containers
/
podman
mirror of https://github.com/containers/podman.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Remove conmon, get package from CRI-O 

conmon should not be built in two different places.
conmon is now a separate package in Fedora so we can just
add requires, for use on Ubuntu we can just require cri-o to
be installed.

Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>

Closes: #151
Approved by: mheon
This commit is contained in:
Daniel J Walsh 2018-01-16 17:33:56 -05:00 committed by Atomic Bot
parent fb58b87398
commit 3aa63b2b94
10 changed files with 30 additions and 1678 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
.papr.yml
View File

@ -15,6 +15,7 @@ tests:
- CRIO_ROOT=/var/tmp/checkout PODMAN_BINARY=/usr/bin/podman CONMON_BINARY=/usr/libexec/crio/conmon PAPR=1 sh .papr.sh - CRIO_ROOT=/var/tmp/checkout PODMAN_BINARY=/usr/bin/podman CONMON_BINARY=/usr/libexec/crio/conmon PAPR=1 sh .papr.sh
packages: packages:
- cri-o
- containernetworking-cni - containernetworking-cni
extra-repos: extra-repos:
@ -32,5 +33,8 @@ extra-repos:
- name: epel - name: epel
metalink: https://mirrors.fedoraproject.org/metalink?repo=epel-7&arch=$basearch metalink: https://mirrors.fedoraproject.org/metalink?repo=epel-7&arch=$basearch
gpgcheck: 0 gpgcheck: 0
- name: cri-o
baseurl: https://cbs.centos.org/repos/virt7-container-common-candidate/$basearch/os
gpgcheck: 0
context: centos/7/atomic/smoketested context: centos/7/atomic/smoketested

13
Dockerfile
View File

@ -67,6 +67,19 @@ RUN set -x \
&& cp runc /usr/bin/runc \ && cp runc /usr/bin/runc \
&& rm -rf "$GOPATH" && rm -rf "$GOPATH"
# Install conmon
ENV CRIO_COMMIT 814c6ab0913d827543696b366048056a31d9529c
RUN set -x \
&& export GOPATH="$(mktemp -d)" \
&& git clone https://github.com/kubernetes-incubator/cri-o.git "$GOPATH/src/github.com/kubernetes-incubator/cri-o.git" \
&& cd "$GOPATH/src/github.com/kubernetes-incubator/cri-o.git" \
&& git fetch origin --tags \
&& git checkout -q "$CRIO_COMMIT" \
&& mkdir bin \
&& make conmon \
&& install -D -m 755 bin/conmon /usr/libexec/crio/conmon \
&& rm -rf "$GOPATH"
# Install CNI plugins # Install CNI plugins
ENV CNI_COMMIT 7480240de9749f9a0a5c8614b17f1f03e0c06ab9 ENV CNI_COMMIT 7480240de9749f9a0a5c8614b17f1f03e0c06ab9
RUN set -x \ RUN set -x \

