Commit graph

2152 commits

Author SHA1 Message Date
Antonio Murdaca
25d40b6927
test: use checkseccomp to test if seccomp is supported
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2017-01-19 18:51:47 +01:00
Antonio Murdaca
0d37c41521
test: add a custom binary to reliable check seccomp support
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2017-01-19 18:51:47 +01:00
Antonio Murdaca
f1f5c635d2
test: change location of the test image
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2017-01-19 18:51:47 +01:00
Antonio Murdaca
e5126a9176
Dockerfile: pull test image at build time
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2017-01-19 18:51:47 +01:00
Antonio Murdaca
f195d51615
Dockerfile: install CNI plugins for integration tests
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2017-01-19 18:51:47 +01:00
Antonio Murdaca
0a36d3ca3d
Dockerfile: use golang:1.7
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2017-01-19 18:51:40 +01:00
Nalin Dahyabhai
9cac1f6d66 Makefile: handle cases where $GOPATH is a list
In multiple places, we've been assuming that we can invoke binaries that
we install as $GOPATH/bin/$binary.  This doesn't work in cases where
$GOPATH is a list.

Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
2017-01-19 12:13:49 -05:00
Antonio Murdaca
b9dc097c40 Merge pull request #189 from nalind/storage
Storage in Image Management
2017-01-18 23:02:08 +01:00
Antonio Murdaca
0e3ff61350 server: fix ImagePullResponse
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2017-01-18 10:23:30 -05:00
Nalin Dahyabhai
aeea656581 Limit implicit image pulling to the pause image
The CRI doesn't expect us to implicitly pull an image if it isn't
already present before we're asked to use it to create a container, and
the tests no longer depend on us doing so, either.

Limit the logic which attempts to pull an image, if it isn't present, to
only pulling the configured "pause" image, since our use of that image
for running pod sandboxes is an implementation detail that our clients
can't be expected to know or care about.  Include the name of the image
that we didn't pull in the error we return when we don't pull one.

Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
2017-01-18 10:23:30 -05:00
Antonio Murdaca
749d24fbab server: cleanup on failed restore
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2017-01-18 10:23:30 -05:00
Antonio Murdaca
437459bd64 server: do not add ctrs with bad state when restoring
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2017-01-18 10:23:30 -05:00
Antonio Murdaca
c61a83a930 server: skip pods containers in bad state on disk
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2017-01-18 10:23:30 -05:00
Antonio Murdaca
7bd7595b18 server: skip pods in bad state on disk
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2017-01-18 10:23:30 -05:00
Antonio Murdaca
dc37d36759 server: image_status: ignore storage.ErrImageUnknown
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2017-01-18 10:23:30 -05:00
Nalin Dahyabhai
925806b8fa Add and use copyimg for caching images for tests
Add a basic tool for copying images from one location to another,
optionally adding a name if it's to local storage.  Ideally we could use
skopeo for this, but we don't want to build it.

Use it to initially populate the test/testdata/redis-image directory, if
it's not been cleaned out, with a copy of "docker://redis:latest", and
to copy it in to the storage that ocid is using before we start up ocid.

Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
2017-01-18 10:23:30 -05:00
Nalin Dahyabhai
636d5d8e9a Add and use bin2img for creating images for tests
Add tests which exercise image pulling, listing, and removal.  When running
tests, prepopulate the store with an image with the default infrastructure
container's name, using the locally-built "pause" binary, so that tests won't
have to pull it down from the network.

Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
2017-01-18 10:23:30 -05:00
Nalin Dahyabhai
c0333b102b Integrate containers/storage
Use containers/storage to store images, pod sandboxes, and containers.
A pod sandbox's infrastructure container has the same ID as the pod to
which it belongs, and all containers also keep track of their pod's ID.

The container configuration that we build using the data in a
CreateContainerRequest is stored in the container's ContainerDirectory
and ContainerRunDirectory.

We catch SIGTERM and SIGINT, and when we receive either, we gracefully
exit the grpc loop.  If we also think that there aren't any container
filesystems in use, we attempt to do a clean shutdown of the storage
driver.

The test harness now waits for ocid to exit before attempting to delete
the storage root directory.

Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
2017-01-18 10:23:30 -05:00
Nalin Dahyabhai
caee4a99c9 Vendor containers/image and containers/storage
Vendor updated containers/image and containers/storage, along
with any new dependencies they drag in, and updated versions of other
dependencies that happen to get pulled in.

github.com/coreos/go-systemd/daemon/SdNotify() now takes a boolean to
control whether or not it unsets the NOTIFY_SOCKET variable from the
calling process's environment.  Adapt.

github.com/opencontainers/runtime-tools/generate/Generator.AddProcessEnv()
now takes the environment variable name and value as two arguments, not
one.  Adapt.

Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
2017-01-18 10:21:59 -05:00
Antonio Murdaca
00e6832715 Merge pull request #320 from jawnsy/build-with-go-install
Build with go install
2017-01-18 00:06:13 +01:00
Antonio Murdaca
85454901e2 Merge pull request #322 from mrunalp/remove_host_ping_test
Remove host ping test
2017-01-18 00:02:00 +01:00
Mrunal Patel
e785e3e07f Remove host ping test
Signed-off-by: Mrunal Patel <mpatel@redhat.com>
2017-01-17 13:43:23 -08:00
Jonathan Yu
6c9628cdb1
Build and install from GOPATH
* Rename 'vendor/src' -> 'vendor'
  * Ignore vendor/ instead of vendor/src/ for lint
* Rename 'cmd/client' -> 'cmd/ocic' to make it 'go install'able
* Rename 'cmd/server' -> 'cmd/ocid' to make it 'go install'able
* Update Makefile to build and install from GOPATH
* Update tests to locate ocid/ocic in GOPATH/bin
* Search for binaries in GOPATH/bin instead of PATH
* Install tools using `go get -u`, so they are updated on each run

Signed-off-by: Jonathan Yu <jawnsy@redhat.com>
2017-01-17 12:09:09 -08:00
Jonathan Yu
9da2882d49
Update hack/vendor.sh to clone directly into vendor/ instead of vendor/src/
Signed-off-by: Jonathan Yu <jawnsy@redhat.com>
2017-01-17 11:19:25 -08:00
Mrunal Patel
3243cf7307 Merge pull request #316 from intelsdi-x/kubelet-net-fix
sandbox_run: Do not run net plugin in host namespace
2017-01-17 09:39:03 -08:00
Mrunal Patel
a93c132af5 Merge pull request #321 from runcom/bump-k8s-550f8be73aac92c7c23b1783d3db17f8660019f6
bump k8s@550f8be73aac92c7c23b1783d3db17f8660019f6
2017-01-17 08:46:24 -08:00
Antonio Murdaca
25a85afe1c
bump k8s@550f8be73aac92c7c23b1783d3db17f8660019f6
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2017-01-17 12:19:23 +01:00
Antonio Murdaca
38acbb4625 Merge pull request #318 from jawnsy/promote-config
Promote DefaultConfig() to server package
2017-01-17 08:23:43 +01:00
Jonathan Yu
d5d297d50b
Promote DefaultConfig() to server package
The default configuration can only be accessed from the cmd/server
package, which cannot be imported (since it's a "package main").
This change promotes DefaultConfig() to the "server" package.

Closes: #315

Signed-off-by: Jonathan Yu <jawnsy@redhat.com>
2017-01-16 16:22:35 -08:00
Mrunal Patel
1df8e6638b Merge pull request #317 from mikebrow/make158fix
fixes issue with make install on ubuntu
2017-01-16 15:16:38 -08:00
Mike Brown
7ae5b5fe24 fixes issue with make install on ubuntu
Signed-off-by: Mike Brown <brownwm@us.ibm.com>
2017-01-16 17:01:49 -06:00
Mrunal Patel
2421aba39a Merge pull request #310 from sameo/topic/cc-exec
Fix ExecSync support for runtimes other than runC
2017-01-16 11:41:12 -08:00
Jacek J. Łakis
b034072d6a sandbox_run: Do not run net plugin in host namespace
Signed-off-by: Jacek J. Łakis <jacek.lakis@intel.com>
2017-01-16 16:53:29 +01:00
Samuel Ortiz
ce54c1e5e9
test: Do not hardcode runc specific output
"executable file not found in" is part of a runc
specific output when 'runc exec' fails.
This prevents the execsync failure to pass when running
ocid with other runtimes than runc.

Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
2017-01-14 02:02:45 +01:00
Samuel Ortiz
4c7583b467
oci: Do not call the container runtime from ExecSync
Some OCI container runtimes (in particular the hypervisor
based ones) will typically create a shim process between
the hypervisor and the runtime caller, in order to not
rely on the hypervisor process for e.g. forwarding the
output streams or getting a command exit code.

When executing a command inside a running container those
runtimes will create that shim process and terminate.
Therefore calling and monitoring them directly from
ExecSync() will fail. Instead we need to have a subreaper
calling the runtime and monitoring the shim process.
This change uses conmon as the subreaper from ExecSync(),
monitors the shim process and read the exec'ed command
exit code from the synchronization pipe.

Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
2017-01-14 02:02:43 +01:00
Samuel Ortiz
d60d0ac0c3
conmon: Use conmon for exec'ing a command
Some OCI container runtimes (in particular the hypervisor
based ones) will typically create a shim process between
the hypervisor and the runtime caller, in order to not
rely on the hypervisor process for e.g. forwarding the
output streams or getting a command exit code.

With these runtimes we need to monitor a different process
than the runtime one when executing a command inside a
running container. The natural place to do so is conmon
and thus we add a new option to conmon for calling the
runtime exec command, monitor the PID and then return the
running command exit code through the sync pipe to the
parent.

Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
2017-01-14 02:02:40 +01:00
Samuel Ortiz
468746aa28
conmon: Use the full PID file path
And not a hardcoded "pidfile".

Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
2017-01-14 02:02:37 +01:00
Samuel Ortiz
9a4a1092fe
conmon: Return the exit status code
waitpid fills its second argument with a value that
contains the process exit code in the 8 least significant
bits. Instead of returning the complete value and then
convert it from ocid, return the exit status directly
by using WEXITSTATUS from conmon.

Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
2017-01-14 02:00:45 +01:00
Mrunal Patel
61e60bfe47 Merge pull request #304 from jawnsy/topics/install-to-usr-local
Install to /usr/local to avoid conflicts with vendor binaries
2017-01-05 15:41:10 -08:00
Pengfei Ni
b4e31a552a Merge pull request #308 from xlgao-zju/remove-sort-by-name
Remove byName in cmd/server/main.go, since urfave/cli#544 has been in.
2017-01-05 17:36:05 +08:00
Xianglin Gao
088c53579a Remove byName in cmd/server/main.go, since urfave/cli#544 has been in.
Signed-off-by: Xianglin Gao <xlgao@zju.edu.cn>
2017-01-05 15:42:22 +08:00
Jonathan Yu
8b63272908
Install to /usr/local to avoid conflicts with vendor binaries
Closes: #300

Signed-off-by: Jonathan Yu <jawnsy@redhat.com>
2017-01-04 21:39:22 -08:00
Pengfei Ni
295cc1ea1a Merge pull request #307 from xlgao-zju/fix-typo
Fix misspell to make go report more happy
2017-01-04 15:45:20 +08:00
Xianglin Gao
ab4a408b66 fix typo to make go report more happy
Signed-off-by: Xianglin Gao <xlgao@zju.edu.cn>
2017-01-04 14:24:11 +08:00
Mrunal Patel
c0e3c08a17 Merge pull request #305 from cyphar/runc-kill-arguments
oci: fix runc kill usage
2017-01-02 09:39:35 -08:00
Aleksa Sarai
da975261e7
oci: fix runc kill usage
In later versions of runC, `runc kill` *requires* the signal parameter
to know what signal needs to be sent.

Signed-off-by: Aleksa Sarai <asarai@suse.com>
2016-12-31 17:01:19 +11:00
Mrunal Patel
6133465e42 Merge pull request #292 from sameo/topic/network-bats
Additional networking tests
2016-12-21 11:20:08 -08:00
Samuel Ortiz
8e1af3668a
test: Fix networking helpers indentation
Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
2016-12-21 12:26:18 +01:00
Samuel Ortiz
b6455253c2
test: Add host pod ping test
We create a pod with host networking and we try to ping
it from the host.

Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
2016-12-21 12:24:37 +01:00
Samuel Ortiz
5273bef5d2
test: Add a inter pod ping networking test
We create 2 pods in 2 different networking namespace and
we check if we can ping one from the other.

Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
2016-12-21 11:28:33 +01:00