Commit graph

1131 commits

Author SHA1 Message Date
Samuel Ortiz
63c7a7c99b ocicni: Support asynchronous network config creation
We need to support cases where InitCNI() is called before
any CNI configuration files have been installed. This is
for example happening when deploying a k8s cluster with kubeadm.
kubeadm will start the DNS pod and it is left to the caller to
pick a network overlay and create the corresponding pods, that
will typically install a CNI configuration file first.

Here we address that issue by doing 2 things:

- Not returning an error when the default CNI config files
  directory is empty.
- If it is empty, we start a monitoring thread (fsnotify based)
  that will synchronize the network configuration when a CNI
  file is installed there.

Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
2017-04-10 17:36:28 +02:00
Antonio Murdaca
05cde3e759
server: add auth info to image pull
Fix the following upstream k8s's e2e-node test:
```
should be able to pull from private registry with secret [Conformance]
```

Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2017-04-10 17:09:56 +02:00
Samuel Ortiz
bc4ac7ce04 vendor: Add fsnotify and remove glog
fsnotify is needed by the new ocicni monitoring implementation.
As ocicni switched to logrus, glog is no longer needed.

Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
2017-04-06 23:06:36 +02:00
Samuel Ortiz
71cfd850f7 ocicni: Convert logs to logrus
To be consistent with the rest of the CRI-O logs, and to be able
to set the ocicni verbosity, we convert it from glog to logrus.

Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
2017-04-06 23:06:36 +02:00
Antonio Murdaca
88be3a2f91 Merge pull request #435 from surajssd/print-pid-int
Print received container pid as int
2017-04-06 18:49:32 +02:00
Antonio Murdaca
0854c081ec Merge pull request #433 from sameo/topic/sandboxrun-fixes
server: Fix RunPodSandbox error path
2017-04-06 18:46:24 +02:00
Suraj Deshmukh
da89d28473 Print received container pid as int
Earlier the received container pid was printed as unicode
character, this is fixed to print integer.

Fixes #431
2017-04-06 22:14:29 +05:30
Antonio Murdaca
e0abd16421 Merge pull request #432 from runcom/mock-exec
server: mock ExecResponse
2017-04-06 17:54:28 +02:00
Samuel Ortiz
ea1f6517c1 server: Fix RunPodSandbox error path
When RunPodSandbox fails after calling s.addSandbox(sb),
we're left with a sandbox in s.state.sandboxes while the
sandbox is not created.

We fix that by adding removeSandbox() to the deferred cleanup
call

Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
2017-04-06 17:36:26 +02:00
Antonio Murdaca
87e288d13a
server: mock ExecResponse
This patch prevents k8s's e2e_node tests from killing CRI-O (because of
a panic in marshaling nil responses). This will ensure tests keep
running and just logging the failure.

Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2017-04-06 16:37:13 +02:00
Mrunal Patel
4247f68764 Merge pull request #428 from mheon/update_cni_buildpath
Change path of CNI build script
2017-04-05 16:06:02 -07:00
Matthew Heon
517f43ce19 Change path of CNI build script and pin to a commit
As of containernetworking/cni commit 1b9caefba5670c59e0ccbf0b008d88da52a7d498,
the script to build has changed from 'build' to 'build.sh' which broke our
integration tests. Change the integration test Dockerfile to update this path,
and update the tutorial for good measure. Pin to current master to ensure this
breakage doesn't happen again.

Signed-off-by: Matthew Heon <mheon@redhat.com>
2017-04-05 14:27:58 -04:00
Antonio Murdaca
09d2a6b519 Merge pull request #427 from mrunalp/fix_nil_config
Check for case when image config isn't present
2017-04-05 12:42:58 +02:00
Mrunal Patel
aac24e1715 Check for case when image config isn't present
Signed-off-by: Mrunal Patel <mpatel@redhat.com>
2017-04-04 15:42:58 -07:00
Mrunal Patel
2b5dca3950 Merge pull request #424 from runcom/fix-schema1-config
read image config from docker v2s1 manifests
2017-04-04 14:49:54 -07:00
Antonio Murdaca
3c7f3ab2ec Merge pull request #409 from sameo/topic/fat-lock
Serialize Update and Sandbox/Container creation operations
2017-04-04 23:23:19 +02:00
Aleksa Sarai
7f660a2060
merge branch 'pr-162'
Closes #162
LGTMs: @sameo @runcom @mrunalp @cyphar
2017-04-05 04:50:27 +10:00
Aleksa Sarai
7679a84c6d
server: issues.k8s.io/44043 workaround
Because kubelet will create broken symlinks for logPath it is necessary
to remove those symlinks before we attempt to write to them. This is a
temporary workaround while the issue is fixed upstream.