11
Makefile
View File

@ -52,7 +52,7 @@ help:
@echo "Usage: make <target>" @echo "Usage: make <target>"
@echo @echo
@echo " * 'install' - Install binaries to system locations" @echo " * 'install' - Install binaries to system locations"
@echo " * 'binaries' - Build conmon and podman" @echo " * 'binaries' - Build podmon"
@echo " * 'integration' - Execute integration tests" @echo " * 'integration' - Execute integration tests"
@echo " * 'clean' - Clean artifacts" @echo " * 'clean' - Clean artifacts"
@echo " * 'lint' - Execute the source code linter" @echo " * 'lint' - Execute the source code linter"
@ -75,9 +75,6 @@ gofmt:
fix_gofmt: fix_gofmt:
@./hack/verify-gofmt.sh -f @./hack/verify-gofmt.sh -f
conmon:
$(MAKE) -C $@
test/bin2img/bin2img: .gopathok $(wildcard test/bin2img/*.go) test/bin2img/bin2img: .gopathok $(wildcard test/bin2img/*.go)
$(GO) build $(LDFLAGS) -tags "$(BUILDTAGS) containers_image_ostree_stub" -o $@ $(PROJECT)/test/bin2img $(GO) build $(LDFLAGS) -tags "$(BUILDTAGS) containers_image_ostree_stub" -o $@ $(PROJECT)/test/bin2img
@ -100,7 +97,6 @@ endif
find . -name \*~ -delete find . -name \*~ -delete
find . -name \#\* -delete find . -name \#\* -delete
rm -f bin/podman rm -f bin/podman
make -C conmon clean
rm -f test/bin2img/bin2img rm -f test/bin2img/bin2img
rm -f test/copyimg/copyimg rm -f test/copyimg/copyimg
rm -f test/checkseccomp/checkseccomp rm -f test/checkseccomp/checkseccomp
@ -123,7 +119,7 @@ localintegration: test-binaries
vagrant-check: vagrant-check:
BOX=$(BOX) sh ./vagrant.sh BOX=$(BOX) sh ./vagrant.sh
binaries: conmon podman binaries: podman
test-binaries: test/bin2img/bin2img test/copyimg/copyimg test/checkseccomp/checkseccomp test-binaries: test/bin2img/bin2img test/copyimg/copyimg test/checkseccomp/checkseccomp
@ -142,7 +138,6 @@ install: .gopathok install.bin install.man install.cni
install.bin: install.bin:
install ${SELINUXOPT} -D -m 755 bin/podman $(BINDIR)/podman install ${SELINUXOPT} -D -m 755 bin/podman $(BINDIR)/podman
install ${SELINUXOPT} -D -m 755 bin/conmon $(LIBEXECDIR)/crio/conmon
install.man: docs install.man: docs
install ${SELINUXOPT} -d -m 755 $(MANDIR)/man1 install ${SELINUXOPT} -d -m 755 $(MANDIR)/man1
@ -165,7 +160,6 @@ install.docker: docker-docs
install ${SELINUXOPT} -m 644 docs/docker*.1 -t $(MANDIR)/man1 install ${SELINUXOPT} -m 644 docs/docker*.1 -t $(MANDIR)/man1
uninstall: uninstall:
rm -f $(LIBEXECDIR)/crio/conmon
for i in $(filter %.1,$(MANPAGES)); do \ for i in $(filter %.1,$(MANPAGES)); do \
rm -f $(MANDIR)/man1/$$(basename $${i}); \ rm -f $(MANDIR)/man1/$$(basename $${i}); \
done done
@ -208,7 +202,6 @@ install.tools: .install.gitvalidation .install.gometalinter .install.md2man
.PHONY: \ .PHONY: \
binaries \ binaries \
clean \ clean \
conmon \
default \ default \
docs \ docs \
gofmt \ gofmt \

1
README.md
View File

@ -29,6 +29,7 @@ The plan is to use OCI projects and best of breed libraries for different aspect
- Images: Image management using [containers/image](https://github.com/containers/image) - Images: Image management using [containers/image](https://github.com/containers/image)
- Storage: Storage and management of image layers using [containers/storage](https://github.com/containers/storage) - Storage: Storage and management of image layers using [containers/storage](https://github.com/containers/storage)
- Networking: Networking support through use of [CNI](https://github.com/containernetworking/cni) - Networking: Networking support through use of [CNI](https://github.com/containernetworking/cni)
- Conmon: [conmon](https://github.com/kubernetes-incubator/cri-o) Conmon is a tool for monitoring OCI runtimes. Part of the CRI-O package
## Podman Information for Developers ## Podman Information for Developers

13
conmon/Makefile
View File

@ -1,13 +0,0 @@
src = $(wildcard *.c)
obj = $(src:.c=.o)
override LIBS += $(shell pkg-config --libs glib-2.0)
override CFLAGS += -std=c99 -Os -Wall -Wextra $(shell pkg-config --cflags glib-2.0)
conmon: $(obj)
mkdir -p ../bin/
$(CC) -o ../bin/$@ $^ $(CFLAGS) $(LIBS)
.PHONY: clean
clean:
rm -f $(obj) ../bin/conmon

