23440 Commits

Author SHA1 Message Date
195d48d86d Copy some verification code out of Docker to verify user input
Added lots of verification code to make sure resourses asociated with
containers is correct.

Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>

Closes: #60
Approved by: umohnani8
2017-11-22 20:53:15 +00:00
c344fe61c1 Update vendoring
Update version of docker to pull in lates code
Remove kubernetes since libpod is not tied to it.
Remove a few other packages that we don't seem to use.
Left in the networking stuff, since we will hopefully be wiring that together.

Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>

Closes: #60
Approved by: umohnani8
2017-11-22 20:53:15 +00:00
ee4051db61 Update kpod logs to use the new container state and runtime
Signed-off-by: Urvashi Mohnani <umohnani@redhat.com>

Closes: #62
Approved by: rhatdan
2017-11-22 19:33:13 +00:00
40dce698d3 Update kpod mount and umount to use the new state
The new state for containers has been added
moved kpod mount and umount over to use it

Signed-off-by: Urvashi Mohnani <umohnani@redhat.com>

Closes: #57
Approved by: rhatdan
2017-11-22 18:23:19 +00:00
34ba0cb8a9 Order containers returned from state and make container config public
Signed-off-by: Matthew Heon <matthew.heon@gmail.com>

Closes: #63
Approved by: baude
2017-11-22 18:12:57 +00:00
bd4e106de3 Add support for pid ns
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>

Closes: #54
Approved by: umohnani8
2017-11-22 16:46:53 +00:00
2a3934f1da Update kpod export to use the new container state and runtime
Signed-off-by: Urvashi Mohnani <umohnani@redhat.com>

Closes: #59
Approved by: rhatdan
2017-11-22 16:17:06 +00:00
91b406ea4a Need to block access to kernel file systems in /proc and /sys
Users of kpod run could use these file systems to perform a breakout
or to learn valuable system information.

Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>

Closes: #61
Approved by: mheon
2017-11-22 15:49:56 +00:00
768fb6fe0f Update kpod rm to use new container state
kpod rm now uses the new container state and runtime

Signed-off-by: Urvashi Mohnani <umohnani@redhat.com>

Closes: #58
Approved by: mheon
2017-11-21 22:03:13 +00:00
4ff251d911 Add PID to the containers used to test SQLite state
Signed-off-by: Matthew Heon <matthew.heon@gmail.com>

Closes: #56
Approved by: rhatdan
2017-11-21 20:09:09 +00:00
152882bf19 Add ability to retrieve container's log path to API
Signed-off-by: Matthew Heon <matthew.heon@gmail.com>

Closes: #56
Approved by: rhatdan
2017-11-21 20:09:09 +00:00
8e76ebcf6e Add ability to update container status from runc
Wire this in to all state-bound container operations to ensure
syncronization of container state.

Also exposes PID of running containers via API.

Signed-off-by: Matthew Heon <matthew.heon@gmail.com>

Closes: #56
Approved by: rhatdan
2017-11-21 20:09:09 +00:00
7b736e3333 Mention docker login for creds authentication in documentation
Since we fall back to checking $HOME/.docker/config.json, which is set by docker login,
if the creds are not found in $XDG_RUNTIME_DIR/containers/auth.json, which is set by kpod login

Signed-off-by: Urvashi Mohnani <umohnani@redhat.com>

Closes: #55
Approved by: rhatdan
2017-11-21 18:08:59 +00:00
c75c319ea2 Add support for oom functions
Add tests for oom-kill-disable and oom-kill-adj

Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>

Closes: #52
Approved by: TomSweeneyRedHat
2017-11-21 15:33:16 +00:00
b4bc7b8828 Add cgroup fs by default
Docker defaults to mounting the cgroup file system.

Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>

Closes: #53
Approved by: mheon
2017-11-20 22:47:58 +00:00
e1311ea722 Merge pull request #51 from mheon/sql_state_tests
Add tests for SQL-backed state impl
2017-11-20 17:21:05 -05:00
51fc8827f5 Add tests for SQL-backed state impl
Minor changes to container.go and sql_state.go to fix issues
identified by the tests

Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
2017-11-20 16:24:28 -05:00
5d52f74d21 Add support for Ulimits/Rlimits to kpod create/run
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>

Closes: #24
Approved by: mheon
2017-11-20 20:12:43 +00:00
6e0944f2f1 Merge pull request #26 from mheon/sql_state
Implementation of SQL-backed state
2017-11-20 14:45:01 -05:00
3e04604dc2 Use cached images for integration tests
Add alpine and busybox as the two seeded images that can
be put into the tests' storage without the need to pull
it over the network.  Add the following to the kpod_TEST.bats
file:

function setup() {
    copy_images
}

Also, export several image names for shorter reference:

* BB -> docker.io/library/busybox:latest
* BB_GLIBC -> docker.io/library/busybox:glibc
* ALPINE -> docker.io/library/alpine:latest
* FEDORA_MINIMAL -> registry.fedoraproject.org/fedora-minimal:latest

And finally, there were two pervasive changes I made in
tests:

* Because we use temporary storage, we do not need to rmi at the end of each test
* We no longer need to pull most images because they are added via copy_images

Signed-off-by: baude <bbaude@redhat.com>

Closes: #43
Approved by: mheon
2017-11-20 18:11:08 +00:00
57599f0075 Fix up handling of environment variables
The way docker works is if a user specifies a non `-e Name=Value`, IE
just a `-e Name`, then the environment variable Name from the clients
OS.ENV is used.

Also by default Docker containers run with the HOSTNAME environment set
to the HOSTNAME specified for the container.

Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>

Closes: #21
Approved by: baude
2017-11-20 16:25:31 +00:00
f2894eda68 Fix lint errors
Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
2017-11-18 13:17:03 -05:00
898138441d Need to provide ID of container being updated
Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
2017-11-18 12:58:48 -05:00
b10fb66c28 StopSignal is allowed to be 0
If StopSignal is 0, it is assumed that the default signal will be used.

Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
2017-11-18 12:58:48 -05:00
12f19ca013 Resolve another segfault
This one cleans up after container creation fails

Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
2017-11-18 12:58:48 -05:00
657cb1b7f6 Fix lingering SQL error
Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
2017-11-18 12:58:48 -05:00
57300be94d Fix segfault cleaning up in after failing to create a Runtime
Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
2017-11-18 12:58:48 -05:00
4bc3acc7aa Rename Create to Init for containers to be less confusing
Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
2017-11-18 12:58:48 -05:00
763e372649 Wire SQL backed state into rest of libpod
Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
2017-11-18 12:58:48 -05:00
cb56716fc4 Address review comments, fix gofmt and lint
Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
2017-11-18 12:54:05 -05:00
c6fe4430b7 Compile-tested implementation of SQL-backed state
Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
2017-11-18 12:54:05 -05:00
3b72af6147 Turn off IRC reporting until we have our own channel
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>

Closes: #49
Approved by: rhatdan
2017-11-17 21:53:54 +00:00
d2eda1a864 Enhancements to papr tests
The PR contains several enhancements to our CI testing.

- enable lint testing on Fedora
- add Centos Atomic as test platform
- integration tests on run on the OS natively (uncontainerized)
- builds are done in containers
- inclusion of Vagrant file for local testing

Signed-off-by: baude <bbaude@redhat.com>

Closes: #18
Approved by: mheon
2017-11-17 02:07:18 +00:00
bf8b9a37df Merge pull request #47 from baude/terminal_attach
Fix terminal attach
2017-11-15 17:58:26 -05:00
acd9c66864 Fix terminal attach
Re-order the startup of a new container via run from
initialize > start > attach to initialize > attach > start.

This fixes output when running:

kpod run -i -t IMAGE command

and

kpod run IMAGE command

Signed-off-by: baude <bbaude@redhat.com>
2017-11-15 16:27:57 -06:00
afe1a2e7f1 Fix bash command
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>

Closes: #45
Approved by: umohnani8
2017-11-15 18:00:19 +00:00
5cfd7a313f Address run/create performance issues
Fixed the logic where we observed different performance
results when running an image by its fqname vs a shortname. In
the case of the latter, we resolve the name without using the
network.

Signed-off-by: baude <bbaude@redhat.com>

Closes: #37
Approved by: rhatdan
2017-11-14 21:14:13 +00:00
7df3221232 Remove all images
Add -a/--all to rmi so a user can remove
all images quickly.

Signed-off-by: baude <bbaude@redhat.com>

Closes: #41
Approved by: mheon
2017-11-14 16:46:26 +00:00
55c9cfb80e Add cpu-profiling to kpod
Add a global flag for cpu-profiling to allow us to
profile kpod for performance issues.

To parse its results, use:

go tool pprof --text <profile_path>

Signed-off-by: baude <bbaude@redhat.com>

Closes: #36
Approved by: mheon
2017-11-09 17:36:11 +00:00
a0476f6529 README.md: Typo fixes and small tweaks
Should be mostly self-evident. I dropped the `is meant to` as it feels too
passive.

Signed-off-by: Colin Walters <walters@verbum.org>

Closes: #35
Approved by: mheon
2017-11-09 16:48:07 +00:00
0a2cb93fc2 Update tarsplit vendor to address CVE-2017-14992
Signed-off-by: Matthew Heon <matthew.heon@gmail.com>

Closes: #34
Approved by: rhatdan
2017-11-08 21:58:26 +00:00
b8dca1874d Do not attempt to use command --args as cli flags
i.e. kpod run fedora python --version

Signed-off-by: baude <bbaude@redhat.com>

Closes: #33
Approved by: rhatdan
2017-11-08 21:49:15 +00:00
84e3bdceda Fix panic when no image is given
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>

Closes: #31
Approved by: mheon
2017-11-08 21:18:08 +00:00
0e2fc603d9 Cleanup missing whitespace
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>

Closes: #20
Approved by: rhatdan
2017-11-07 21:44:06 +00:00
23979f8e06 Add 'kpod import' command
Imports a tarball and saves it as a filesystem image

Signed-off-by: Urvashi Mohnani <umohnani@redhat.com>

Closes: #12
Approved by: rhatdan
2017-11-07 19:16:31 +00:00
d086beb7ab Vendor in latest containers/image
Adds the tarball transport, which is used by the kpod import command

Signed-off-by: Urvashi Mohnani <umohnani@redhat.com>

Closes: #12
Approved by: rhatdan
2017-11-07 19:16:31 +00:00
df54adeaae Respect the quiet flag.
When setting the `kpod load -q` flag, output was still going to the
screen.  This patch adds a check to not output to the terminal unless
there is an io.Writer specified, and then to write to the io.Writer.

Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>

Closes: #23
Approved by: rhatdan
2017-11-07 15:37:50 +00:00
a39ec628e7 SELinux tests are mistakenly not running.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>

Closes: #22
Approved by: rhatdan
2017-11-07 13:33:07 +00:00
006a8bd6f3 Convert tmpfs mounts to use generate
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>

Closes: #19
Approved by: baude
2017-11-06 14:43:06 +00:00
402c30333f Remove defaults and use runtime-tools/generate for spec
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>

Closes: #19
Approved by: baude
2017-11-06 14:43:06 +00:00