Commit graph

1642 commits

Author SHA1 Message Date
Antonio Murdaca
e8cfe3b867
container_create: support seccomp docker/default annotation
Fixes the following Origin/Kube test:

```
• Failure [10.323 seconds]
[k8s.io] Security Context [Feature:SecurityContext]
/go/src/github.com/openshift/origin/vendor/k8s.io/kubernetes/test/e2e/framework/framework.go:619
  should support seccomp alpha docker/default annotation
[Feature:Seccomp] [It]
  /go/src/github.com/openshift/origin/vendor/k8s.io/kubernetes/test/e2e/security_context.go:133

  Expected error:
      <*errors.errorString | 0xc420cbacf0>: {
          s: "expected \"2\" in container output: Expected\n
<string>: Seccomp:\t0\n    \nto contain substring\n    <string>: 2",
      }
      expected "2" in container output: Expected
          <string>: Seccomp:	0

      to contain substring
          <string>: 2
  not to have occurred
}
```

Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2017-09-25 21:08:11 +02:00
Mrunal Patel
4fadbea75d Merge pull request #927 from stevekuznetsov/skuznets/dont-pull-code-in-test
Refactor integration test playbooks
2017-09-25 11:58:11 -07:00
Steve Kuznetsov
e160796d4e
Refactor the CRI-O test playbook to be more modular
Signed-off-by: Steve Kuznetsov <skuznets@redhat.com>
2017-09-25 10:02:04 -07:00
Mrunal Patel
89f18fa7b5 Merge pull request #928 from cevich/fix_missing_fedora_dep
integration-playbook: Add hidden dependencies
2017-09-22 10:19:05 -07:00
Chris Evich
bedf75dcfc integration-playbook: Require RHEL repos.
Both the base and extras repos are required.  Rather than try to fuss
around with subscription manager, require two variables be defined
pointing to the baseurl's to use.  Assert that these variables are set
and non-empty.

Signed-off-by: Chris Evich <cevich@redhat.com>
2017-09-21 13:01:08 -04:00
Chris Evich
78c400ccd3 integration-playbook: Increase test timeout
Depending on circumstances out of our control, the 'integration tests'
may take longer than an hour (3600 seconds).  Since the maximum time
is referenced in several places, define a variable with a larger value
then reference it from the affected tasks.

Signed-off-by: Chris Evich <cevich@redhat.com>
2017-09-21 13:01:08 -04:00
Chris Evich
e6b5fc7d53 integration-playbook: Add hidden dependencies
Previously, an internal playbook installed many extra
necessary/unnecessary packages before this playbook even started.  Since
this is a terrible design, move all dependencies here so that nothing is
unwritten.  This includes installing some deps. for ansible itself
(which must be done as a raw command).

Signed-off-by: Chris Evich <cevich@redhat.com>
2017-09-21 13:01:08 -04:00
Chris Evich
29c4d890c8 Faster venv-ansible-playbook.sh
If running a playbook more than once, there's no need to re-bootstrap
the virtual environment.  Assume if the verified crio directory already
exists, it should be used (after re-asserting hashes of requirements).

Signed-off-by: Chris Evich <cevich@redhat.com>
2017-09-21 12:59:33 -04:00
Daniel J Walsh
d153815f74 Merge pull request #936 from rhatdan/readme
Describe in readme `kpod cp` man page
2017-09-21 10:02:07 -04:00
Daniel J Walsh
fd6446ade5 Describe in readme kpod cp man page
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
2017-09-21 12:20:26 +00:00
Antonio Murdaca
0fc411d4fe Merge pull request #905 from mrunalp/bump_rc2
version: Release 1.0.0-rc2
2017-09-20 15:20:31 +02:00
Daniel J Walsh
2282b5339f Merge pull request #922 from ashcrow/add-libkpod-config-unit-test
test: Add libkpod config tests
2017-09-19 15:14:41 -04:00
Steve Milner
65faae6782 test: Add libkpod config tests
- config_test.go for testing libkpod/config.go
- testdata/config.toml as a fixture for config_test.go

