwalsh@redhat.com>
2016-09-29 08:55:12 -04:00
Antonio Murdaca
4578cc93d1
server: fix panic when listing sandboxes
...
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2016-09-27 10:46:45 +02:00
Antonio Murdaca
f7d3f7a69a
Merge pull request #59 from mrunalp/pod_create_bug
...
Pod create bug
2016-09-27 09:13:40 +02:00
Mrunal Patel
4606f2a61a
Fix the build for ocid to cri-o rename
...
Signed-off-by: Mrunal Patel <mrunalp@gmail.com>
2016-09-26 16:55:12 -07:00
Mrunal Patel
78aae688e2
Add API to release Pod name when not required
...
Signed-off-by: Mrunal Patel <mrunalp@gmail.com>
2016-09-26 15:41:58 -07:00
Mrunal Patel
e1b8802848
Fix typo
2016-09-26 15:31:06 -07:00
Antonio Murdaca
857aaa7816
cmd/server: provide a flag to set ocid root dir
...
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2016-09-24 00:38:06 +02:00
Antonio Murdaca
e269cb8b7e
new vendoring
...
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2016-09-22 18:17:45 +02:00
Antonio Murdaca
32029aaba6
id and name indexes for pods
...
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2016-09-22 18:17:45 +02:00
Antonio Murdaca
b053e63995
restore server rewrite
...
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2016-09-19 19:57:50 +02:00
Antonio Murdaca
22d434c1e6
restructure and make lint
...
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2016-09-19 19:56:13 +02:00
Antonio Murdaca
53e76cc752
warn when cannot update container status on server init
...
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2016-09-19 19:51:03 +02:00
Antonio Murdaca
caae4b298a
create sandboxdir on server startup
...
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2016-09-19 19:51:03 +02:00
Antonio Murdaca
4fd1c583ad
sandboxes restore on server start
...
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2016-09-19 19:51:03 +02:00
Antonio Murdaca
35ef46f805
use an in memory store for containers
...
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2016-09-19 13:11:36 +02:00
Antonio Murdaca
158dfdfbda
server: locking around server components
...
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2016-09-17 16:10:35 +02:00
Mrunal Patel
bbe5325afc
Fix the build to account for the change in repository
...
Signed-off-by: Mrunal Patel <mrunalp@gmail.com>
2016-09-09 14:48:39 -07:00
Rajat Chopra
4cf737bb7d
add cni networking with noop plugin as default
...
Signed-off-by: Rajat Chopra <rchopra@redhat.com>
2016-09-09 14:41:03 -07:00
Mrunal Patel
0c386f74f9
Track container removal in state
...
Signed-off-by: Mrunal Patel <mrunalp@gmail.com>
2016-09-09 14:41:03 -07:00
Mrunal Patel
b01d9dcc10
Make the server process a reaper
...
Signed-off-by: Mrunal Patel <mrunalp@gmail.com>
2016-09-09 14:41:03 -07:00
Haiyan Meng
c2ee13d187
Implement CreateContainer
...
Signed-off-by: Haiyan Meng <hmeng@redhat.com>
2016-09-09 14:41:03 -07:00
Antonio Murdaca
c5d0f23e5a
server: ensure /var/lib/ocid/images exists
...
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2016-09-09 14:41:03 -07:00
Mrunal Patel
fc3b7b5aae
Setup the server as subreaper for child processes
...
Signed-off-by: Mrunal Patel <mrunalp@gmail.com>
2016-09-09 14:41:03 -07:00
Mrunal Patel
c13dbaf6ab
Further refactoring
...
Signed-off-by: Mrunal Patel <mrunalp@gmail.com>
2016-09-09 14:41:03 -07:00
Mrunal Patel
764f02ca11
Add container dir to oci
...
Signed-off-by: Mrunal Patel <mrunalp@gmail.com>
2016-09-09 14:41:03 -07:00
Mrunal Patel
ac1340488d
Refactor to add oci and util packages
...
Signed-off-by: Mrunal Patel <mrunalp@gmail.com>
Change the sandbox directory path
Signed-off-by: Mrunal Patel <mrunalp@gmail.com>
2016-09-09 14:41:03 -07:00
Haiyan Meng
819d76b6fd
Add first version of createPodSandbox
...
Signed-off-by: Haiyan Meng <hmeng@redhat.com>
2016-09-09 14:41:03 -07:00
Antonio Murdaca
06e013cd3d
*: abstractions and ImageService
...
plus some fix here and there
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2016-09-09 14:41:03 -07:00
Antonio Murdaca
713bbabc61
server,cmd: fix error handling
...
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2016-09-09 14:41:03 -07:00
Mrunal Patel
90a446e2a5
Import ocitools/generate library
...
Signed-off-by: Mrunal Patel <mrunalp@gmail.com>
2016-09-09 14:41:03 -07:00
Mrunal Patel
32876892fc
Refactor runtimeversion to be a command instead of option
...
Signed-off-by: Mrunal Patel <mrunalp@gmail.com>
2016-09-09 14:41:03 -07:00
Haiyan Meng
5c4a79543f
Add Server.Version and cmd/client test code
...
Signed-off-by: Haiyan Meng <hmeng@redhat.com>
2016-09-09 14:41:03 -07:00
Mrunal Patel
e93156e71e
Add stubs for server implementation
...
Signed-off-by: Mrunal Patel <mrunalp@gmail.com>
2016-09-09 14:41:03 -07:00