Ref: https://issues.k8s.io/44043
Signed-off-by: Aleksa Sarai <asarai@suse.de>
2017-04-05 02:45:58 +10:00
Aleksa Sarai
65527da361
test: add logging tests
The main purpose of these tests is to make sure that the log actually
contains output from the container. We don't test the timestamps or the
stream that's stated at the moment.

Signed-off-by: Aleksa Sarai <asarai@suse.de>
2017-04-05 02:45:58 +10:00
Aleksa Sarai
c31f2cf0ee
test: unset log_* in configurations
This is necessary, as otherwise ocid will use its own current directory
as a log_directory, which is not the best idea in the world. The same
applies for log_path.

Signed-off-by: Aleksa Sarai <asarai@suse.de>
2017-04-05 02:45:58 +10:00
Mrunal Patel
1dc4c87c93
conmon: add timestamps to logs
CRI requires us to timestamp our logs line-by-line by specifying whether
the line came from std{out,err} and the time at which the log was
recieved. This is a preliminary implementation of said behaviour
(without explicit newline handling at the moment).

Signed-off-by: Mrunal Patel <mpatel@redhat.com>
Signed-off-by: Aleksa Sarai <asarai@suse.de>
2017-04-05 02:45:57 +10:00
Aleksa Sarai
14a37fb407
conmon: use pipes rather than socketpairs for !terminal
While pipes have their downsides, it turns out that socketpair(2) will
break any program that tries to open /dev/std{out,err} for writing
(because they're symlinked to /proc/1/fd/{1,2} which will cause lots of
fun issues with sockets).

Signed-off-by: Mrunal Patel <mpatel@redhat.com>
Signed-off-by: Aleksa Sarai <asarai@suse.de>
2017-04-05 02:45:57 +10:00
Aleksa Sarai
c290c0d9c3
conmon: implement logging to logPath
This adds a very simple implementation of logging within conmon, where
every buffer read from the masterfd of the container is also written to
the log file (with errors during writing to the log file ignored).

Signed-off-by: Aleksa Sarai <asarai@suse.de>
2017-04-05 02:45:57 +10:00
Aleksa Sarai
266c757cc6
runc: update to 31980a53ae7887b2c8f8715d13c3eb486c27b6cf
This is necessary for --console-socket.

Signed-off-by: Aleksa Sarai <asarai@suse.de>
2017-04-05 02:45:56 +10:00
Aleksa Sarai
00589b3682
test: fix runtimeversion test
The runtimeversion test was incorrectly written and would fail for no
good reason if setup_ocid happened to run a command that failed (even if
it was handled).

Signed-off-by: Aleksa Sarai <asarai@suse.de>
2017-04-05 02:45:56 +10:00
Aleksa Sarai
8f280dc5c6
oci: ignore silly lint errors
checking lint
  oci/oci.go:372:⚠️ declaration of err shadows declaration at oci.go:240:  (vetshadow)
  oci/oci.go:265:15⚠️ error return value not checked (os.RemoveAll(logPath)) (errcheck)

Signed-off-by: Aleksa Sarai <asarai@suse.de>
2017-04-05 02:45:56 +10:00
Samuel Ortiz
be5084387c server: Serialize container/pod creation with updates
Interleaving asynchronous updates with pod or container creations can
lead to unrecoverable races and corruptions of the pod or container hash
tables. This is fixed by serializing update against pod or container
creation operations, while pod and container creation operations can
run in parallel.

Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
2017-04-04 18:43:21 +02:00
Samuel Ortiz
c89cc876d2
server: Remove Image Config hack
Now that the image package has fixes to support docker images v2s1,
we can remove our buildOCIProcessARgs() hack for empty image configs
and simplify this routine.

Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2017-04-04 17:52:40 +02:00
Antonio Murdaca
a0071de607
read image config from docker v2s1 manifests
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2017-04-04 17:52:37 +02:00
Samuel Ortiz
d1006fdfbc server: Add new sandboxes to the sandbox hash table first
We want new sandboxes to be added to the sandbox hash table before
adding their ID to the pod Index registrar, in order to avoid potential
Update() races.

Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
2017-04-04 17:22:34 +02:00
Aleksa Sarai
70883dbe6b
lint: bump cyclo
Signed-off-by: Aleksa Sarai <asarai@suse.de>
2017-04-04 20:51:29 +10:00
Antonio Murdaca
6b704d1f78 Merge pull request #425 from mrunalp/ctr_status_labels
Add labels/annotations to container status
2017-04-04 11:17:44 +02:00
Mrunal Patel
c5e15cfd5f Add labels/annotations to container status
Signed-off-by: Mrunal Patel <mrunalp@gmail.com>
2017-04-03 15:05:57 -07:00
Dan Williams
95846211c9 build: find dependencies for Go executables
To ensure that changing a dependency source file actually triggers
a rebuild of the core binaries when you type 'make', find their
dependencies and add them to the makefile's target dependencies.

Signed-off-by: Dan Williams <dcbw@redhat.com>
2017-03-31 20:45:21 -05:00
Mrunal Patel
bbe2dea0a6 Merge pull request #423 from mrunalp/set_default_cwd
Set default working directory to /
2017-03-31 16:04:49 -07:00
Mrunal Patel
fd435256e7 Set default working directory to /
runc/runtime-spec doesn't allow empty working dir
Signed-off-by: Mrunal Patel <mpatel@redhat.com>
2017-03-31 14:04:16 -07:00
Antonio Murdaca
1ce8be1ccf Merge pull request #417 from surajssd/update-conmon-default-path
Update the default conmonPath
2017-03-31 18:30:22 +02:00
Mrunal Patel
fa467a30f1 Merge pull request #420 from mrunalp/fix_hostname
Set the container hostname same as pod hostname
2017-03-31 07:35:49 -07:00
Antonio Murdaca
3f59e18a7c Merge pull request #418 from mrunalp/user_lookup
User lookup
2017-03-31 09:47:42 +02:00
Dan Williams
9c44933b58 build: create a local GOPATH if none specified
Instead of requiring the developer to set up their own GOPATH somewhere,
do like Kubernetes and OpenShift Origin do:

git clone xxxxx
cd xxxxx
make

by creating an _output/ directory and linking the local source tree
into it, and setting that to be the GOPATH.

Signed-off-by: Dan Williams <dcbw@redhat.com>
2017-03-30 15:01:22 -05:00
Mrunal Patel
c6897b5f62 Set the uid, gid and groups from container user
Signed-off-by: Mrunal Patel <mpatel@redhat.com>
2017-03-30 10:58:57 -07:00
Mrunal Patel
4ccc5bbe7c Set the container hostnames same as pod hostname
Signed-off-by: Mrunal Patel <mpatel@redhat.com>
2017-03-29 16:11:57 -07:00
Mrunal Patel
93b1ff5207 Merge pull request #416 from surajssd/readme-generate-config
Add instructions to generate config
2017-03-29 11:45:58 -07:00
Mrunal Patel
505bc2cbd5 Add function to lookup user in container /etc/{passwd,group}
Signed-off-by: Mrunal Patel <mpatel@redhat.com>
2017-03-29 11:18:35 -07:00
Mrunal Patel
f422235b3e Add function to safely open a file in container rootfs
Signed-off-by: Mrunal Patel <mpatel@redhat.com>
2017-03-29 11:16:53 -07:00
Suraj Deshmukh
fb41320527 Add instructions to generate config
`tutorial.md` was missing instructions to
generate config for the first time install.

Signed-off-by: Suraj Deshmukh <surajssd009005@gmail.com>
2017-03-29 21:24:58 +05:30
Suraj Deshmukh
c93c7cd1b8 Update the default conmonPath
After change in `Makefile` at #304 where `PREFIX`
has changed from `/usr` to `/usr/local` these changes
has to be reflected in default `conmonPath`.

Signed-off-by: Suraj Deshmukh <surajssd009005@gmail.com>
2017-03-29 21:23:52 +05:30
Mrunal Patel
f2ce1fff0a Merge pull request #414 from rhatdan/vendor
Vendor in latest code.
2017-03-28 16:21:27 -07:00
Daniel J Walsh
549d734da9 Vendor in latest code.
Add support for vendoring in containers/storage and ran
dep ensure

Need to get default storage for containers to include and default to
overlay2.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
2017-03-28 17:01:08 -04:00
Antonio Murdaca
7c6443c592 Merge pull request #412 from mrunalp/image_wd_env
Apply working dir and env from image config
2017-03-28 10:49:20 +02:00