profile
viewpoint
Kir Kolyshkin kolyshkin Red Hat East Renton Highlands, WA, USA

kolyshkin/Amass 0

In-depth Attack Surface Mapping and Asset Discovery

kolyshkin/arduino-builder 0

A command line tool for compiling Arduino sketches

kolyshkin/Arduino_STM32 0

Arduino STM32. Hardware files to support STM32 boards, on Arduino IDE 1.8.x including LeafLabs Maple and other generic STM32F103 boards

kolyshkin/asciidoctor 0

:gem: A fast, open source text processor and publishing toolchain, written in Ruby, for converting AsciiDoc content to HTML 5, DocBook 5, and other formats.

kolyshkin/binc 0

Binc data interchange format

kolyshkin/blackfriday 0

Blackfriday: a markdown processor for Go

kolyshkin/buildah 0

A tool that facilitates building OCI images

kolyshkin/cadvisor 0

Analyzes resource usage and performance characteristics of running containers.

kolyshkin/certificate-transparency-go 0

Auditing for TLS certificates, Go code.

issue commentcri-o/cri-o

cgroupfs: container created with bad cgroup path

@haircommander PTAL

kolyshkin

comment created time in 7 hours

pull request commentcri-o/cri-o

oci_linux: fix working set calculation

/retest

kolyshkin

comment created time in 11 hours

issue commentopencontainers/runc

[Debian] could not ensure we are a cloned binary: No such file or directory

Gladly: strace --> https://gist.github.com/zonk1/a187e2668df74d5a904f82df6ef9d763

Alas, the error is different under strace, it is now

[pid 2503] write(2, "container_linux.go:349: starting container process caused "process_linux.go:315: copying bootstrap data to pipe caused \"write init-p: broken pipe\""\n", 150container_linux.go:349: starting container process caused "process_linux.go:315: copying bootstrap data to pipe caused "write init-p: broken pipe""

Will try to repro locally once I have time.

zonk1

comment created time in 11 hours

issue openedcri-o/cri-o

Container created with bad cgroup path for

Description

cri-o messes up cgroup paths for cgroupv2 + cgroupfs setup.

Steps to reproduce the issue:

On a cgroupv2 host (e.g. Fedora 32), in cri-o top source directory, run the following:

export CONTAINER_CGROUP_MANAGER=cgroupfs
export CONTAINER_CONMON_CGROUP=pod

# fix json files so they don't contain `.slice`
./scripts/circle-setup-cgroup_manager 

# create a simple test
cd test
cat << EOF > 1.bats
load helpers

function setup() {
    setup_test
}

function teardown() {
    cleanup_test
}

@test "eh" {
    start_crio
    id=$(crictl run "$TESTDATA"/container_redis.json "$TESTDATA"/sandbox_config.json)

    crictl inspect "$id" | grep cgroupsPath 1>&2
    find /sys/fs/cgroup -name \*$id\* -type d 1>&2
    stats=$(crictl stats -o json $id)
}
EOF

# run it (as root)
JOBS=1 ./test_runner.sh 1.bats

Describe the results you received:

Excerpts from the output of the above test case.

  1. Result of crictl inspect "$id" | grep cgroupsPath:
     "cgroupsPath": "pod_123-456/crio-b9e3a62d9ae9edc3f97e9167bdfdb6dd73960422cf343cc6188501b05d3f88c5",
  1. Result of find /sys/fs/cgroup -name \*$id\* -type d:

/sys/fs/cgroup/pids/pod_123-456/crio-conmon-b9e3a62d9ae9edc3f97e9167bdfdb6dd73960422cf343cc6188501b05d3f88c5 /sys/fs/cgroup/pod_123-456/crio-conmon-b9e3a62d9ae9edc3f97e9167bdfdb6dd73960422cf343cc6188501b05d3f88c5 /sys/fs/cgroup/pod_123-456/crio-conmon-b9e3a62d9ae9edc3f97e9167bdfdb6dd73960422cf343cc6188501b05d3f88c5/pod_123-456/crio-b9e3a62d9ae9edc3f97e9167bdfdb6dd73960422cf343cc6188501b05d3f88c5

  1. A warning from cricrl stats:

time="2020-08-12 12:39:02.476864773-07:00" level=warning msg="Unable to get stats for container bfd5732672995e847102e4970f6ceddb23d9d48e1d81ee50a785f92cbe900d70: unable to obtain cgroup stats: open /sys/fs/cgroup/pod_123-456/crio-bfd5732672995e847102e4970f6ceddb23d9d48e1d81ee50a785f92cbe900d70/memory.current: open /sys/fs/cgroup/pod_123-456/crio-bfd5732672995e847102e4970f6ceddb23d9d48e1d81ee50a785f92cbe900d70/memory.current: no such file or directory" file="server/container_stats_list.go:40" id=d469ad95-1243-4b7c-b506-6d423e898573 name=/runtime.v1alpha2.RuntimeService/ListContainerStats

Describe the results you expected:

Output from find (item 2 above) should show the same path as inspect's cgroupPath (item 1 above).

Additional information you deem important (e.g. issue happens only occasionally):

Output of crio --version:

[root@kir-rhat test]# ../bin/crio --version
crio version 1.19.0-dev
Version:       1.19.0-dev
GitCommit:     e2151c78e148001f7e1a8558b11d17c276c2032d
GitTreeState:  dirty
BuildDate:     2020-08-12T18:16:55Z
GoVersion:     go1.14.6
Compiler:      gc
Platform:      linux/amd64
Linkmode:      dynamic

Additional environment details (AWS, VirtualBox, physical, etc.):

Fedora 32

created time in 15 hours

push eventkolyshkin/cri-o

Kir Kolyshkin

commit sha dca82859716a8a1156d11503f1508abba994b3b0

oci_linux: fix working set calculation for cgroupv2 It's done in a same manner as for v1, except for cgroupv2 there's no total_* counters in memory.stat. My assumption is the counters now include subcgroup counters, although I am only 95% sure about that even after digging into the cgroupv2 docs. Here's an emprirical way I used to check the above assumption: find /sys/fs/cgroup/system.slice/ -name memory.stat -type f \ | xargs grep ^inactive_file 2>/dev/null \ | awk '$2 > 0 {printf "%20d %s\n",$2,$1}' \ | sort -nr It shows that the top-level's cgroup value is higher than that of sub-cgroups for both system.slice and user.slice. PS I have also checked it is done the same way in containerd/cri. Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>

view details

push time in 18 hours

push eventkolyshkin/cri-o

Kir Kolyshkin

commit sha 1ece9115b32e5ee8456d25f328663647185faaec

oci_linux: fix working set calculation for cgroupv2 It's done in a same manner as for v1, except for cgroupv2 there's no total_* counters in memory.stat. My assumption is the counters now include subcgroup counters, although I am only 95% sure about that even after digging into the cgroupv2 docs. Here's an emprirical way I used to check the above assumption: find /sys/fs/cgroup/system.slice/ -name memory.stat -type f \ | xargs grep ^inactive_file 2>/dev/null \ | awk '$2 > 0 {printf "%20d %s\n",$2,$1}' \ | sort -nr It shows that the top-level's cgroup value is higher than that of sub-cgroups for both system.slice and user.slice. Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>

view details

push time in 18 hours

PR opened opencontainers/selinux

travis: add go 1.15, rm unsupported versions

Since go 1.15 is out, go 1.13 is no longer supported.

+2 -2

0 comment

1 changed file

pr created time in 19 hours

create barnchkolyshkin/selinux

branch : ci-go115

created branch time in 19 hours

pull request commentopencontainers/runc

upgrade Go to 1.15

@AkihiroSuda we can also remove the whole -mod=vendor / $(MOD_VENDOR) from the Makefile. Fine to do it later though.

AkihiroSuda

comment created time in 19 hours

pull request commentcri-o/cri-o

test/stats.bats: fixes

The test is passing now, but failing with CONTAINER_CGROUP_MANAGER=cgroupfs. Looking...

kolyshkin

comment created time in 19 hours

push eventkolyshkin/cri-o

Kir Kolyshkin

commit sha 3fa25c8e5bacb412eeb06c76f8e4e2806fdff0d8

test/stats.bats: fix/improve container stats test 1. Make sure we actually compare the memory usage, rather than merely printing it. Add a comment describing what we're doing here. 2. Use "here file" instead of echo. 3. Make sure stats are provided for the given id. 4. Consolidate getting memory usage so there are less temp variables. 5. When possible, use var=$(cmd ... 2>&1) echo "$var" instead of run cmd ... [ "$status" -eq 0 ] echo "$output" var="$output" They are roughly the same, and `set -e` (set by bats) implicitly checks the exit code. The `2>&1` stance is needed to see the error Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>

view details

Peter Hunt

commit sha cb87455daf9a6e71f923160c7f8fd05719ad7270

test: fix container stats test container_redis.json seems to intermittantly exit, which makes using it as the basis for comparison for stats tretcherous. Signed-off-by: Peter Hunt <pehunt@redhat.com>

view details

Kir Kolyshkin

commit sha c89b9e1384c829d147b3e6ce706435364f845b40

oci_linux: fix working set calculation Commit 512fdb2f9f49 mistakenly used the value of total_inactive_file from the top-level cgroup, thus the working set value was either wrong (too low) or invalid (negative), for example: > Unable to account working set stats: total_inactive_file (1572753409) > memory usage (585728)" file="oci/oci_linux.go:93" We need to use total_inactive_file and memory.usage_in_bytes from the same cgroup, otherwise it does not make any sense. While at it - promote the above message from debug to warning; - optimize getTotalInactiveFile() by using HasPrefix() rather than Contains(). Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com> (cherry picked from commit eddf148a16915e45be34c15f03c6438aeb741bab) Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>

view details

push time in a day

pull request commentcri-o/cri-o

test/stats.bats: fixes

With the fix from #4068 the stats are returned now, but not picked up by the test. Looking...