149
conmon/cmsg.c
View File

@ -1,149 +0,0 @@
/*
* Copyright 2016 SUSE LLC
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
/* NOTE: This code comes directly from runc/libcontainer/utils/cmsg.c. */
#include <errno.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <sys/socket.h>
#include <sys/types.h>
#include <unistd.h>
#include "cmsg.h"
#define error(fmt, ...) \
({ \
fprintf(stderr, "nsenter: " fmt ": %m\n", ##__VA_ARGS__); \
errno = ECOMM; \
goto err; /* return value */ \
})
/*
* Sends a file descriptor along the sockfd provided. Returns the return
* value of sendmsg(2). Any synchronisation and preparation of state
* should be done external to this (we expect the other side to be in
* recvfd() in the code).
*/
ssize_t sendfd(int sockfd, struct file_t file)
{
struct msghdr msg = {0};
struct iovec iov[1] = {0};
struct cmsghdr *cmsg;
int *fdptr;
union {
char buf[CMSG_SPACE(sizeof(file.fd))];
struct cmsghdr align;
} u;
/*
* We need to send some other data along with the ancillary data,
* otherwise the other side won't recieve any data. This is very
* well-hidden in the documentation (and only applies to
* SOCK_STREAM). See the bottom part of unix(7).
*/
iov[0].iov_base = file.name;
iov[0].iov_len = strlen(file.name) + 1;
msg.msg_name = NULL;
msg.msg_namelen = 0;
msg.msg_iov = iov;
msg.msg_iovlen = 1;
msg.msg_control = u.buf;
msg.msg_controllen = sizeof(u.buf);
cmsg = CMSG_FIRSTHDR(&msg);
cmsg->cmsg_level = SOL_SOCKET;
cmsg->cmsg_type = SCM_RIGHTS;
cmsg->cmsg_len = CMSG_LEN(sizeof(int));
fdptr = (int *) CMSG_DATA(cmsg);
memcpy(fdptr, &file.fd, sizeof(int));
return sendmsg(sockfd, &msg, 0);
}
/*
* Receives a file descriptor from the sockfd provided. Returns the file
* descriptor as sent from sendfd(). It will return the file descriptor
* or die (literally) trying. Any synchronisation and preparation of
* state should be done external to this (we expect the other side to be
* in sendfd() in the code).
*/
struct file_t recvfd(int sockfd)
{
struct msghdr msg = {0};
struct iovec iov[1] = {0};
struct cmsghdr *cmsg;
struct file_t file = {0};
int *fdptr;
int olderrno;
union {
char buf[CMSG_SPACE(sizeof(file.fd))];
struct cmsghdr align;
} u;
/* Allocate a buffer. */
/* TODO: Make this dynamic with MSG_PEEK. */
file.name = malloc(TAG_BUFFER);
if (!file.name)
error("recvfd: failed to allocate file.tag buffer\n");
/*
* We need to "recieve" the non-ancillary data even though we don't
* plan to use it at all. Otherwise, things won't work as expected.
* See unix(7) and other well-hidden documentation.
*/
iov[0].iov_base = file.name;
iov[0].iov_len = TAG_BUFFER;
msg.msg_name = NULL;
msg.msg_namelen = 0;
msg.msg_iov = iov;
msg.msg_iovlen = 1;
msg.msg_control = u.buf;
msg.msg_controllen = sizeof(u.buf);
ssize_t ret = recvmsg(sockfd, &msg, 0);
if (ret < 0)
goto err;
cmsg = CMSG_FIRSTHDR(&msg);
if (!cmsg)
error("recvfd: got NULL from CMSG_FIRSTHDR");
if (cmsg->cmsg_level != SOL_SOCKET)
error("recvfd: expected SOL_SOCKET in cmsg: %d", cmsg->cmsg_level);
if (cmsg->cmsg_type != SCM_RIGHTS)
error("recvfd: expected SCM_RIGHTS in cmsg: %d", cmsg->cmsg_type);
if (cmsg->cmsg_len != CMSG_LEN(sizeof(int)))
error("recvfd: expected correct CMSG_LEN in cmsg: %lu", cmsg->cmsg_len);
fdptr = (int *) CMSG_DATA(cmsg);
if (!fdptr || *fdptr < 0)
error("recvfd: recieved invalid pointer");
file.fd = *fdptr;
return file;
err:
olderrno = errno;
free(file.name);
errno = olderrno;
return (struct file_t){0};
}

