Commit graph

251 commits

Author SHA1 Message Date
Daniel J Walsh
fb804f5602 Merge pull request from umohnani8/authflag
Add authfile flag to pull and push
2017-10-25 06:16:58 -07:00
Daniel J Walsh
2f43183c35 Merge pull request from nalind/default-store
libpod: set the default Store to match a Runtime
2017-10-24 21:40:56 -07:00
Mrunal Patel
cd04b45540 Merge pull request from nalind/secrets-test
Fixups for crio_secrets.bats
2017-10-24 21:01:56 -07:00
Mrunal Patel
5a4ffef9d3 Merge pull request from nalind/storage-opts
tests: rename $STORAGE_OPTS to $STORAGE_OPTIONS
2017-10-24 21:01:33 -07:00
Nalin Dahyabhai
9d0d48b2ce Rename $STORAGE_OPTS to $STORAGE_OPTIONS
Rename our $STORAGE_OPTS variable to $STORAGE_OPTIONS, so that the
storage library doesn't try to use its contents as default driver
options.

Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
2017-10-24 21:52:16 -04:00
Nalin Dahyabhai
a467615423 Fixups for crio_secrets.bats
Remove the directory named by "$MOUNT_PATH", not "MOUNT_PATH".
Run "cat /proc/mounts" instead of "mount" in the test container.
Run "grep" using the "run" helper when we want to capture its output.

Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
2017-10-24 21:49:55 -04:00
Nalin Dahyabhai
a5fb2b4b11 libpod: set the default Store to match a Runtime
When initializing a Runtime, set the default Store for the
containers-storage transport in the image library to the same one that
we're using, so that the calling process sees the same set of images
in the Runtime that it sees when going through the image library.

Update the kpod_push test so that it no longer has to specify a location
in the destination image reference, since the default should already be
passed to kpod as global options.

Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
2017-10-24 21:47:10 -04:00
Nalin Dahyabhai
4af9ae4bc2 kpod_kill.bats: drop redundant variables
Drop duplicate definitions of variables that are already defined in
helpers.bash.

Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
2017-10-24 18:17:15 -04:00
umohnani8
d855e2c8ad Add authfile flag to pull and push
Push and pull can now access any cached registry credentials from the auth file

Signed-off-by: umohnani8 <umohnani@redhat.com>
2017-10-24 16:32:09 -04:00
Mrunal Patel
56cda43444 test: Test for OOM condition in a loop
Signed-off-by: Mrunal Patel <mrunalp@gmail.com>
2017-10-23 21:07:22 -07:00
Mrunal Patel
542994ff2a Merge pull request from edsantiago/safer_conmon_chmod
Issue : don't chmod a nonexistent file
2017-10-17 22:04:04 -07:00
Mrunal Patel
f237cdb2a5 Merge pull request from edsantiago/restore_cni_plugin
restore lost cni-plugin option
2017-10-17 15:21:39 -07:00
umohnani8
a11b1f953d Fixed logic flaw in the secrets mounts
Tested on a REHL box and found out that the mounts were not showing up
Had a logic flaw, where if the mount was "host:container"
Was setting the mount source to "host" and destination to "ctrRunDir/container"
When instead, the mount source should be "ctrRunDir/container" and destination "container"
with the data copied from "host" to "ctrRunDir/container"

Signed-off-by: umohnani8 <umohnani@redhat.com>
2017-10-17 13:08:42 -04:00
Ed Santiago
e24cfb90c0 fixup! Restore conmon permissions in teardown()
Signed-off-by: Ed Santiago <santiago@redhat.com>
2017-10-17 11:00:26 -06:00
Ed Santiago
0852f5c188 Issue : don't chmod a nonexistent file
New network test makes improper assumptions about conmon path.
Use predefined CONMON_BINARY variable instead.

Signed-off-by: Ed Santiago <santiago@redhat.com>
2017-10-17 10:07:35 -06:00
Ed Santiago
c476706271 restore lost cni-plugin option
Commit d5b5028c undid part of my pr#953 (cni plugin path). Restore it.

Signed-off-by: Ed Santiago <santiago@redhat.com>
2017-10-17 09:02:20 -06:00
TomSweeneyRedHat
54a043bfcd Update kpod load to add signature-policy (2)
Signed-off-by: TomSweeneyRedHat <tsweeney@redhat.com>
2017-10-13 16:28:15 -04:00
Nalin Dahyabhai
ddb8fb30cc Correct our usage of the bats run helper
The bats "run" helper function sets "$status", so there's no point to
checking the value of "$status" when we haven't used the "run" helper to
run a command, and we almost always want to be checking the value after
we have used the helper.

There's no need to run commands like 'sleep' or 'rm -f' with the helper,
since they're not expected to fail, and if they do, it's probably
indicative of a larger problem that we want to allow to cause tests to
fail.

Helper functions like start_crio already check "$status" when they call
"run", so we don't need to check it again after they return.

Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
2017-10-12 17:54:47 -04:00
Nalin Dahyabhai
a88f6840d8 Look up the container's name for kpod-stop-by-name
In the kpod-stop-by-name test, use 'kpod inspect' to look up the name of
the container, rather than predicting the name that crio will assign.

Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
2017-10-12 17:54:47 -04:00
umohnani8
d1aea31786 Follow up changes on secrets patch
Deleted mounts.conf file and moved the secrets mount paths
to a list (default-mounts) in crio.conf

Signed-off-by: umohnani8 <umohnani@redhat.com>
2017-10-12 15:10:07 -04:00
umohnani8
d5b5028cb9 Add secrets patch to crio
Allows the user to define secret paths in /etc/containers/mounts.conf
These are then volume mounted into the container

Signed-off-by: umohnani8 <umohnani@redhat.com>
2017-10-11 20:00:38 -04:00
Mrunal Patel
8c83014476 Merge pull request from edsantiago/safe_netcat
nc (netcat): don't block when run interactively
2017-10-10 16:23:07 -07:00
Daniel J Walsh
772f4b1515 Merge pull request from umohnani8/libpod-part2
Continue switching from libkpod to libpod
2017-10-10 16:55:53 -04:00
Daniel J Walsh
680f3a09e1 Merge pull request from edsantiago/parameterize_cni_plugin
Parameterize CRIO_CNI_PLUGIN
2017-10-10 16:55:03 -04:00
Ed Santiago
d54a139f6d nc (netcat): don't block when run interactively
When running the test suite interactively, "Connect to pod
hostport from the host" test hangs because nc thinks it's
got a bidirectional connection. Running with </dev/null
closes the connection after receiving the expected data,
letting the tests proceed.

This is just a suggestion for n00b-friendliness. Running
interactively is rare, but it's exactly where a n00b
will begin, and the hang costs a little time and energy
to track down.

Signed-off-by: Ed Santiago <santiago@redhat.com>
2017-10-10 13:03:08 -06:00
umohnani8
356df5d18e Continue switching from libkpod to libpod
Refactored rmi, images, diff, and history.
Made fixes to kpod images in the way it was handing the templates as well as printing the image names

Signed-off-by: umohnani8 <umohnani@redhat.com>
2017-10-10 11:22:09 -04:00
Daniel J Walsh
974bafe012 Merge pull request from sameo/topic/loglevel
main: Define -log-level option
2017-10-06 09:51:07 -04:00
Dan Williams
cc2b27132e test/network: clean up tests
Signed-off-by: Dan Williams <dcbw@redhat.com>
2017-10-05 16:41:54 -05:00
Dan Williams
8392f5f757 test: add test for network teardown on sandbox setup errors
Signed-off-by: Dan Williams <dcbw@redhat.com>
2017-10-05 16:41:54 -05:00
Samuel Ortiz
a5e5ccb365 main: Replace -debug with -log-level
Running crio with -debug is very verbose. Having more granularity
on the log level can be useful when e.g. only looking for errors.

Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
2017-10-05 22:53:20 +02:00
Nalin Dahyabhai
2491d38e03 Also refactor setting flags for running kpod
* Remove duplicate definitions of storage-related flags for kpod, since
  we set them in helpers.bash now, and the other locations that were
  also setting it were doing so after loading the definitions in
  helpers.
* Set kpod storage flags after checking if we need to force use of the
  "vfs" storage driver for cri-o, to make sure kpod also ends up with
  the same override if we're using one.

Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
2017-09-29 16:37:07 -04:00
Daniel J Walsh
e16bb3feb3 Refactor kpod tests
Move kpod tests from kpod.bats to kpod_[commandname].bats
Also make sure all status checks have a echo $output before them.

Signed-off-by: Ryan Cole <rcyoalne@gmail.com>

Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>

Signed-off-by: umohnani8 <umohnani@redhat.com>
2017-09-29 16:37:07 -04:00
baude
7b062cf4c1 Add support for kpod kill
Kill one or more containers using a user-provided signal.  If not signal
is provided, KILL is used.

Signed-off-by: baude <bbaude@redhat.com>
2017-09-28 09:34:21 -05:00
Ed Santiago
b2d347d8cd Parameterize CRIO_CNI_PLUGIN
Allow overriding CRIO_CNI_PLUGIN (default: /opt/cni/bin) and
make sure it gets written to our crio.conf file. This is
intended for running cri-o tests with containernetworking-cni
rpm which installs into /usr/libexec/cni

Signed-off-by: Ed Santiago <santiago@redhat.com>
2017-09-27 14:19:20 -06:00
baude
3bf23b684a Add kpod wait
Waits on one or more containers to stop and prints the container's
return code

Signed-off-by: baude <bbaude@redhat.com>
2017-09-27 09:03:33 -05:00
Daniel J Walsh
214adee0ef Merge pull request from TomSweeneyRedHat/pause
Add `kpod pause` and `kpod unpause`
2017-09-27 09:33:22 -04:00
Antonio Murdaca
0ff3580f05 Merge pull request from mrunalp/cfg_log_max
Max log size config
2017-09-26 17:04:57 +02:00
Daniel J Walsh
9db7cf1370 Add kpod pause and kpod unpause
Implement the ability to pause and unpause running containers.

Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Signed-off-by: TomSweeneyRedHat <tsweeney@redhat.com>
2017-09-26 08:38:07 -04:00
Mrunal Patel
d47061ac57 test: Add a test for log size max
Signed-off-by: Mrunal Patel <mrunalp@gmail.com>
2017-09-25 15:37:55 -07:00
Mrunal Patel
db0bd66fca Merge pull request from runcom/fixes-rc3-0
Fix Origin test and update kube to v1.7.6
2017-09-25 14:55:42 -07:00
Antonio Murdaca
7b0bde4362
container_create: fix seccomp annotations
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2017-09-25 21:08:11 +02:00
Antonio Murdaca
e8cfe3b867
container_create: support seccomp docker/default annotation
Fixes the following Origin/Kube test:

```
• Failure [10.323 seconds]
[k8s.io] Security Context [Feature:SecurityContext]
/go/src/github.com/openshift/origin/vendor/k8s.io/kubernetes/test/e2e/framework/framework.go:619
  should support seccomp alpha docker/default annotation
[Feature:Seccomp] [It]
  /go/src/github.com/openshift/origin/vendor/k8s.io/kubernetes/test/e2e/security_context.go:133

  Expected error:
      <*errors.errorString | 0xc420cbacf0>: {
          s: "expected \"2\" in container output: Expected\n
<string>: Seccomp:\t0\n    \nto contain substring\n    <string>: 2",
      }
      expected "2" in container output: Expected
          <string>: Seccomp:	0

      to contain substring
          <string>: 2
  not to have occurred
}
```

Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2017-09-25 21:08:11 +02:00
Mrunal Patel
1beb75d839 test: Add steps for testing crio client
Signed-off-by: Mrunal Patel <mrunalp@gmail.com>
2017-09-25 11:59:40 -07:00
Mrunal Patel
7e7a097395 Merge pull request from runcom/v1.0.0-rc2-patches
V1.0.0 rc2 patches
2017-09-17 21:03:54 -07:00
Antonio Murdaca
a11b8cd8ec
sandbox, ctr: SELinux fixes
server: fix selinux labels for pod and containers

Signed-off-by: Antonio Murdaca <runcom@redhat.com>

sandbox: set selinux labels from request, not defaults

Signed-off-by: Antonio Murdaca <runcom@redhat.com>

container_create: use sandbox's selinux if container's nil

Signed-off-by: Antonio Murdaca <runcom@redhat.com>

sandbox: correctly init selinux labels

First, we weren't correctly initializing selinux labels. If any of
(level, user, role, type) was missing from kube selinux options, we
were erroring out. This is wrong as kube sends just `level=s0`
sometimes and docker itself allows `--security-opt label=level:s0`.
This patch directly initializes selinux labels, correctly, and adds a
test to verify it.

Signed-off-by: Antonio Murdaca <runcom@redhat.com>

test: testdata: use container_runtime_t selinux type

RHEL SELinux policy doesn't have `container_t` type but we're using it
in our fixtures. That means Fedora integration tests pass because
`container_t` is in Fedora's container policy but RHEL is broken.
Fix it by using `container_runtime_t` which is aliased in Fedora policy
to `container_t`.

Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2017-09-17 22:40:17 +02:00
Antonio Murdaca
9ec518491f
server: correctly set hostname
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2017-09-17 10:19:31 +02:00
Antonio Murdaca
0c1383fd30
test: add inspect integration tests
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2017-09-17 10:19:31 +02:00
Daniel J Walsh
dbc2b404a3 Merge pull request from baude/kpod_pull_name
libkpod/image/copy.go: Add pull by short-name
2017-09-16 05:12:47 -04:00
umohnani8
036658b844 Modified namespace field in json struct
The namespace field was not being omitted when empty

Signed-off-by: umohnani8 <umohnani@redhat.com>
2017-09-15 17:30:25 -04:00
baude
951a943d16 libkpod/image/copy.go: Add pull by short-name
If the user provides kpod pull a short name like 'debian', we
still want the pull to be sucessful.  As such, when a short
name is provided, we get the list of searchable registries via
the systemregistries code in containers-storage.  We then
append a tag of 'latest' (if not provided) and we formulate
a list of possible fully-qualified image names to try.

Vendor update for containers-storage to bring in the system_registries
code.

Also includes a patch from Nalin to fix compilation errors.

Signed-off-by: baude <bbaude@redhat.com>
2017-09-14 08:33:10 -05:00