# time="2020-08-12 00:57:03.836301478Z" level=debug msg="Response: &ListContainerStatsResponse{Stats:[]*ContainerStats{&ContainerStats{Attributes:&ContainerAttributes{Id:8c76cf6cc3b5378f03a4cd07a7ca1d187b49af2b42682ebabe5112c3049535fd,Metadata:&ContainerMetadata{Name:podsandbox1-sleep2,Attempt:0,},Labels:map[string]string{},Annotations:map[string]string{pod: podsandbox,},},Cpu:&CpuUsage{Timestamp:1597193823835530399,UsageCoreNanoSeconds:&UInt64Value{Value:16799547,},},Memory:&MemoryUsage{Timestamp:1597193823835530399,WorkingSetBytes:&UInt64Value{Value:442368,},},WritableLayer:nil,},},}" file="go-grpc-middleware/chain.go:25" id=2c85e237-7ddc-4124-a5fc-2e815c496fd1 name=/runtime.v1alpha2.RuntimeService/ListContainerStats
kolyshkin

comment created time in a day

issue commentopencontainers/runc

could not ensure we are a cloned binary: No such file or directory

Looks like runc is not able to open "/proc/self/exe" which is weird (and the error is not reported since it's written to stderr rather than via write_log()).

Can you try stracing it to see what is going on?

zonk1

comment created time in a day

push eventkolyshkin/cri-o

Kir Kolyshkin

commit sha fd29001ae60295d7ae32f449506b810f5f4bb693

oci_linux: fix working set calculation Commit 512fdb2f9f49 mistakenly used the value of total_inactive_file from the top-level cgroup, thus the working set value was either wrong (too low) or invalid (negative), for example: > Unable to account working set stats: total_inactive_file (1572753409) > memory usage (585728)" file="oci/oci_linux.go:93" We need to use total_inactive_file and memory.usage_in_bytes from the same cgroup, otherwise it does not make any sense. While at it - promote the above message from debug to warning; - optimize getTotalInactiveFile() by using HasPrefix() rather than Contains(). Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com> (cherry picked from commit eddf148a16915e45be34c15f03c6438aeb741bab) Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>

view details

push time in a day

pull request commentcri-o/cri-o

oci_linux: fix working set calculation

Found while fixing test/stats.bats in PR #4064 (see https://github.com/cri-o/cri-o/pull/4064#issuecomment-672330148), going to test it there.

kolyshkin

comment created time in a day

Pull request review commentcri-o/cri-o

crio: perform pulls in a new cgroup

 type copyImageArgs struct { 	StoreOptions storage.StoreOptions } +// maybeMoveSelfToCgroup moves the current process to transient cgroup when running under systemd.+func maybeMoveSelfToCgroup() error {+	// If CRI-O is not already running under systemd, do not attempt+	// to setup a cgroup.+	if os.Getenv("INVOCATION_ID") == "" {+		return nil+	}++	slice := "system.slice"+	if rootless.IsRootless() {+		slice = "user.slice"+	}++	unitName := fmt.Sprintf("crio-pull-image-%d.scope", os.Getpid())

I've not looked if it is possible, but can we join an existing systemd scope?

Not sure about systemd, but we can join the cgroup. That will be a kludge though :(

In general I think it make more sense for all pulls to be run within one single scope. That might require a different architecture though :-\

giuseppe

comment created time in a day

pull request commentcri-o/cri-o

oci_linux: fix working set calculation

@saschagrunert @TomSweeneyRedHat @giuseppe @haircommander @mrunalp PTAL

kolyshkin

comment created time in a day

PR opened cri-o/cri-o

Reviewers
oci_linux: fix working set calculation

/kind bug

What this PR does / why we need it:

Commit 512fdb2f9f49 mistakenly used the value of total_inactive_file from the top-level cgroup, thus the working set value was either wrong (too low) or invalid (negative), for example:

Unable to account working set stats: total_inactive_file (1572753409) memory usage (585728)" file="oci/oci_linux.go:93"

We need to use total_inactive_file and memory.usage_in_bytes from the same cgroup, otherwise it does not make any sense.

While at it

  • promote the above message from debug to warning;
  • optimize getTotalInactiveFile() by using HasPrefix() rather than Contains().

Which issue(s) this PR fixes:

None

Special notes for your reviewer:

Does this PR introduce a user-facing change?

Fix working set calculation
+8 -8

0 comment

1 changed file

pr created time in a day

create barnchkolyshkin/cri-o

branch : fix-working-set

created branch time in a day

pull request commentcri-o/cri-o

test/stats.bats: fixes

Nope, it's actually worse:

# time="2020-08-11 19:45:37.742730039Z" level=debug msg="Unable to account working set stats: total_inactive_file (1572753408) > memory usage (585728)" file="oci/oci_linux.go:93"
# time="2020-08-11 19:45:37.742849336Z" level=debug msg="Response: &ListContainerStatsResponse{Stats:[]*ContainerStats{&ContainerStats{Attributes:&ContainerAttributes{Id:40b7b98e5cec3e9a707e08bea4148321651e449e292e0798a293d1ced034dc42,Metadata:&ContainerMetadata{Name:podsandbox1-sleep2,Attempt:0,},Labels:map[string]string{},Annotations:map[string]string{pod: podsandbox,},},Cpu:&CpuUsage{Timestamp:1597175137741166571,UsageCoreNanoSeconds:&UInt64Value{Value:14685727,},},Memory:&MemoryUsage{Timestamp:1597175137741166571,WorkingSetBytes:&UInt64Value{Value:0,},},WritableLayer:nil,},},}" file="go-grpc-middleware/chain.go:25" id=262d79c6-f8a0-4482-9361-28c17833a167 name=/runtime.v1alpha2.RuntimeService/ListContainerStats
# 
# checking  != 
kolyshkin

comment created time in a day

pull request commentcri-o/cri-o

test/stats.bats: fixes

One issue though is I'm not sure if memory usage will be different in this case :-\

As I suspected :(

not ok 162 container stats

(in test file ./stats.bats, line 60)

`[ "$ctr1_mem" != "$ctr2_mem" ]' failed

I think we need to run one redis and one sleep container. @wgahnagl @haircommander WDYT?

kolyshkin

comment created time in a day

pull request commentcri-o/cri-o

test/stats.bats: fixes

/retest

kolyshkin

comment created time in a day

PR opened cri-o/cri-o

Reviewers
Shellcheck misc

What type of PR is this?

/kind cleanup

What this PR does / why we need it:

Misc shellcheck fixes and related improvements.

Which issue(s) this PR fixes:

None

Special notes for your reviewer:

Please see individual commits for details.

Does this PR introduce a user-facing change?

NONE
+28 -108

0 comment

7 changed files

pr created time in 2 days

create barnchkolyshkin/cri-o

branch : shellcheck-misc

created branch time in 2 days

push eventkolyshkin/cri-o

Kir Kolyshkin

commit sha fc3a1dacb9d655787f22af44e2247f2d15e226ce

test/stats.bats: improve test case 1. Ensure that stats are shown for the particular ID. 2. Simplify json checks: - use "here file" instead of echo and pipe - remove intermediate variable - remove useless run and status checks (set -e is sufficient Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>

view details

Kir Kolyshkin

commit sha 4cbc085070e863ab9b38d7b9ccb5202995a7db6e

test/stats.bats: fix/improve container stats test 1. Make sure we actually compare the memory usage, rather than merely printing it. Add a comment describing what we're doing here. 2. Use "here file" instead of echo. 3. Make sure stats are provided for the given id. 4. Consolidate getting memory usage so there are less temp variables. 5. When possible, use var=$(cmd ... 2>&1) echo "$var" instead of run cmd ... [ "$status" -eq 0 ] echo "$output" var="$output" They are roughly the same, and `set -e` (set by bats) implicitly checks the exit code. The `2>&1` stance is needed to see the error Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>

view details

Peter Hunt

commit sha fac5e929e4dafa5b4cc85d77c49560985ccb952b

test: fix container stats test container_redis.json seems to intermittantly exit, which makes using it as the basis for comparison for stats tretcherous. Signed-off-by: Peter Hunt <pehunt@redhat.com>

view details

push time in 2 days

pull request commentcri-o/cri-o

test/stats.bats: fixes

wdyt about 71d459d

Makes sense. Added on top of my changes under your authorship, PTAL @haircommander

One issue though is I'm not sure if memory usage will be different in this case :-\

kolyshkin

comment created time in 2 days

push eventkolyshkin/cri-o

Peter Hunt

commit sha 0c8d166fb27beb26005ffe54a05805a798e23c76

test: fix container stats test container_redis.json seems to intermittantly exit, which makes using it as the basis for comparison for stats tretcherous. Signed-off-by: Peter Hunt <pehunt@redhat.com>

view details

push time in 2 days

Pull request review commentcri-o/cri-o

crio: perform pulls in a new cgroup

 type copyImageArgs struct { 	StoreOptions storage.StoreOptions } +// maybeMoveSelfToCgroup moves the current process to transient cgroup when running under systemd.+func maybeMoveSelfToCgroup() error {+	// If CRI-O is not already running under systemd, do not attempt+	// to setup a cgroup.+	if os.Getenv("INVOCATION_ID") == "" {+		return nil+	}++	slice := "system.slice"+	if rootless.IsRootless() {+		slice = "user.slice"+	}++	unitName := fmt.Sprintf("crio-pull-image-%d.scope", os.Getpid())

Why the new unique unit name for every copyImage? I mean, can we just use crio-pull-image.scope for all of them?

giuseppe

comment created time in 2 days

Pull request review commentcri-o/cri-o

test/stats.bats: fixes

 function teardown() {     run crictl stats -o json "$ctr1_id"     echo "$output"     [ "$status" -eq 0 ]-    ctr1_stats_JSON="$output"+    jq -e '.stats[0].attributes.id == "'$ctr1_id'"' <<< "$output"+    run jq -e '.stats[0].memory.workingSetBytes.value' <<< "$output"+    [ "$status" -eq 0 ]+    ctr1_memory_bytes="$output" -    run crictl stats -o json "$crt2_id"+    run crictl stats -o json "$ctr2_id"     echo "$output"     [ "$status" -eq 0 ]     ctr2_stats_JSON="$output"--    run echo $ctr1_stats_JSON | jq -e '.stats[0].memory.workingSetBytes.value'-    [ "$status" -eq 0 ]-    ctr1_memory_bytes="$output"-    run echo $ctr2_stats_JSON | jq -e '.stats[0].memory.workingSetBytes.value'+    jq -e '.stats[0].attributes.id == "'$ctr2_id'"' <<< "$output"

we lost ctr1_memory_bytes here

Sorry, I don't understand what you mean here. ctr1_memory_bytes is assigned here: https://github.com/cri-o/cri-o/pull/4064/commits/01813a89d989255209d28005c5e91cd8c3d72ccb#diff-103e5e134054b75239970c4fbec2f5e0R68

I think these would be better if we just did

you're right, and it's better to take it one step further:

set -o pipefail
ctr1_mem=$(crictl stats -o json --id "$ctr1_id" | jq -e '.stats[0].memory.workingSetBytes.value')
ctr2_mem=$(crictl stats -o json --id "$ctr2_id" | jq -e '.stats[0].memory.workingSetBytes.value')

maybe echoing them between

please see the updated commit.