Signed-off-by: Steve Milner <smilner@redhat.com>
2017-09-19 09:32:57 -04:00
Daniel J Walsh
5e3c53c172 Merge pull request #909 from rhatdan/lastError
We should not be exiting with exit(1)
2017-09-18 07:46:53 -04:00
Mrunal Patel
7e7a097395 Merge pull request #913 from runcom/v1.0.0-rc2-patches
V1.0.0 rc2 patches
2017-09-17 21:03:54 -07:00
Antonio Murdaca
a11b8cd8ec
sandbox, ctr: SELinux fixes
server: fix selinux labels for pod and containers

Signed-off-by: Antonio Murdaca <runcom@redhat.com>

sandbox: set selinux labels from request, not defaults

Signed-off-by: Antonio Murdaca <runcom@redhat.com>

container_create: use sandbox's selinux if container's nil

Signed-off-by: Antonio Murdaca <runcom@redhat.com>

sandbox: correctly init selinux labels

First, we weren't correctly initializing selinux labels. If any of
(level, user, role, type) was missing from kube selinux options, we
were erroring out. This is wrong as kube sends just `level=s0`
sometimes and docker itself allows `--security-opt label=level:s0`.
This patch directly initializes selinux labels, correctly, and adds a
test to verify it.

Signed-off-by: Antonio Murdaca <runcom@redhat.com>

test: testdata: use container_runtime_t selinux type

RHEL SELinux policy doesn't have `container_t` type but we're using it
in our fixtures. That means Fedora integration tests pass because
`container_t` is in Fedora's container policy but RHEL is broken.
Fix it by using `container_runtime_t` which is aliased in Fedora policy
to `container_t`.

Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2017-09-17 22:40:17 +02:00
Antonio Murdaca
ec42a40936
server: use grpc getters
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2017-09-17 10:19:32 +02:00
Antonio Murdaca
c1d158bba4
Makefile: always use vfs to test in container
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2017-09-17 10:19:32 +02:00
Antonio Murdaca
d93f86c26c
Dockerfile: remove not needed image copy
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2017-09-17 10:19:31 +02:00
Antonio Murdaca
9ec518491f
server: correctly set hostname
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2017-09-17 10:19:31 +02:00
Antonio Murdaca
0c1383fd30
test: add inspect integration tests
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2017-09-17 10:19:31 +02:00
Antonio Murdaca
e26e48ec87
server: add inspect unit test
The inspect endpoint is used mainly in the CRI-O cAdvisor handler.
Let's make sure we don't break it by adding some trivial unit tests.

Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2017-09-17 10:19:29 +02:00
Daniel J Walsh
33fc0231f7 Merge branch 'master' of github.com:kubernetes-incubator/cri-o into lastError
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
2017-09-16 06:10:01 -04:00
Daniel J Walsh
dbc2b404a3 Merge pull request #841 from baude/kpod_pull_name
libkpod/image/copy.go: Add pull by short-name
2017-09-16 05:12:47 -04:00
Daniel J Walsh
d03ea10be2 Merge pull request #890 from mrunalp/bind_docs
docs: Add missing bind option in docs and command help
2017-09-16 05:11:17 -04:00
Daniel J Walsh
dacfddc42c Merge pull request #899 from umohnani8/vendor_containers/image
Vendor in latest containers/storage
2017-09-16 05:09:29 -04:00
Daniel J Walsh
8320d65581 Merge pull request #915 from umohnani8/kpod_ps
Modified namespace field in json struct
2017-09-16 05:02:32 -04:00
Mrunal Patel
f59e9dae1c docs: Add missing bind option in docs and command help
Signed-off-by: Mrunal Patel <mpatel@redhat.com>
2017-09-15 16:12:13 -07:00
Daniel J Walsh
a001b177d6 We should not be exiting with exit(1)
There is cleanup code that will never get run.
This code will print out all errors and then return the last error.
This should allow for proper cleanup.

