From 809a99a39e4f51af3b7fd254450f40ebe1ebd279 Mon Sep 17 00:00:00 2001
From: Lantao Liu <lantaol@google.com>
Date: Sat, 3 Feb 2018 01:04:43 +0000
Subject: [PATCH] Vendor cri plugin and add critest

Signed-off-by: Lantao Liu <lantaol@google.com>
---
 .travis.yml                          | 13 ++++++++
 BUILDING.md                          |  8 +++--
 Makefile                             |  2 ++
 cmd/containerd/builtins_cri_linux.go |  5 ++++
 script/setup/install-cni             | 44 ++++++++++++++++++++++++++++
 script/setup/install-critools        | 13 ++++++++
 script/setup/install-runc            |  2 +-
 7 files changed, 84 insertions(+), 3 deletions(-)
 create mode 100644 cmd/containerd/builtins_cri_linux.go
 create mode 100755 script/setup/install-cni
 create mode 100755 script/setup/install-critools

diff --git a/.travis.yml b/.travis.yml
index 3310250e2..58ff1b3e8 100644
--- a/.travis.yml
+++ b/.travis.yml
@@ -25,6 +25,7 @@ addons:
       - libaio-dev
       - libprotobuf-c0-dev
       - libprotobuf-dev
+      - socat
 
 env:
   - TRAVIS_GOOS=linux TRAVIS_CGO_ENABLED=1
@@ -34,6 +35,8 @@ before_install:
   - uname -r
   - sudo apt-get -q update
   - sudo apt-get install -y libseccomp-dev/trusty-backports
+  # Use jpetazzo/nsenter to install nsenter on ubuntu trusty.
+  - docker run --rm -v /usr/local/bin:/target jpetazzo/nsenter
 
 install:
   - sudo PATH=$PATH GOPATH=$GOPATH script/setup/install-protobuf
@@ -43,6 +46,8 @@ install:
   - protoc --version
   - go get -u github.com/vbatts/git-validation
   - sudo PATH=$PATH GOPATH=$GOPATH script/setup/install-runc
+  - sudo PATH=$PATH GOPATH=$GOPATH script/setup/install-cni
+  - sudo PATH=$PATH GOPATH=$GOPATH script/setup/install-critools
   - wget https://github.com/xemul/criu/archive/v3.0.tar.gz -O /tmp/criu.tar.gz
   - tar -C /tmp/ -zxf /tmp/criu.tar.gz
   - cd /tmp/criu-3.0 && sudo make install-criu
@@ -65,6 +70,14 @@ script:
   - if [ "$GOOS" = "linux" ]; then sudo PATH=$PATH GOPATH=$GOPATH make integration ; fi
   # Run the integration suite a second time. See discussion in github.com/containerd/containerd/pull/1759
   - if [ "$GOOS" = "linux" ]; then sudo PATH=$PATH GOPATH=$GOPATH TESTFLAGS_PARALLEL=1 make integration ; fi
+  - if [ "$GOOS" = "linux" ]; then
+      sudo PATH=$PATH containerd -log-level debug &> /tmp/containerd-cri.log &
+      sudo PATH=$PATH GOPATH=$GOPATH critest --runtime-endpoint=/var/run/containerd/containerd.sock validation ;
+      exit_code=$? ;
+      test $exit_code -ne 0 && cat /tmp/containerd-cri.log ;
+      sudo pkill containerd ;
+      exit $exit_code ;
+    fi
 