Initially I wanted to change as little as possible. Ended up with more radical approach. Let me know what you think.

kolyshkin

comment created time in 2 days

push eventkolyshkin/cri-o

Kir Kolyshkin

commit sha d4ccc2902c4751245bd238dd906a2e3c05f312e0

test/stats.bats: fix/improve container stats test 1. Make sure we actually compare the memory usage, rather than merely printing it. Add a comment describing what we're doing here. 2. Use "here file" instead of echo. 3. Make sure stats are provided for the given id. 4. Consolidate getting memory usage so there are less temp variables. 5. When possible, use var=$(cmd ... 2>&1) echo "$var" instead of run cmd ... [ "$status" -eq 0 ] echo "$output" var="$output" They are roughly the same, and `set -e` (set by bats) implicitly checks the exit code. The `2>&1` stance is needed to see the error Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>

view details

push time in 2 days

pull request commentcri-o/cri-o

[1.18] stats: return information on container level, not pod

All the issues above are (hopefully) fixed by https://github.com/cri-o/cri-o/pull/4064 which you might want to include in this backport

haircommander

comment created time in 3 days

PR opened cri-o/cri-o

Reviewers
test/stats.bats: fixes

/kind bug

  • test/stats.bats: fix typo in a variable name
  • test/stats.bats: improve test case
  • test/stats.bats: fix/improve container stats test case

See individual commits for more details.

@wgahnagl @haircommander PTAL

+19 -24

0 comment

1 changed file

pr created time in 3 days

push eventkolyshkin/cri-o

Kir Kolyshkin

commit sha f70f024da3d774bd1b66a1d8d4e62e8f51ed07d7

test/stats.bats: fix typo in a variable name As pointed out by shellcheck: > In test/stats.bats line 72: > run crictl stats -o json "$crt2_id" > ^------^ SC2154: crt2_id is referenced but not assigned. The test works just fine though, because 1. it is the same as running crictl stats without ID, in which case it shows stats for all IDs. 2. the values obtained are not compared in any way, just printed. Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>

view details

Kir Kolyshkin

commit sha b076b72cc992014cbfb84bd62c34ce95eed44088

test/stats.bats: improve test case 1. Ensure that stats are shown for the particular ID. 2. Simplify json checks: - use "here file" instead of echo and pipe - remove intermediate variable - remove useless run and status checks (set -e is sufficient Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>

view details

Kir Kolyshkin

commit sha 01813a89d989255209d28005c5e91cd8c3d72ccb

test/stats.bats: fix/improve container stats test 1. Make sure we actually compare the memory usage, rather than merely printing it. Add a comment describing what we're doing here. 2. Use "here file" instead of echo. 3. Make sure stats are provided for the given id. 4. Consolidate getting memory usage so there are less temp variables. Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>

view details

push time in 3 days

create barnchkolyshkin/cri-o

branch : test-stats

created branch time in 3 days

Pull request review commentcri-o/cri-o

[1.18] stats: return information on container level, not pod

 function teardown() {      # then     JSON="$output"-    echo $JSON | jq -e '.stats[0].attributes.id != ""'+    run echo $JSON | jq -e '.stats[0].attributes.id != ""'

As I pointed out in https://github.com/cri-o/cri-o/pull/3933/commits/6886573e612078d3684741d9508778df5b8370de#r463800061, this change is useless.

The more correct change would be to remove [ "$status" -eq 0 ] line.

haircommander

comment created time in 3 days

Pull request review commentcri-o/cri-o

[1.18] stats: return information on container level, not pod

 function teardown() {      # then     JSON="$output"-    echo $JSON | jq -e '.stats[0].attributes.id != ""'+    run echo $JSON | jq -e '.stats[0].attributes.id != ""'     [ "$status" -eq 0 ] -    echo $JSON | jq -e '.stats[0].cpu.timestamp > 0'+    run echo $JSON | jq -e '.stats[0].cpu.timestamp > 0'     [ "$status" -eq 0 ] -    echo $JSON | jq -e '.stats[0].cpu.usageCoreNanoSeconds.value > 0'+    run echo $JSON | jq -e '.stats[0].cpu.usageCoreNanoSeconds.value > 0'     [ "$status" -eq 0 ] -    echo $JSON | jq -e '.stats[0].memory.timestamp > 0'+    run echo $JSON | jq -e '.stats[0].memory.timestamp > 0'     [ "$status" -eq 0 ] -    echo $JSON | jq -e '.stats[0].memory.workingSetBytes.value > 0'+    run echo $JSON | jq -e '.stats[0].memory.workingSetBytes.value > 0'+    [ "$status" -eq 0 ]+}++@test "container stats" {+    # given+    container2config=$(cat "$TESTDATA"/container_redis.json | python -c 'import json,sys;obj=json.load(sys.stdin);obj["name"] = ["podsandbox1-redis2"];obj["metadata"]["name"] = "podsandbox1-redis2"; json.dump(obj, sys.stdout)')+    echo "$container2config" > "$TESTDIR"/container_redis2.json+    run crictl runp "$TESTDATA"/sandbox_config.json+    echo "$output"+    [ "$status" -eq 0 ]+    pod_id="$output"+    run crictl create "$pod_id" "$TESTDATA"/container_redis.json "$TESTDATA"/sandbox_config.json+    echo "$output"+    [ "$status" -eq 0 ]+    ctr1_id="$output"+    run crictl create "$pod_id" "$TESTDIR"/container_redis2.json "$TESTDATA"/sandbox_config.json+    echo "$output"+    [ "$status" -eq 0 ]+    ctr2_id="$output"+    run crictl start "$ctr1_id"+    echo "$output"+    [ "$status" -eq 0 ]+    run crictl start "$ctr2_id"+    echo "$output"+    [ "$status" -eq 0 ]++    # when+    run crictl stats -o json "$ctr1_id"+    echo "$output"+    [ "$status" -eq 0 ]+    ctr1_stats_JSON="$output"++    run crictl stats -o json "$crt2_id"+    echo "$output"+    [ "$status" -eq 0 ]+    ctr2_stats_JSON="$output"++    run echo $ctr1_stats_JSON | jq -e '.stats[0].memory.workingSetBytes.value'+    [ "$status" -eq 0 ]+    ctr1_memory_bytes="$output"+    run echo $ctr2_stats_JSON | jq -e '.stats[0].memory.workingSetBytes.value'+    [ "$status" -eq 0 ]+    ctr2_memory_bytes="$output"++    run echo $ctr1_memory_bytes != $ctr2_memory_bytes     [ "$status" -eq 0 ]

Is this the check that echo succeeded?

haircommander

comment created time in 3 days

Pull request review commentcri-o/cri-o

[1.18] stats: return information on container level, not pod

 function teardown() {      # then     JSON="$output"-    echo $JSON | jq -e '.stats[0].attributes.id != ""'+    run echo $JSON | jq -e '.stats[0].attributes.id != ""'     [ "$status" -eq 0 ] -    echo $JSON | jq -e '.stats[0].cpu.timestamp > 0'+    run echo $JSON | jq -e '.stats[0].cpu.timestamp > 0'     [ "$status" -eq 0 ] -    echo $JSON | jq -e '.stats[0].cpu.usageCoreNanoSeconds.value > 0'+    run echo $JSON | jq -e '.stats[0].cpu.usageCoreNanoSeconds.value > 0'     [ "$status" -eq 0 ] -    echo $JSON | jq -e '.stats[0].memory.timestamp > 0'+    run echo $JSON | jq -e '.stats[0].memory.timestamp > 0'     [ "$status" -eq 0 ] -    echo $JSON | jq -e '.stats[0].memory.workingSetBytes.value > 0'+    run echo $JSON | jq -e '.stats[0].memory.workingSetBytes.value > 0'+    [ "$status" -eq 0 ]+}++@test "container stats" {+    # given+    container2config=$(cat "$TESTDATA"/container_redis.json | python -c 'import json,sys;obj=json.load(sys.stdin);obj["name"] = ["podsandbox1-redis2"];obj["metadata"]["name"] = "podsandbox1-redis2"; json.dump(obj, sys.stdout)')+    echo "$container2config" > "$TESTDIR"/container_redis2.json+    run crictl runp "$TESTDATA"/sandbox_config.json+    echo "$output"+    [ "$status" -eq 0 ]+    pod_id="$output"+    run crictl create "$pod_id" "$TESTDATA"/container_redis.json "$TESTDATA"/sandbox_config.json+    echo "$output"+    [ "$status" -eq 0 ]+    ctr1_id="$output"+    run crictl create "$pod_id" "$TESTDIR"/container_redis2.json "$TESTDATA"/sandbox_config.json+    echo "$output"+    [ "$status" -eq 0 ]+    ctr2_id="$output"+    run crictl start "$ctr1_id"+    echo "$output"+    [ "$status" -eq 0 ]+    run crictl start "$ctr2_id"+    echo "$output"+    [ "$status" -eq 0 ]++    # when+    run crictl stats -o json "$ctr1_id"+    echo "$output"+    [ "$status" -eq 0 ]+    ctr1_stats_JSON="$output"++    run crictl stats -o json "$crt2_id"

bug: s/crt2_id/ctr2_id/ (same bug as in the original PR)

It works since

  1. it is the same as running crictl stats without ID, in which case it shows stats for all IDs.
  2. the values obtained are not compared in any way, just printed.
haircommander

comment created time in 3 days

push eventkolyshkin/cri-o

Kir Kolyshkin

commit sha 0599341384f5aaf8046df2a33d1e71e280c2810c

test/image_volume.bats: fixes 1. Use `CONTAINER_IMAGE_VOLUME` rather than `IMAGE_VOLUME`. The test case was working before because `mkdir` is the default. 2. Quote the value assigned to CONTAINER_IMAGE_VOLUME. This helps readability, and eliminates the following shellcheck warning: > In test/image_volume.bats line 74: > IMAGE_VOLUMES=mkdir start_crio > ^----------------------------^ SC2209: Use var=$(command) to assign output (or quote to assign string). 3. Remove the cleanup/stop from the last test case. This is performed in teardown() anyway. Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>

view details

push time in 3 days

PR opened cri-o/cri-o

Reviewers
test/image_volume.bats: fixes
  1. Use CONTAINER_IMAGE_VOLUME rather than IMAGE_VOLUME. The test case was working before because mkdir is the default.