Also cleanup help to switch usage and description.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
2017-09-15 17:51:34 -04:00
umohnani8
036658b844 Modified namespace field in json struct
The namespace field was not being omitted when empty

Signed-off-by: umohnani8 <umohnani@redhat.com>
2017-09-15 17:30:25 -04:00
Daniel J Walsh
b82bf55404 Merge pull request #900 from TomSweeneyRedHat/dev/tsweeney/docfix5
Add a few build dependencies to README.md
2017-09-15 16:47:52 -04:00
Mrunal Patel
9f663c9b66 Merge pull request #912 from TomSweeneyRedHat/dev/tsweeney/clifix
Update urfave/cli to v1.20.0
2017-09-15 12:56:47 -07:00
TomSweeneyRedHat
a29bb63613 Add a few build dependencies to README.md
Signed-off-by: TomSweeneyRedHat <tsweeney@redhat.com>
2017-09-15 07:56:30 -04:00
TomSweeneyRedHat
359def92f1 Update urfave/cli to v1.20.0
Signed-off-by: TomSweeneyRedHat <tsweeney@redhat.com>
2017-09-14 23:39:15 -04:00
umohnani8
cfc2393d58 Vendor in latest containers/storage
Fixes store.lock issue comming up when using store.Names

Signed-off-by: umohnani8 <umohnani@redhat.com>
2017-09-14 09:54:39 -04:00
baude
951a943d16 libkpod/image/copy.go: Add pull by short-name
If the user provides kpod pull a short name like 'debian', we
still want the pull to be sucessful.  As such, when a short
name is provided, we get the list of searchable registries via
the systemregistries code in containers-storage.  We then
append a tag of 'latest' (if not provided) and we formulate
a list of possible fully-qualified image names to try.

Vendor update for containers-storage to bring in the system_registries
code.

Also includes a patch from Nalin to fix compilation errors.

Signed-off-by: baude <bbaude@redhat.com>
2017-09-14 08:33:10 -05:00
Mrunal Patel
9dcd8c47e7 version: Switch to 1.0.0-rc3-dev
Signed-off-by: Mrunal Patel <mrunalp@gmail.com>
2017-09-13 12:47:35 -07:00
Mrunal Patel
6784a66f2d version: Release 1.0.0-rc2
Signed-off-by: Mrunal Patel <mrunalp@gmail.com>
2017-09-13 12:43:40 -07:00
Mrunal Patel
400713a58b Merge pull request #904 from runcom/fix-manifest-list
fix issue with official images and manifest lits
2017-09-13 12:42:18 -07:00
Antonio Murdaca
22f96b1806
fix issue with official images and manifest lits
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2017-09-13 19:01:06 +02:00
Daniel J Walsh
05713958f2 Merge pull request #894 from TomSweeneyRedHat/dev/tsweeney/docfix4
Add golang version note to README.md
2017-09-12 17:48:30 -04:00
Daniel J Walsh
1eb9f8ed8c Merge pull request #887 from baude/kpod_fix_rmi_by_id
cmd/kpod/rmi.go: Fix deletion by ID
2017-09-12 13:44:16 -04:00
Daniel J Walsh
ac5596cf62 Merge pull request #855 from baude/kpod_stop2
kpod stop -- stop one or more containers
2017-09-12 12:27:21 -04:00
Daniel J Walsh
98ab11f460 Merge pull request #885 from rhatdan/debug
Only print error message on kpod error not stacktrace
2017-09-12 11:52:26 -04:00
TomSweeneyRedHat
e2f46a34a6 Add golang version note to README.md
Signed-off-by: TomSweeneyRedHat <tsweeney@redhat.com>
2017-09-12 11:29:11 -04:00
Mrunal Patel
ae5739c3de Merge pull request #884 from dcbw/clean-up-sandbox
server: clean up sandbox network when running the sandbox fails
2017-09-11 16:58:45 -07:00
baude
aca658b423 kpod stop -- stop one or more containers
Stop one or more containers. Specific a timeout value
that if the stop operation exceeds, will forcibly stop
the container.

Signed-off-by: baude <bbaude@redhat.com>
2017-09-11 17:03:27 -05:00
baude
f0b94a41e8 cmd/kpod/rmi.go: Fix deletion by ID
When deleting by ID, kpod rmi was only "untagging" the image
and not actually removing it.

Signed-off-by: baude <bbaude@redhat.com>
2017-09-11 16:52:57 -05:00
Daniel J Walsh
75a60cf519 Only print error message on kpod error not stacktrace
If the user specifies --debug flag then print stack trace.

Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
2017-09-11 19:40:06 +00:00
Dan Williams
6a58bdf787 server: clean up sandbox network when running the sandbox fails
Runtimes need to clean up anything that needs it if RunPodSandbox()
fails.

Signed-off-by: Dan Williams <dcbw@redhat.com>
2017-09-11 14:19:27 -05:00