38
conmon/cmsg.h
View File

@ -1,38 +0,0 @@
/*
* Copyright 2016 SUSE LLC
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
/* NOTE: This code comes directly from runc/libcontainer/utils/cmsg.h. */
#pragma once
#if !defined(CMSG_H)
#define CMSG_H
#include <sys/types.h>
/* TODO: Implement this properly with MSG_PEEK. */
#define TAG_BUFFER 4096
/* This mirrors Go's (*os.File). */
struct file_t {
char *name;
int fd;
};
struct file_t recvfd(int sockfd);
ssize_t sendfd(int sockfd, struct file_t file);
#endif /* !defined(CMSG_H) */

1465
conmon/conmon.c
View File

File diff suppressed because it is too large Load Diff

6
install.md
View File

@ -6,6 +6,10 @@
The latest version of `runc` is expected to be installed on the system. It is picked up as the default runtime by podman. The latest version of `runc` is expected to be installed on the system. It is picked up as the default runtime by podman.
#### conmon installed
The latest version of `conmon` is expected to be installed on the system. Conmon is used to monitor OCI Runtimes
#### Setup CNI networking #### Setup CNI networking
A proper description of setting up CNI networking is given in the A proper description of setting up CNI networking is given in the
@ -22,6 +26,7 @@ Fedora, CentOS, RHEL, and related distributions:
```bash ```bash
yum install -y \ yum install -y \
btrfs-progs-devel \ btrfs-progs-devel \
conmon \
device-mapper-devel \ device-mapper-devel \
git \ git \
glib2-devel \ glib2-devel \
@ -45,6 +50,7 @@ Debian, Ubuntu, and related distributions:
```bash ```bash
apt-get install -y \ apt-get install -y \
btrfs-tools \ btrfs-tools \
cri-o \
git \ git \
golang-go \ golang-go \
libassuan-dev \ libassuan-dev \

8
test/helpers.bash
View File

@ -18,12 +18,14 @@ else
fi fi
PODMAN_BINARY=${PODMAN_BINARY:-${CRIO_ROOT}/bin/podman} PODMAN_BINARY=${PODMAN_BINARY:-${CRIO_ROOT}/bin/podman}
# Path of the conmon binary.
CONMON_BINARY=${CONMON_BINARY:-${CRIO_ROOT}/bin/conmon}
# Path of the default seccomp profile. # Path of the default seccomp profile.
SECCOMP_PROFILE=${SECCOMP_PROFILE:-${CRIO_ROOT}/seccomp.json} SECCOMP_PROFILE=${SECCOMP_PROFILE:-${CRIO_ROOT}/seccomp.json}
# Name of the default apparmor profile. # Name of the default apparmor profile.
APPARMOR_PROFILE=${APPARMOR_PROFILE:-crio-default} APPARMOR_PROFILE=${APPARMOR_PROFILE:-crio-default}
# Conmon
CONMON=${CONMON:-conmon}
CONMON_PATH=$(command -v $CONMON || true)
CONMON_BINARY=${CONMON_PATH:-/usr/libexec/crio/conmon}
# Runtime # Runtime
RUNTIME=${RUNTIME:-runc} RUNTIME=${RUNTIME:-runc}
RUNTIME_PATH=$(command -v $RUNTIME || true) RUNTIME_PATH=$(command -v $RUNTIME || true)
@ -116,8 +118,6 @@ cp ${CRIO_ROOT}/cni/* ${LIBPOD_CNI_CONFIG}
PODMAN_OPTIONS="--root $TESTDIR/crio $STORAGE_OPTIONS --runroot $TESTDIR/crio-run --runtime ${RUNTIME_BINARY} --conmon ${CONMON_BINARY} --cni-config-dir ${LIBPOD_CNI_CONFIG}" PODMAN_OPTIONS="--root $TESTDIR/crio $STORAGE_OPTIONS --runroot $TESTDIR/crio-run --runtime ${RUNTIME_BINARY} --conmon ${CONMON_BINARY} --cni-config-dir ${LIBPOD_CNI_CONFIG}"
cp "$CONMON_BINARY" "$TESTDIR/conmon"
PATH=$PATH:$TESTDIR PATH=$PATH:$TESTDIR
for key in ${!IMAGES[@]}; do for key in ${!IMAGES[@]}; do