  2. Quote the value assigned to CONTAINER_IMAGE_VOLUME. This helps readability, and eliminates the following shellcheck warning:

In test/image_volume.bats line 74: IMAGE_VOLUMES=mkdir start_crio ^----------------------------^ SC2209: Use var=$(command) to assign output (or quote to assign string).

  1. Remove the cleanup/stop from the last test case. This is performed in teardown() anyway.

/kind cleanup

NONE
+3 -6

0 comment

1 changed file

pr created time in 3 days

create barnchkolyshkin/cri-o

branch : image-volume

created branch time in 3 days

pull request commentcri-o/cri-o

test/ctr.bats: fix test check

Re-did the commit to just revert 2649ebb1.

kolyshkin

comment created time in 3 days

push eventkolyshkin/cri-o

Kir Kolyshkin

commit sha 79c52eb1efe2c9ccdfd3c7bebc6a12db11306d3a

Revert "tests: adjust test to not depend on runc behavior" First, the code [ "$status" -ne 0 ] || [ "$output" =~ "Exit code: 1" ] is not working since one can't use =~ operator inside [..] (it is only working inside [[..]]). Here's an example: $ [ "aaa bbb" =~ "aaa" ]; echo $? bash: [: =~: binary operator expected 2 Since the test never failed, I guess $status was always non-zero, so the second part was never evaluated, thus it is not needed. This was found by shellcheck: ``` In ctr.bats line 1008: [ "$status" -ne 0 ] || [ "$output" =~ "Exit code: 1" ] ^-- SC2074: Can't use =~ in [ ]. Use [[..]] instead. ``` Second, the cleanup/stop stuff added by the commit is not needed, since teardown() is executed after each test, and it contains a call to cleanup_test() which calls the same 3 functions that were added. This reverts commit 2649ebb1a5d39208f8d2d68303e42a81048f4bdf. Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>

view details

push time in 3 days

pull request commentcri-o/cri-o

test/ctr.bats: fix test check

Looks like @giuseppe added that change for crun 2649ebb

Yeah, I referred to that one in the commit message.

The problem is, this second check never worked:

bash $ [ "aaa bbb" =~ "aaa" ]; echo $?
bash: [: =~: binary operator expected
2

and since the whole line ([ "$status" -ne 0 ] || [ "$output" =~ "Exit code: 1" ]) never failed it means the second check was never ran.

kolyshkin

comment created time in 3 days

pull request commentcri-o/cri-o

test/*bats: fix shellcheck SC2076

Test failures look related to the changes - https://storage.googleapis.com/origin-federated-results/pr-logs/pull/cri-o_cri-o/4060/test_pull_request_crio_integration_rhel/15866/artifacts/testout.txt

Thanks for looking into it! My bad, I have somehow accidentally replaced != with == (before writing a script to do that).

But the check was not working before. The way it was written is

[[ "$output" != "$ctr3_id" ]]

and it was meant to check that output does not contain a substring $ctr3_id, while it fact it was checking that output was not equal to $ctrl3_id.

Fix (of the original code):

-[[ "$output" != "$ctr3_id" ]]
+[[ "$output" != *"$ctr3_id"* ]]

I took a look and found a few more logical bugs like this.

Fixed the first commit, added the second one fixing such != checks.

kolyshkin

comment created time in 3 days

push eventkolyshkin/cri-o

Kir Kolyshkin

commit sha bf10fcafe166db7759ebd3858ccc70ea1e52e066

test/*bats: fix shellcheck SC2076 This fixes shellcheck warning SC2076, for example > In default_mounts.bats line 90: > [[ "$output" =~ "test.txt" ]] > ^--------^ SC2076: Don't quote right-hand side of =~, it'll match literally rather than as a regex. So, operator ~= does a comparison against a regular expression, and yet in all the places we are actually using it to search for a substring. Use the substring syntax (i.e. [[ "$output" == *"substring"* ]]) instead to be more clear about what we're doing. This commit is courtesy of for f in *.bats; do sed -i -e 's/ =\~ "\(.*\)" ]]/ == *"\1"* ]]/g' $f; done Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>

view details

Kir Kolyshkin

commit sha 76c7e8657ba0a19075ed9fd5351cf8bf66f3ec87

test/*.bats: fix checks that id is not present These two checks meant to check that the ID is not present in the output. They don't work as they perform string comparison, while we need to search for a substring. Fix by adding * around the substring. Fixes: b0b6611bdf Fixes: 25dfde9044 Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>

view details

push time in 3 days

pull request commentcri-o/cri-o

test/ctr.bats: fix test check

Or maybe this second check is non needed at all?

kolyshkin

comment created time in 3 days

PR opened cri-o/cri-o

Reviewers
test/ctr.bats: fix test check

As reported by shellcheck:

In ctr.bats line 1008:
	[ "$status" -ne 0 ] || [ "$output" =~ "Exit code: 1" ]
                                     ^-- SC2074: Can't use =~ in [ ]. Use [[..]] instead.

Use [[..]], and change the comparison to match a substring rather than a regex.

Fixes: 2649ebb1a5d (https://github.com/cri-o/cri-o/pull/2943/) /kind bug

NONE

@giuseppe PTAL

+1 -1

0 comment

1 changed file

pr created time in 3 days

create barnchkolyshkin/cri-o

branch : bats-sc2074

created branch time in 3 days

PR opened cri-o/cri-o

Reviewers
test/*bats: fix shellcheck SC2076

This fixes shellcheck warning SC2076, for example

In default_mounts.bats line 90:
    [[ "$output" =~ "test.txt" ]]
                    ^--------^ SC2076: Don't quote right-hand side of =~, it'll match literally rather than as a regex.

So, operator ~= does a comparison against a regular expression, and yet in all the places we are actually using it to search for a substring, not a regex.

Use the substring syntax (i.e. [[ "$output" == *"substring"* ]]) instead to be more clear about what we're doing.

This commit is courtesy of

for f in *.bats; do sed -i -e 's/ =\~ "\(.*\)" ]]/ == *"\1"* ]]/g' $f; done

and a few manual fixes on top of it.

/kind cleanup

NONE
+165 -165

0 comment

17 changed files

pr created time in 3 days

create barnchkolyshkin/cri-o

branch : bats-shellcheck

created branch time in 3 days

push eventkolyshkin/runc

Kir Kolyshkin

commit sha 985bd24f62319cfaf34b01cc3d3ec8ca7abb088f

Makefile: fix go vet/fmt I have noticed that `go vet` from golang 1.13 ignores the vendor/ subdir, downloading all the modules when invoked in Travis CI env. As the other go commands, in 1.13 it needs explicit -mod=vendor flag, so let's provide one. PS once golang 1.13 is unsupported, we will drop it. Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>

view details

Mrunal Patel

commit sha 809dc640416885764128eebf772a5fe455df4932

Merge pull request #2548 from kolyshkin/int-cr-fix tests/int: fix error handling and logging

view details

Mrunal Patel

commit sha dedadbf9ea76c888dd9067fd6f29f3c441aba421

Merge pull request #2545 from kolyshkin/go-mod-vendor Makefile: fix go vet/fmt

view details

Kir Kolyshkin

commit sha 85a3069878e681b4efbf05c77686f90bdf06d6d6

test/int/hooks.bats: fix here-doc The ending EOF should be - all by itself (i.e. no extra characters on the same line); - with no whitespace before it. Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>

view details

Kir Kolyshkin

commit sha 699fdf8952795c189a67087c52db5bce42f03ef4

tests/int/mount.bats: fix a check It's not a regex but a substring, so use a substring match. Fixes the following warning by shellcheck: > In mounts.bats line 20: > [[ "${lines[0]}" =~ '/tmp/bind/config.json' ]] > ^---------------------^ SC2076: Don't quote right-hand side of =~, it'll match literally rather than as a regex. Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>

view details

Kir Kolyshkin

commit sha ce50e1da7ea9ff5274f6ebd80040d3254e204239

test/int/spec.bats: simplify setup/teardown 1. cd is useless as all the paths are absolute 2. run is redundant, does not make sense to use it 3. use mkdir -p to save a line of code This also eliminates shellcheck warnings like this one: > In spec.bats line 8: > cd "$INTEGRATION_ROOT" > ^--------------------^ SC2164: Use 'cd ... || exit' or 'cd ... || return' in case cd fails. Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>

view details

Kir Kolyshkin

commit sha 4b8ff6a17c01645e4a2c1f4b2de245bcdc7114b0

tests/int/checkpoint.bats: ignore some shellcheck warnings Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>

view details

Kir Kolyshkin

commit sha 82836d2429cd11ea7e43794b30a3135346e89518

tests/int/cgroups.bats: fix a shellcheck warning Fixes the following warning: > In cgroups.bats line 58: > if [ "$KERNEL_MAJOR" -lt 4 ] || [ "$KERNEL_MAJOR" -eq 4 -a "$KERNEL_MINOR" -le 5 ]; then > ^-- SC2166: Prefer [ p ] && [ q ] as [ p -a q ] is not well defined. Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>

view details

Kir Kolyshkin

commit sha 612d07908687123f2515a48f436e3eb53596f34b

tests/int/update.bats: fix a shellcheck warning Fixes the following warning: > In update.bats line 422: > local root_period=$(cat "${CGROUP_CPU_BASE_PATH}/cpu.rt_period_us") > ^---------^ SC2155: Declare and assign separately to avoid masking return values. > > > In update.bats line 423: > local root_runtime=$(cat "${CGROUP_CPU_BASE_PATH}/cpu.rt_runtime_us") > ^----------^ SC2155: Declare and assign separately to avoid masking return values. Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>