 after_success:
   - bash <(curl -s https://codecov.io/bash) -F linux
diff --git a/BUILDING.md b/BUILDING.md
index f432b4db5..2267b27da 100644
--- a/BUILDING.md
+++ b/BUILDING.md
@@ -69,8 +69,12 @@ compiler to regenerate the API generated code packages with:
 make generate
 ```
 
-> *Note*: A build tag is currently available to disable building the btrfs snapshot driver.
-> Adding `BUILDTAGS=no_btrfs` to your environment before calling the **binaries**
+> *Note*: Several build tags are currently available:
+> * `no_btrfs`: A build tag disables building the btrfs snapshot driver.
+> * `no_cri`: A build tag disables building Kubernetes [CRI](http://blog.kubernetes.io/2016/12/container-runtime-interface-cri-in-kubernetes.html) support into containerd.
+> See [here](https://github.com/containerd/cri-containerd#build-tags) for build tags of CRI plugin.
+>
+> For example, adding `BUILDTAGS=no_btrfs` to your environment before calling the **binaries**
 > Makefile target will disable the btrfs driver within the containerd Go build.
 
 Vendoring of external imports uses the [`vndr` tool](https://github.com/LK4D4/vndr) which uses a simple config file, `vendor.conf`, to provide the URL and version or hash details for each vendored import. After modifying `vendor.conf` run the `vndr` tool to update the `vendor/` directory contents. Combining the `vendor.conf` update with the changeset in `vendor/` after running `vndr` should become a single commit for a PR which relies on vendored updates.
diff --git a/Makefile b/Makefile
index 58816a8f0..b079c5641 100644
--- a/Makefile
+++ b/Makefile
@@ -59,6 +59,8 @@ TEST_REQUIRES_ROOT_PACKAGES=$(filter \
 COMMANDS=ctr containerd containerd-stress containerd-release
 MANPAGES=ctr.1 containerd.1 config.toml.5 containerd-config.1
 
+# Build tags seccomp and apparmor are needed by CRI plugin.
+BUILDTAGS ?= seccomp apparmor
 GO_TAGS=$(if $(BUILDTAGS),-tags "$(BUILDTAGS)",)
 GO_LDFLAGS=-ldflags '-s -w -X $(PKG)/version.Version=$(VERSION) -X $(PKG)/version.Revision=$(REVISION) -X $(PKG)/version.Package=$(PKG) $(EXTRA_LDFLAGS)'
 SHIM_GO_LDFLAGS=-ldflags '-s -w -X $(PKG)/version.Version=$(VERSION) -X $(PKG)/version.Revision=$(REVISION) -X $(PKG)/version.Package=$(PKG) -extldflags "-static"'
diff --git a/cmd/containerd/builtins_cri_linux.go b/cmd/containerd/builtins_cri_linux.go
new file mode 100644
index 000000000..deb5de0ad
--- /dev/null
+++ b/cmd/containerd/builtins_cri_linux.go
@@ -0,0 +1,5 @@
+// +build !no_cri
+
+package main
+
+import _ "github.com/containerd/cri-containerd"
diff --git a/script/setup/install-cni b/script/setup/install-cni
new file mode 100755
index 000000000..1d4573d4f
--- /dev/null
+++ b/script/setup/install-cni
@@ -0,0 +1,44 @@
+#!/usr/bin/env bash
+#
+# Builds and installs cni plugins to /opt/cni/bin,
+# and create basic cni config in /etc/cni/net.d.
+# The commit defined in vendor.conf
+#
+set -eu -o pipefail
+
+CNI_COMMIT=$(grep containernetworking/plugins ${GOPATH}/src/github.com/containerd/containerd/vendor.conf | cut -d " " -f 2)
+CNI_DIR=/opt/cni
+CNI_CONFIG_DIR=/etc/cni/net.d
+
+go get -d github.com/containernetworking/plugins/...
+cd $GOPATH/src/github.com/containernetworking/plugins
+git checkout $CNI_COMMIT
+FASTBUILD=true ./build.sh
+mkdir -p $CNI_DIR
+cp -r ./bin $CNI_DIR
+mkdir -p $CNI_CONFIG_DIR
+bash -c 'cat >'$CNI_CONFIG_DIR'/10-containerd-net.conflist <<EOF
+{
+  "cniVersion": "0.3.1",
+  "name": "containerd-net",
+  "plugins": [
+    {
+      "type": "bridge",
+      "bridge": "cni0",
+      "isGateway": true,
+      "ipMasq": true,
+      "ipam": {
+        "type": "host-local",
+        "subnet": "10.88.0.0/16",
+        "routes": [
+          { "dst": "0.0.0.0/0" }
+        ]
+      }
+    },
+    {
+      "type": "portmap",
+      "capabilities": {"portMappings": true}
+    }
+  ]
+}
+EOF'
diff --git a/script/setup/install-critools b/script/setup/install-critools
new file mode 100755
index 000000000..eb907f69f
--- /dev/null
+++ b/script/setup/install-critools
@@ -0,0 +1,13 @@
+#!/usr/bin/env bash
+#
+# Builds and installs critools including critest and crictl
+# to /usr/local/bin.
+#
+set -eu -o pipefail
+
+CRITEST_COMMIT=240a840375cdabb5860c75c99e8b0d0a776006b4
+go get -d github.com/kubernetes-incubator/cri-tools/...
+cd $GOPATH/src/github.com/kubernetes-incubator/cri-tools
+git checkout $CRITEST_COMMIT
+make
+make install
diff --git a/script/setup/install-runc b/script/setup/install-runc
index 3fbdd62c9..b0eacfd5d 100755
--- a/script/setup/install-runc
+++ b/script/setup/install-runc
@@ -7,7 +7,7 @@ set -eu -o pipefail
 
 RUNC_COMMIT=$(grep opencontainers/runc ${GOPATH}/src/github.com/containerd/containerd/vendor.conf | cut -d " " -f 2)
 
-go get -u github.com/opencontainers/runc
+go get -d github.com/opencontainers/runc
 cd $GOPATH/src/github.com/opencontainers/runc
 git checkout $RUNC_COMMIT
 make BUILDTAGS="apparmor seccomp" runc install