If an image that we're pulling from a registry has a digest in its
reference, use that to construct the destination image's reference.
This should help us detect cases where the image has previously been
pulled.
When we have a filter to use when listing images, expand it into a
reference so that we can properly match against names of images that
we've previously stored using fully expanded references.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
Now that we have support for split std{out,err}, make sure that execsync
will correctly handle the split stdio properly. In addition, extend the
ctr logging test to make sure that the regular container logging is also
split correctly. We can't test !terminal containers because we only have
a single console for both std{out,err}.
Signed-off-by: Aleksa Sarai <asarai@suse.de>
Previously we returned an internal error result when a program had a
non-zero exit code, which was incorrect. Fix this as well as change the
tests to actually check the "ExitCode" response from ExecSync (rather
than expecting ocic-ctr to return an internal error).
Signed-off-by: Aleksa Sarai <asarai@suse.de>
Since we no longer fall back to the noop plugin when
CNI configuration files are missing, and since the default
sandbox_config.json test file is running without host
networking, we must install the bridge and loopback
configuration files by default for tests to pass.
Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
The main purpose of these tests is to make sure that the log actually
contains output from the container. We don't test the timestamps or the
stream that's stated at the moment.
Signed-off-by: Aleksa Sarai <asarai@suse.de>
This is necessary, as otherwise ocid will use its own current directory
as a log_directory, which is not the best idea in the world. The same
applies for log_path.
Signed-off-by: Aleksa Sarai <asarai@suse.de>
The runtimeversion test was incorrectly written and would fail for no
good reason if setup_ocid happened to run a command that failed (even if
it was handled).
Signed-off-by: Aleksa Sarai <asarai@suse.de>
Instead of requiring the developer to set up their own GOPATH somewhere,
do like Kubernetes and OpenShift Origin do:
git clone xxxxx
cd xxxxx
make
by creating an _output/ directory and linking the local source tree
into it, and setting that to be the GOPATH.
Signed-off-by: Dan Williams <dcbw@redhat.com>
containers/storage is defaulting to /var/lib/containers/storage
for image and containers storage. It is also defaulting to
/var/run/containers/storage for all runtime. The defaults
for CRI-O should match so that lots of other tools that use
containers/storage can share the same storage.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
container-storage-setup (Formerly docker-storage-setup) is being converted to
run with container runtimes outside of docker. Specifically we want to use it
with CRI-O/ocid. It does not know anything about the container runtimes it
is generating options for, so it generates them based on the storage CLI of
docker. I see no reason to have the storage option for ocid to be different
and we can just depracate the option for now.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
go install acts incredibly weirdly and rarely does what you want, not to
mention that it's just bad for distribution build setups. Switch back to
go build, which works properly and doesn't have half as many issues.
Fixes: 6c9628cdb1 ("Build and install from GOPATH")
Signed-off-by: Aleksa Sarai <asarai@suse.de>
When generating an ocid.conf for use when running tests, make sure we
don't pick up any defaults from an installed copy of ocid by forcing our
copy to read /dev/null as its configuration file.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
When we restart ocid as part of a test, wait for the daemon to exit when
we send it a SIGTERM, just as we do when we try to stop it for good.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
Use the same build tags for bin2img and copyimg that we use for ocid,
and improve detection of the case where we need to use the
"libdm_no_deferred_remove" tag.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
kubelet sends a request to create a container with an image ID (as
opposed as an image name). That ID comes from the ImageStatus response.
This patch fixes that by setting the image ID as well as the image name
and fix the login to lookup for image ID as well.
Found while running `make test-e2e-node`.
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
Document the alternate runtime selection when running integratiom
tests on the host, and at the same time rganize the file a little
better.
Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
When running integration tests on the host, we can now specify
an alternate runtime by setting the RUNTIME variable. For example:
make localintegration RUNTIME=cc-oci-runtime
to use Clear Containers instead of runC.
Obviously, runC is still the default.
Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
When calling copyimg to pull down an image in the integration tests,
don't forget to pass in the test signature policy.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
We usually specify MCS Labels as comma separated pair.
Finally if we run two different containers we want them on different
MCS labels.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
The CRI doesn't expect us to implicitly pull an image if it isn't
already present before we're asked to use it to create a container, and
the tests no longer depend on us doing so, either.
Limit the logic which attempts to pull an image, if it isn't present, to
only pulling the configured "pause" image, since our use of that image
for running pod sandboxes is an implementation detail that our clients
can't be expected to know or care about. Include the name of the image
that we didn't pull in the error we return when we don't pull one.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
Add a basic tool for copying images from one location to another,
optionally adding a name if it's to local storage. Ideally we could use
skopeo for this, but we don't want to build it.
Use it to initially populate the test/testdata/redis-image directory, if
it's not been cleaned out, with a copy of "docker://redis:latest", and
to copy it in to the storage that ocid is using before we start up ocid.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
Add tests which exercise image pulling, listing, and removal. When running
tests, prepopulate the store with an image with the default infrastructure
container's name, using the locally-built "pause" binary, so that tests won't
have to pull it down from the network.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
Use containers/storage to store images, pod sandboxes, and containers.
A pod sandbox's infrastructure container has the same ID as the pod to
which it belongs, and all containers also keep track of their pod's ID.
The container configuration that we build using the data in a
CreateContainerRequest is stored in the container's ContainerDirectory
and ContainerRunDirectory.
We catch SIGTERM and SIGINT, and when we receive either, we gracefully
exit the grpc loop. If we also think that there aren't any container
filesystems in use, we attempt to do a clean shutdown of the storage
driver.
The test harness now waits for ocid to exit before attempting to delete
the storage root directory.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
* Rename 'vendor/src' -> 'vendor'
* Ignore vendor/ instead of vendor/src/ for lint
* Rename 'cmd/client' -> 'cmd/ocic' to make it 'go install'able
* Rename 'cmd/server' -> 'cmd/ocid' to make it 'go install'able
* Update Makefile to build and install from GOPATH
* Update tests to locate ocid/ocic in GOPATH/bin
* Search for binaries in GOPATH/bin instead of PATH
* Install tools using `go get -u`, so they are updated on each run
Signed-off-by: Jonathan Yu <jawnsy@redhat.com>
"executable file not found in" is part of a runc
specific output when 'runc exec' fails.
This prevents the execsync failure to pass when running
ocid with other runtimes than runc.
Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
We create 2 pods in 2 different networking namespace and
we check if we can ping one from the other.
Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
We create temporary CNI networking configurations and run 2
functional tests:
- Verify that the networking namespace interface has a valid CIDR
- Ping the networking namespace interface from the host
Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