view details

Kir Kolyshkin

commit sha 3b80850eaa5c070556560c2e3b18a8a3cc96159a

tests/int/update.bats: fix a shellcheck warning This fixes the following warning, and implements a suggestion: > In update.bats line 426: > IFS='/' read -r -a dirs <<< $(echo ${CGROUP_CPU} | sed -e s@^${CGROUP_CPU_BASE_PATH}/@@) > ^-- SC2046: Quote this to prevent word splitting. > ^-- SC2001: See if you can use ${variable//search/replace} instead. Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>

view details

Kir Kolyshkin

commit sha b02ca2dc9ce8874fc3b9879f817173d27782ae1e

tests/int: fix shellcheck warning SC2002 Fix all warnings like this one: > In checkpoint.bats line 197: > cat ./work-dir/restore.log | grep -B 5 Error || true > ^--------------------^ SC2002: Useless cat. Consider 'cmd < file | ..' or 'cmd file | ..' instead. Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>

view details

Kir Kolyshkin

commit sha 4ba4baea0ec6e6a7e2232b2e635278603f425612

tests/int/*bats: fix shellcheck SC2086, SC2006 Those are pretty simple to allow shellcheck to fix these, so this commit is courtesy of > shellcheck -i SC2086 -i SC2006 -f diff *.bats > fix.diff > patch -p1 < fix.diff repeated 3 times ;) Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>

view details

Kir Kolyshkin

commit sha 08766b9848f686261a5b8bcd17167461d6f1230b

tests/int/*bats: fix/ignore shellcheck SC2046 Fix or ignore warnings like this one: > In cgroups.bats line 107: > if [ $(id -u) = "0" ]; then > ^------^ SC2046: Quote this to prevent word splitting. Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>

view details

Kir Kolyshkin

commit sha 598d8b73a5cdeabbd58649880d8fd752e46628c5

tests/int/checkpoint.bats: ignore SC2206 Ignore warnings like this: > In checkpoint.bats line 169: > PIDS_TO_KILL=($cpt_pid) > ^------^ SC2206: Quote to prevent word splitting/globbing, or split robustly with mapfile or read -a. Since in all the cases we deal with either pids or fds, and they don't have spaces. Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>

view details

Kir Kolyshkin

commit sha f36fb46bdfdfa7ac83f4cf3285cc862dadb435f8

tests/int/*bats: ignore SC2016 Ignore the shellcheck warnings like this one: > In tty.bats line 32: > update_config '(.. | select(.[]? == "sh")) += ["-c", "stat -c %u:%g $(tty) | tr : \\\\n"]' > ^-- SC2016: Expressions don't expand in single quotes, use double quotes for that. While at it, fix some minor whitespace issues in tty.bats. Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>

view details

Kir Kolyshkin

commit sha d34f1c819df45433297d49f77413772d08c543cd

CI: add shellcheck of bats files Currently all the shellcheck warnings are fixed, and we'd like it to stay thay way. So, add shellcheck call to validate target in Makefile, which is run on Travis CI. Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>

view details

push time in 3 days

Pull request review commentopencontainers/runc

Add shellcheck to bats files

 validate: 	script/validate-c 	$(GO) vet ./... -ci: validate test release+shellcheck:+	shellcheck tests/integration/*.bats

good point, fixed

kolyshkin

comment created time in 3 days

push eventkolyshkin/runc

Kir Kolyshkin

commit sha c17d5391fe158a1c8cb27ac8945cc751f1b92587

CI: add shellcheck of bats files Currently all the shellcheck warnings are fixed, and we'd like it to stay thay way. So, add shellcheck call to validate target in Makefile, which is run on Travis CI. Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>

view details

push time in 3 days

pull request commentopencontainers/runc

remove multi-arch.bash but use docker to get images directly

I failed to install skopeo with Permission denied error.

Please see the .travis.yml file a few lines before your changes -- it calls apt, too, so you don't have to call it again.

Also, as you can see, it uses sudo and you should too.

echo ... | sudo cat > /etc/apt/....

XiaodongLoong

comment created time in 3 days

push eventkolyshkin/runc

Kir Kolyshkin

commit sha bc074d3d793bdcc3c568671516fa89740badbf23

tests/int/cgroups.bats: fix a shellcheck warning Fixes the following warning: > In cgroups.bats line 58: > if [ "$KERNEL_MAJOR" -lt 4 ] || [ "$KERNEL_MAJOR" -eq 4 -a "$KERNEL_MINOR" -le 5 ]; then > ^-- SC2166: Prefer [ p ] && [ q ] as [ p -a q ] is not well defined. Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>

view details

Kir Kolyshkin

commit sha 75ed73932f06823bb7f74e69b5cf18fcc8307686

tests/int/update.bats: fix a shellcheck warning Fixes the following warning: > In update.bats line 422: > local root_period=$(cat "${CGROUP_CPU_BASE_PATH}/cpu.rt_period_us") > ^---------^ SC2155: Declare and assign separately to avoid masking return values. > > > In update.bats line 423: > local root_runtime=$(cat "${CGROUP_CPU_BASE_PATH}/cpu.rt_runtime_us") > ^----------^ SC2155: Declare and assign separately to avoid masking return values. Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>

view details

Kir Kolyshkin

commit sha 7f79e07c9aef883c604774ebb86c4911e4bba391

tests/int/update.bats: fix a shellcheck warning This fixes the following warning, and implements a suggestion: > In update.bats line 426: > IFS='/' read -r -a dirs <<< $(echo ${CGROUP_CPU} | sed -e s@^${CGROUP_CPU_BASE_PATH}/@@) > ^-- SC2046: Quote this to prevent word splitting. > ^-- SC2001: See if you can use ${variable//search/replace} instead. Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>

view details

Kir Kolyshkin

commit sha 0337169629334c826c74e8a96fc8126af42a1b45

tests/int: fix shellcheck warning SC2002 Fix all warnings like this one: > In checkpoint.bats line 197: > cat ./work-dir/restore.log | grep -B 5 Error || true > ^--------------------^ SC2002: Useless cat. Consider 'cmd < file | ..' or 'cmd file | ..' instead. Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>

view details

Kir Kolyshkin

commit sha 6794df9ec6c367fc95c08c4c6847a7208f4bb3ab

tests/int/*bats: fix shellcheck SC2086, SC2006 Those are pretty simple to allow shellcheck to fix these, so this commit is courtesy of > shellcheck -i SC2086 -i SC2006 -f diff *.bats > fix.diff > patch -p1 < fix.diff repeated 3 times ;) Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>

view details

Kir Kolyshkin

commit sha c524e9035eb451b669c77dc0a3f64c11fdbf21cb

tests/int/*bats: fix/ignore shellcheck SC2046 Fix or ignore warnings like this one: > In cgroups.bats line 107: > if [ $(id -u) = "0" ]; then > ^------^ SC2046: Quote this to prevent word splitting. Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>

view details

Kir Kolyshkin

commit sha e52d68f1620de0ce6b264557a749d78fe1184f16

tests/int/checkpoint.bats: ignore SC2206 Ignore warnings like this: > In checkpoint.bats line 169: > PIDS_TO_KILL=($cpt_pid) > ^------^ SC2206: Quote to prevent word splitting/globbing, or split robustly with mapfile or read -a. Since in all the cases we deal with either pids or fds, and they don't have spaces. Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>

view details

Kir Kolyshkin

commit sha 87964a1f2e2b505c37a3b0e7efb5208ec6c45adc

tests/int/*bats: ignore SC2016 Ignore the shellcheck warnings like this one: > In tty.bats line 32: > update_config '(.. | select(.[]? == "sh")) += ["-c", "stat -c %u:%g $(tty) | tr : \\\\n"]' > ^-- SC2016: Expressions don't expand in single quotes, use double quotes for that. While at it, fix some minor whitespace issues in tty.bats. Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>

view details

Kir Kolyshkin

commit sha c1e8fa16ef758214b450db18e6c00ddd258e9ce1

CI: add shellcheck of bats files Currently all the shellcheck warnings are fixed, and we'd like it to stay thay way. So, add shellcheck target to Makefile, and include it into ci target which is run on Travis CI. Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>

view details

push time in 3 days

PR opened opencontainers/runc

Add shellcheck to bats files

This PR

  • fixes (or adds annotations to ignore) all the shellcheck warnings for .bats files;
  • add shellcheck to the CI cycle.

TODO (probably not in this PR):

  • fix shellcheck warnings for helpers.bash
+201 -189

0 comment

21 changed files

pr created time in 4 days

create barnchkolyshkin/runc

branch : bats-shellcheck

created branch time in 4 days

pull request commentopencontainers/runc

tests/int: fix error handling and logging

@mrunalp @adrianreber @AkihiroSuda @RenaudWasTaken PTAL

kolyshkin

comment created time in 4 days

issue commentopencontainers/runc

criu int test failures

Got another very similar failure while running CI for #2487 (unrelated!). Here's an excerpt from https://travis-ci.org/github/opencontainers/runc/jobs/716225208:

not ok 12 checkpoint --lazy-pages and restore
# (from function `__runc' in file tests/integration/helpers.bash, line 57,
#  in test file tests/integration/checkpoint.bats, line 194)
#   `__runc --criu "$CRIU" restore -d --work-path ./image-dir --image-path ./image-dir --lazy-pages test_busybox_restore <&${in_r} >&${out_w} 2>&${out_w}' failed
# runc list (status=0):
# ID          PID         STATUS      BUNDLE      CREATED     OWNER
# runc spec (status=0):
# 
# runc state test_busybox (status=0):
# {
#   "ociVersion": "1.0.2-dev",
#   "id": "test_busybox",
#   "pid": 4178,
#   "status": "running",
#   "bundle": "/tmp/busyboxtest",
#   "rootfs": "/tmp/busyboxtest/rootfs",
#   "created": "2020-08-09T02:02:58.166214958Z",
#   "owner": ""
# }
# Warn  (criu/kerndat.c:869): Can't keep kdat cache on non-tempfs
# runc list (status=0):
# ID             PID         STATUS      BUNDLE             CREATED                          OWNER
# test_busybox   4178        running     /tmp/busyboxtest   2020-08-09T02:02:58.166214958Z   root
# runc kill test_busybox KILL (status=0):
# 
# runc delete test_busybox (status=0):
# 
# /usr/local/libexec/bats-core/bats-exec-test: line 260: 18: Bad file descriptor
not ok 13 checkpoint and restore in external network namespace

Alas, the fix in #2476 is wrong :( here's a (supposedly) correct one: https://github.com/opencontainers/runc/pull/2548

kolyshkin

comment created time in 4 days

PR opened opencontainers/runc

tests/int: fix error handling and logging area/checkpoint-restore area/ci

TL;DR: this allows to show logs from failed runc restore.

Bats scripts are run with set -e. This is well known and obvious, and yet there are a few errors with respect to that, including a few "gems" by yours truly :(

  1. bats scripts are run with set -e, meaning that [ $? -eq 0 ] is useless since the execution won't ever reach this line in case of non-zero exit code from a preceding command. So, remove all such checks, they are useless and misleading.

  2. bats scripts are run with set -e, meaning that ret=$? is useless since the execution won't ever reach this line in case of non-zero exit code from a preceding command.

In particular, the code that calls runc restore needs to save the exit code, show the errors in the log, and only when check the exit code and fail if it's non-zero. It can not use run (or runc which uses run) because of shell redirection that we need to set up.

The solution, implemented in this patch, is to use code like this:

ret=0
__runc ... || ret=$?
show_logs
[ $ret -eq 0 ]

In case __runc ... fails (i.e. exits with non-zero exit code), ret=$? is executed, and it always succeeds, so we won't fail just yet and have a chance to show logs before checking the value of $ret.

In case __runc ... succeeds, ret=$? is never executed, so $ret will still be zero (this is the reason why it needs to be set explicitly).

Should help with investigating https://github.com/opencontainers/runc/issues/2475

+5 -12

0 comment

2 changed files

pr created time in 4 days

create barnchkolyshkin/runc

branch : int-cr-fix

created branch time in 4 days

PR opened opencontainers/runc

libct/integration: enable some tests for cgroupv2 area/cgroupv2 area/ci

The only two tests that are still skipped on v2 are kmem and invalid CpuShares test -- since v2 does not support either.

+2 -11

0 comment

1 changed file

pr created time in 4 days

create barnchkolyshkin/runc

branch : moar-v2-tests

created branch time in 4 days

pull request commentopencontainers/runc

.travis.yml: add Go 1.15.x

1.15rc2 is out

AkihiroSuda

comment created time in 4 days

push eventkolyshkin/runc

Kir Kolyshkin

commit sha f9b4cf01f697e101784bd695c05bff4f3a90bb9b

init: wait for log forwarder to finish Since the extended logging was added to runc, some test cases from debug.bats, notably those that write to a log file, started failing sometimes in our CI, not showing the complete logs as expected, but only the first few lines. Presumably this happens because the binary exits before logrus forwarder has a chance to finish forwarding/writing the logs to the file. To fix, add a channel to signal that ForwardLogs has finished, and use it from Finish(). Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>

view details

push time in 4 days

push eventkolyshkin/runc

Kir Kolyshkin

commit sha cd4dca632654e598b9d5f40bf4993ba6c16d756a

init: wait for log forwarder to finish Since the extended logging was added to runc, some test cases from debug.bats, notably those that write to a log file, started failing sometimes in our CI, not showing the complete logs as expected, but only the first few lines. Presumably this happens because the binary exits before logrus forwarder has a chance to finish forwarding/writing the logs to the file. To fix, add a channel to signal that ForwardLogs has finished, and use it from Finish(). Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>

view details

push time in 5 days

pull request commentopencontainers/runc

Improve nsexec logging

Failures look legit

This was caused by unconfigured logger in libcontainer/integration, so logrus was set to stderr, so stderr was closed prematurely.

Fixed to not close logrus output if it's not configured (i.e. goes to stderr).

kolyshkin

comment created time in 5 days

push eventkolyshkin/runc

Kir Kolyshkin

commit sha b99a0054171d3778c844baa77048a87ad367b1f2

init: close logrus file before exec Since the extended logging was added to runc, some test cases from debug.bats, notably those that write to a log file, started failing sometimes in our CI, not showing the complete logs as expected, but only the first few lines. Presumably this happens because the binary exits before logrus have a chance to finish writing to the file, or there are some buffers involved. Let's close logrus output file just before exec'ing the process inside a container. Make sure to not close logrus output if it's not configured, as in this case we'd close os.Stderr which must not be done. Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>

view details

push time in 5 days

push eventkolyshkin/runc

Kir Kolyshkin

commit sha 417f5ff40dcdca694081762dc20a06f53cbd1f19

tests/int/checkpoint: fds and pids cleanup 1. Do not use hardcoded fd numbers, instead relying on bash feature of assigning an fd to a variable. This looks very weird, but the rule of thumb here is: - if this is in exec, use {var} (i.e. no $); - otherwise, use as normal ($var or ${var}). 2. Add killing the background processes and closing the fds to teardown. This is helpful in case of a test failure, in order to not affect the subsequent tests. Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>

view details

Kir Kolyshkin

commit sha c1adc99a209bb40b3aff84842092cd537fc53a5c

cgroup/fs: rework Apply() In manager.Apply() method, a path to each subsystem is obtained by calling d.path(sys.Name()), and the sys.Apply() is called that does the same call to d.path() again. d.path() is an expensive call, so rather than to call it twice, let's reuse the result. This results the number of times we parse mountinfo during container start from 62 to 34 on my setup. Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>

view details

Kir Kolyshkin

commit sha a73ce38d16aecffd7eff605784e29282876646d4

cgroupv1/FindCgroupMountpoint: add a fast path In case cgroupPath is under the default cgroup prefix, let's try to guess the mount point by adding the subsystem name to the default prefix, and resolving the resulting path in case it's a symlink. In most cases, given the default cgroup setup, this trick should result in returning the same result faster, and avoiding /proc/self/mountinfo parsing which is relatively slow and problematic. Be very careful with the default path, checking it is - a directory; - a mount point; - has cgroup fstype. If something is not right, fall back to parsing mountinfo. While at it, remove the obsoleted comment about mountinfo parsing. The comment belongs to findCgroupMountpointAndRootFromReader(), but rather than moving it there, let's just remove it, since it does not add any value in understanding the current code. Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>

view details

Kir Kolyshkin

commit sha 6d5125f8b491449cec71adf431894d53e9a897eb

tests/int/checkpoint: don't remove readonly flag This should not longer be necessary (in theory, at least), let's see how it goes. Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>

view details

Xiaodong Liu

commit sha af283b3f478efc57466a17432f14116697480684

remove redundant the parameter of chroot function Signed-off-by: Xiaodong Liu <liuxiaodong@loongson.cn>

view details

Kir Kolyshkin

commit sha f9850afa9153b48b654b5c901ae20cabaa4089f8

Merge pull request #2518 from XiaodongLoong/redundant_chroot_param remove redundant parameter of chroot function

view details

Aleksa Sarai

commit sha f8749ba098366be0057b0df03fa527f42e28ae84

merge branch 'pr-2509' Kir Kolyshkin (2): tests/int/checkpoint: fds and pids cleanup tests/int/checkpoint: don't remove readonly flag LGTMs: @mrunalp @AkihiroSuda @cyphar Closes #2509

view details

Adrian Reber

commit sha b7683d6b0f5d7ff01dd87ebfd738b3bba22450f9

Fix .travis.yml warnings Travis reports following warnings which are fixed with this commit. root: deprecated key sudo (The key `sudo` has no effect anymore.) root: missing os, using the default linux root: key matrix is an alias for jobs, using jobs Signed-off-by: Adrian Reber <areber@redhat.com>

view details

Kir Kolyshkin

commit sha 86d9399c8006d7db6adb12af5a9867c33f1e1188

Merge pull request #2524 from adrianreber/fix-travis Fix .travis.yml warnings

view details

zvier

commit sha 92e2175de1e9d7553756219d3ba7ca2996a28cc2

cleancode: clean code for utils_linux.go Signed-off-by: Jeff Zvier <zvier20@gmail.com>

view details

Kir Kolyshkin

commit sha d65df61dc5f87e5be4459782ba7a72619f145dca

Merge pull request #2521 from zvier/master cleancode: clean code for utils_linux.go

view details

Adrian Reber

commit sha 610c5ad75cb69f49094719ffda5d34ba65d1a092

Factor out checkpointing with external namespace code To checkpoint and restore a container with an external network namespace (like with Podman and CNI), runc tells CRIU to ignore the network namespace during checkpoint and restore. This commit moves that code to their own functions to be able to reuse the same code path for external PID namespaces which are necessary for checkpointing and restoring containers out of a pod in cri-o. Signed-off-by: Adrian Reber <areber@redhat.com>

view details

Adrian Reber

commit sha 09e103b01e34a7dda321781ec7f05939c9fe4adb

Tell CRIU to use an external pid namespace if necessary Trying to checkpoint a container out of pod in cri-o fails with: Error (criu/namespaces.c:1081): Can't dump a pid namespace without the process init Starting with the upcoming CRIU release 3.15, CRIU can be told to ignore the PID namespace during checkpointing and to restore processes into an existing network namespace. With the changes from this commit and CRIU 3.15 it is possible to checkpoint a container out of a pod in cri-o. Signed-off-by: Adrian Reber <areber@redhat.com>

view details

Aleksa Sarai

commit sha 95a59bf206f86bc449c4ccc22e2c08e78c707eb6

devices: correctly check device types (mode&S_IFCHR == S_IFCHR) is the wrong way of checking the type of an inode because the S_IF* bits are actually not a bitmask and instead must be checked using S_IF*. This bug was neatly hidden behind a (major == 0) sanity-check but that was removed by [1]. In addition, add a test that makes sure that HostDevices() doesn't give rubbish results -- because we broke this and fixed this before[2]. [1]: 24388be71e1a ("configs: use different types for .Devices and .Resources.Devices") [2]: 3ed492ad33f3 ("Handle non-devices correctly in DeviceFromPath") Fixes: b0d014d0e1a4 ("libcontainer: one more switch from syscall to x/sys/unix") Signed-off-by: Aleksa Sarai <cyphar@cyphar.com>

view details

Aleksa Sarai

commit sha 67169a9d43456ff0d5ae12b967acb8e366e2f181

merge branch 'pr-2529' Aleksa Sarai (1): devices: correctly check device types LGTMs: @AkihiroSuda @mrunalp Closes #2529

view details

John Hwang

commit sha 59352963670641563b89a0836082a18c9ab1b9df

Update go.mod Signed-off-by: John Hwang <john.f.hwang@gmail.com>

view details

Akihiro Suda

commit sha 97b02cf9c0dd1a537edb0187dbfde62b4e6ecd07

Merge pull request #2531 from JFHwang/gomod_update Update go.mod

view details

Sebastiaan van Stijn

commit sha 901dccf05df04aa6a37f666dcc87c4cf6ba2f0f3

vendor: update runtime-spec v1.0.3-0.20200728170252-4d89ac9fbff6 Signed-off-by: Sebastiaan van Stijn <github@gone.nl>

view details

Kir Kolyshkin

commit sha e0c0b0cf321252b8d964fc64d62d21f107615304

libct/cgroups/GetCgroupRoot: make it faster ...by checking the default path first. Quick benchmark shows it's about 5x faster on an idle system, and the gain should be much more on a system doing mounts etc. Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>

view details

Mrunal Patel

commit sha 46243fcea186a0712da0f8838e40b77c634879a1

Merge pull request #2500 from kolyshkin/fs-apply libct/cgroups/fs: rework Apply()

view details

push time in 5 days

Pull request review commentopencontainers/runc

cgroupv1 removal nits

 func RemovePath(path string) error { // If after all there are not removed cgroups - appropriate error will be // returned. func RemovePaths(paths map[string]string) (err error) {+	const retries = 5 	delay := 10 * time.Millisecond-	for i := 0; i < 5; i++ {+	for i := 0; i < retries; i++ { 		if i != 0 { 			time.Sleep(delay) 			delay *= 2 		} 		for s, p := range paths {-			os.RemoveAll(p)-			// TODO: here probably should be logging+			if err := RemovePath(p); err != nil {+				// do not log intermediate iterations+				switch i {+				case 0:+					logrus.WithError(err).Warnf("Failed to remove cgroup (will retry)")+				case retries - 1:+					logrus.WithError(err).Error("Failed to remove cgroup")

I took a look at whatever the current kernel implements, and normally it can only return EBUSY, so we'll log EBUSY once or twice. I still want to log the first error to distinguish between the "success from the first try" and "succeeded but after a retry cases". Can certainly demote the warning to debug if you like.

@mrunalp @cyphar @crosbymichael PTAL

kolyshkin

comment created time in 6 days

Pull request review commentopencontainers/runc

cgroupv1 removal nits

 func RemovePath(path string) error { // If after all there are not removed cgroups - appropriate error will be // returned. func RemovePaths(paths map[string]string) (err error) {+	const retries = 5 	delay := 10 * time.Millisecond-	for i := 0; i < 5; i++ {+	for i := 0; i < retries; i++ { 		if i != 0 { 			time.Sleep(delay) 			delay *= 2 		} 		for s, p := range paths {-			os.RemoveAll(p)-			// TODO: here probably should be logging+			if err := RemovePath(p); err != nil {+				// do not log intermediate iterations+				switch i {+				case 0:+					logrus.WithError(err).Warnf("Failed to remove cgroup (will retry)")+				case retries - 1:+					logrus.WithError(err).Error("Failed to remove cgroup")

Previously, the error was ignored and we never knew if there was any retries, or what the removal error was.

Now, we log the first and the last error, so we still know what is going on, without any excessive logging.

kolyshkin

comment created time in 6 days

Pull request review commentopencontainers/runc

cgroupv1 removal nits

 func RemovePath(path string) error { // If after all there are not removed cgroups - appropriate error will be // returned. func RemovePaths(paths map[string]string) (err error) {+	const retries = 5 	delay := 10 * time.Millisecond-	for i := 0; i < 5; i++ {+	for i := 0; i < retries; i++ { 		if i != 0 { 			time.Sleep(delay) 			delay *= 2 		} 		for s, p := range paths {-			os.RemoveAll(p)-			// TODO: here probably should be logging+			if err := RemovePath(p); err != nil {+				// do not log intermediate iterations+				switch i {+				case 0:+					logrus.WithError(err).Warnf("Failed to remove cgroup (will retry)")+				case retries - 1:+					logrus.WithError(err).Error("Failed to remove cgroup")

So, what this code does is

  • logs the first removal error as a warning (warning because it will retry);
  • retries a few times;
  • if removal still fails, logs the last error as an error.

I believe what the code does is the best approach, let me explain the logic that lead to this code.

  1. In case the removal eventually succeeds, we might still be interested in why it failed initially -- this is why the first error is logged as a warning.
  2. Most probably the removal error is the same for all tries, so it does not make sense to log it N times, or aggregate it.
  3. In case it ultimately fails, since we do not return the error to the caller, it needs to be logged at least.

In any case, this is better than the current code and addresses the TODO in it.

kolyshkin

comment created time in 6 days

issue closedopencontainers/runc

[AliOS] nsenter: failed to unshare namespaces: Invalid argument container_linux.go:262: starting container process caused "process_linux.go:247: running exec setns process for init caused \"exit status 34\""

I I occasionally encounter this error when I start the container, every time I encounter it when restarting the container several times continuously. Do you have any suggestions? uname -a Linux e03g04255.eu6sqa 3.10.0-327.ali2013.alios7.x86_64 unshare --user sh unshare: unshare failed: Invalid argument I seems kernel dosen't supports CLONE_NEWUSER.But mostly I can start container normally and just encounter this problem occasionally.And this is why?

closed time in 6 days

sjc2870

issue commentopencontainers/runc

[AliOS] nsenter: failed to unshare namespaces: Invalid argument container_linux.go:262: starting container process caused "process_linux.go:247: running exec setns process for init caused \"exit status 34\""

docker-runc --version runc version 1.0.0-rc3

This runc version is very old and I guess is only supported by Docker, so I guess you should file a bug to Docker.

In case you are not using Docker, but bare runc, feel free to reproduce this using a recent runc release and reopen this (or file a new issue with a reference to this one).

sjc2870

comment created time in 6 days

Pull request review commentopencontainers/runc

Remove runc default devices that overlap with spec devices.

 func TestNullProcess(t *testing.T) { 		t.Errorf("Null process should be forbidden") 	} }++func TestCreateDevices(t *testing.T) {+	spec := Example()++	// dummy uid/gid for /dev/tty; will enable the test to check if createDevices()+	// preferred the spec's device over the redundant default device+	ttyUid := uint32(1000)+	ttyGid := uint32(1000)+	fm := os.FileMode(0666)++	spec.Linux = &specs.Linux{+		Devices: []specs.LinuxDevice{+			{+				// This is purposely redundant with one of runc's default devices+				Path:     "/dev/tty",+				Type:     "c",+				Major:    5,+				Minor:    0,+				FileMode: &fm,+				UID:      &ttyUid,+				GID:      &ttyGid,+			},+			{+				// This is purposely not redundant with one of runc's default devices+				Path:  "/dev/ram0",+				Type:  "b",+				Major: 1,+				Minor: 0,+			},+		},+	}++	conf := &configs.Config{}++	defaultDevs, err := createDevices(spec, conf)+	if err != nil {+		t.Errorf("failed to create devices: %v", err)+	}++	// Verify the returned default devices has the /dev/tty entry deduplicated+	found := false+	for _, d := range defaultDevs {+		if d.Path == "/dev/tty" {+			if found {+				t.Errorf("createDevices failed: returned a duplicated device entry: %v", defaultDevs)+			}+			found = true+		}+	}++	// Verify that createDevices() placed all default devices are in the config+	for _, allowedDev := range AllowedDevices {+		found := false+		if allowedDev.Path != "" {

I'd rather have it as

if allowedDev.Path == "" {
   continue
}

found := false
...
ctalledo

comment created time in 6 days

Pull request review commentopencontainers/runc

Remove runc default devices that overlap with spec devices.

 func stringToDeviceRune(s string) (configs.DeviceType, error) { 	} } -func createDevices(spec *specs.Spec, config *configs.Config) error {-	// Add default set of devices.-	for _, device := range AllowedDevices {-		if device.Path != "" {-			config.Devices = append(config.Devices, device)+func createDevices(spec *specs.Spec, config *configs.Config) ([]*configs.Device, error) {+

nit: no need to have this empty line here.

ctalledo

comment created time in 6 days

Pull request review commentopencontainers/runc

Remove runc default devices that overlap with spec devices.

 func TestNullProcess(t *testing.T) { 		t.Errorf("Null process should be forbidden") 	} }++func TestCreateDevices(t *testing.T) {+	spec := Example()++	// dummy uid/gid for /dev/tty; will enable the test to check if createDevices()+	// preferred the spec's device over the redundant default device+	ttyUid := uint32(1000)+	ttyGid := uint32(1000)+	fm := os.FileMode(0666)++	spec.Linux = &specs.Linux{+		Devices: []specs.LinuxDevice{+			{+				// This is purposely redundant with one of runc's default devices+				Path:     "/dev/tty",+				Type:     "c",+				Major:    5,+				Minor:    0,+				FileMode: &fm,+				UID:      &ttyUid,+				GID:      &ttyGid,+			},+			{+				// This is purposely not redundant with one of runc's default devices+				Path:  "/dev/ram0",+				Type:  "b",+				Major: 1,+				Minor: 0,+			},+		},+	}++	conf := &configs.Config{}++	defaultDevs, err := createDevices(spec, conf)+	if err != nil {+		t.Errorf("failed to create devices: %v", err)+	}++	// Verify the returned default devices has the /dev/tty entry deduplicated+	found := false+	for _, d := range defaultDevs {+		if d.Path == "/dev/tty" {+			if found {+				t.Errorf("createDevices failed: returned a duplicated device entry: %v", defaultDevs)+			}+			found = true+		}+	}++	// Verify that createDevices() placed all default devices are in the config+	for _, allowedDev := range AllowedDevices {+		found := false+		if allowedDev.Path != "" {+			for _, configDev := range conf.Devices {+				if configDev.Path == allowedDev.Path {+					found = true+				}+			}+			if !found {+				configDevPaths := []string{}+				for _, configDev := range conf.Devices {+					configDevPaths = append(configDevPaths, configDev.Path)+				}+				t.Errorf("allowedDevice %s was not found in the config's devices: %v", allowedDev.Path, configDevPaths)+			}+		}+	}++	// Verify that createDevices() deduplicated the /dev/tty entry in the config+	for _, configDev := range conf.Devices {+		if configDev.Path == "/dev/tty" {+			wantDev := &configs.Device{+				Path:     "/dev/tty",+				FileMode: 0666,+				Uid:      1000,+				Gid:      1000,+				DeviceRule: configs.DeviceRule{+					Type:  configs.CharDevice,+					Major: 5,+					Minor: 0,+				},+			}++			if *configDev != *wantDev {+				t.Errorf("redundant dev was not deduplicated correctly: want %v, got %v", wantDev, configDev)+			}+		}+	}++	// Verify that createDevices() added the entry for /dev/ram0 in the config+	found = false+	for _, configDev := range conf.Devices {+		if configDev.Path == "/dev/ram0" {+			found = true

nit: break

ctalledo

comment created time in 6 days

pull request commentopencontainers/runc

Fix run/exec with terminal: true in case stdin is not a terminal

@AkihiroSuda @mrunalp @cyphar PTAL

kolyshkin

comment created time in 6 days

PR closed opencontainers/runc

travis: don't hardcode golang versions area/ci

Golang is supporting two minor releases (currently 1.14.x and 1.13.x), and thus once a new minor release is out, the oldest supported one becomes unsupported (e.g. when 1.15 is out, 1.13 becomes unsupported).

Instead of hardcoding golang versions, let's specify "stable" and "oldstable" (which currently equals to 1.14.x and 1.13.x). This way, we'll be sure we're testing stuff using up to date and supported golang releases.

This was not possible before due to:

  • https://github.com/travis-ci/gimme/issues/179
  • https://github.com/travis-ci/gimme/issues/185

but apparently it's finally fixed. Hooray!

Previous discussion on the topic:

  • https://github.com/opencontainers/runc/pull/2239#discussion_r393100037

Also, add -mod=vendor to go fmt and go vet since it's required for go 1.13 to honor vendor subdir. This should speed up CI a little bit.

+7 -7

7 comments

2 changed files

kolyshkin

pr closed time in 6 days

pull request commentopencontainers/runc

travis: don't hardcode golang versions

Closing as per comments above. The Makefile fix is separated out to #2545

kolyshkin

comment created time in 6 days

Pull request review commentopencontainers/runc

add Go version and libseccomp version to `runc --version`

 func parseStatusFile(path string) (map[string]string, error) {  	return status, nil }++// GetLibseccompVersion returns major, minor, and micro.+func GetLibseccompVersion() (uint, uint, uint) {

golang style discourages the Get prefix

This is what I mean: https://golang.org/doc/effective_go.html#Getters

AkihiroSuda

comment created time in 6 days

Pull request review commentopencontainers/runc

add Go version and libseccomp version to `runc --version`

 func parseStatusFile(path string) (map[string]string, error) {  	return status, nil }++// GetLibseccompVersion returns major, minor, and micro.+func GetLibseccompVersion() (uint, uint, uint) {

since

  • the package name is already seccomp;
  • golang style discourages the Get prefix;

maybe just Version (or LibVersion, or LibraryVersion).

AkihiroSuda

comment created time in 6 days

pull request commentopencontainers/runc

remove useless CRIU_CG_MODE_DEFAULT const

@XiaodongLoong you forgot to change the commit message and the PR description. The code LGTM.

XiaodongLoong

comment created time in 6 days

PR opened opencontainers/runc

Makefile: fix go vet/fmt

separated from #2538

I have noticed that go vet from golang 1.13 ignores the vendor/ subdir, downloading all the modules when invoked in Travis CI env.

As the other go commands, in 1.13 it needs explicit -mod=vendor flag, so let's provide one.

PS once golang 1.13 is unsupported, we will drop it.

+3 -3

0 comment

1 changed file

pr created time in 6 days

create barnchkolyshkin/runc

branch : go-mod-vendor

created branch time in 6 days

pull request commentopencontainers/runc

.travis.yml: add Go 1.15.x

We will need to remove 1.13.x as well since it will become unsupported once 1.15 is out.

AkihiroSuda

comment created time in 6 days

push eventopencontainers/runc

Mrunal Patel

commit sha ff819c7e9184c13b7c2607fe6c30ae19403a7aff

VERSION: release 1.0.0-rc92 Signed-off-by: Mrunal Patel <mrunalp@gmail.com>

view details

Mrunal Patel

commit sha 1ff1bf3452abc04e4b9f7946d458f752385603db

VERSION: back to development Signed-off-by: Mrunal Patel <mrunalp@gmail.com>

view details

Kir Kolyshkin

commit sha a340fa9b561432b14c0dabcb5b53c834a15a87ce

Merge pull request #2543 from mrunalp/release_1.0.0-rc92 Release 1.0.0 rc92

view details

push time in 7 days

PR merged opencontainers/runc

Release 1.0.0 rc92

@opencontainers/runc-maintainers ptal.

+1 -1

1 comment

1 changed file

mrunalp

pr closed time in 7 days

push eventkolyshkin/systemd

Kir Kolyshkin

commit sha 37e630448cbd0fe01a522e38d6a84b261146d63f

kernel-install/90-loaderentry: fix when /boot is not mountpoint I happen to have a machine where /boot is not a separate mountpoint, but rather just a directory under /. After upgrade to recent Fedora, I found out that grub2 can't find any new kernels. This happens because loadentry script generates kernel and initrd file paths relative to /boot, while grub2 expects path to be relative to the root of filesystem on which they are residing. This commit fixes this issue by using stat's %m to find the mount point of a partition holding the images, and using it as a prefix to be removed from ENTRY_DIR_ABS. Note that %m for stat requires coreutils 8.6, released in Oct 2010. Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>

view details

push time in 12 days

pull request commentsystemd/systemd

kernel-install/90-loaderentry: fix when /boot is not mountpoint

@keszybz PTAL

kolyshkin

comment created time in 12 days

PR opened systemd/systemd

kernel-install/90-loaderentry: fix when /boot is not mountpoint

I happen to have a machine where /boot is not a separate mountpoint, but rather just a directory under /. After upgrade to recent Fedora, I found out that grub2 can't find any new kernels.

This happens because loadentry script generates kernel and initrd file paths relative to /boot, while grub2 expects path to be relative to the root of filesystem on which they are residing.

This commit fixes this issue by using stat's %m to find the mount point of a partition holding the images, and using it as a prefix to be removed from ENTRY_DIR_ABS.

Note that %m for stat requires coreutils 8.6, released in Oct 2010.

+3 -2

0 comment

1 changed file

pr created time in 12 days

create barnchkolyshkin/systemd

branch : kernel-install-vs-boot

created branch time in 12 days

fork kolyshkin/systemd

The systemd System and Service Manager

https://systemd.io

fork in 12 days

pull request commentopencontainers/runc

Fix run/exec with terminal: true in case stdin is not a terminal

@cyphar @crosbymichael PTAL

kolyshkin

comment created time in 12 days

Pull request review commentcri-o/cri-o

container refactor

 type container struct { 	id         string 	name       string 	privileged bool+	spec       generate.Generator }  // New creates a new, empty Sandbox instance-func New(ctx context.Context) Container {+func New(ctx context.Context) (Container, error) {+	spec, err := generate.New("linux")+	if err != nil {+		return nil, err+	} 	return &container{-		ctx: ctx,+		ctx:  ctx,+		spec: spec,+	}, nil+}++// SpecAddMount adds a specified mount to the spec+func (c *container) SpecAddMount(r rspec.Mount) {
  1. Perhaps s/SpecAddMount/AddMount/?
wgahnagl

comment created time in 12 days

Pull request review commentcri-o/cri-o

container refactor

 func (s *Server) createSandboxContainer(ctx context.Context, ctr ctrIface.Contai 	sort.Sort(orderedMounts(mounts))  	for _, m := range mounts {-		mnt = rspec.Mount{+		ctr.SpecAddMount(rspec.Mount{

Maybe pass rspec.Mount via a reference, otherwise it's too much data being copied over

wgahnagl

comment created time in 12 days

Pull request review commentcri-o/cri-o

container refactor

 import ( )  // Copied from k8s.io/kubernetes/pkg/kubelet/kuberuntime/labels.go

The const is moved out of here, and this ^^^ comment (that was about the const) feels lonely. Please help it to reunite with the const it describes.

wgahnagl

comment created time in 12 days

Pull request review commentcri-o/cri-o

container refactor

 type container struct { 	id         string 	name       string 	privileged bool+	spec       generate.Generator }  // New creates a new, empty Sandbox instance-func New(ctx context.Context) Container {+func New(ctx context.Context) (Container, error) {+	spec, err := generate.New("linux")+	if err != nil {+		return nil, err+	} 	return &container{-		ctx: ctx,+		ctx:  ctx,+		spec: spec,+	}, nil+}++// SpecAddMount adds a specified mount to the spec+func (c *container) SpecAddMount(r rspec.Mount) {+	c.spec.RemoveMount(r.Destination)+	c.spec.AddMount(r)+}++// SpecAddAnnotation adds all annotations to the spec

ditto

wgahnagl

comment created time in 12 days

Pull request review commentcri-o/cri-o

container refactor

 type container struct { 	id         string 	name       string 	privileged bool+	spec       generate.Generator }  // New creates a new, empty Sandbox instance-func New(ctx context.Context) Container {+func New(ctx context.Context) (Container, error) {+	spec, err := generate.New("linux")+	if err != nil {+		return nil, err+	} 	return &container{-		ctx: ctx,+		ctx:  ctx,+		spec: spec,+	}, nil+}++// SpecAddMount adds a specified mount to the spec+func (c *container) SpecAddMount(r rspec.Mount) {

Now we have two docstrings for SpecAddMount. I think one is enough

wgahnagl

comment created time in 12 days

Pull request review commentcri-o/cri-o

container refactor

 type Container interface { 	// SelinuxLabel returns the container's SelinuxLabel 	// it takes the sandbox's label, which it falls back upon 	SelinuxLabel(string) ([]string, error)++	// spec functions++	// returns the spec+	Spec() *generate.Generator++	// SpecAddMount adds a mount to the container's spec+	// it takes the destination, the mount type, the source type, the mount to remove, and the options

Well, it might make sense to say instead that if there's another mount with the same destination, it is removed.

wgahnagl

comment created time in 12 days

more