containerd

Author	SHA1	Message	Date
Iceber Gu	b592a4c1ec	oci: fix WithDevShmSize Signed-off-by: Iceber Gu <wei.cai-nat@daocloud.io>	2021-03-17 13:43:58 +08:00
Fu, Wei	1a0973dde3	Merge pull request #5206 from Iceber/fix-new-container runtime/v2/runc: fix the defer cleanup of the NewContainer	2021-03-17 12:11:45 +08:00
Akihiro Suda	5978fe807a	Merge pull request #5212 from thaJeztah/gofmt_all_the_things gofmt -s -w all the things	2021-03-17 10:50:26 +09:00
Kazuyoshi Kato	8731888ec0	Re-enable CRIU tests by not using overlayfs snapshotter While the issue hasn't been fixed in the kernel yet, we can workaround the issue by not using overlayfs snapshotter. The newly added step runs all tests that match /TestCheckpoint/. So, TestCRWithImagePath has been renamed to match the regexp. Fixes #3930. Signed-off-by: Kazuyoshi Kato <katokazu@amazon.com>	2021-03-16 16:48:30 -07:00
Kazuyoshi Kato	b520428b5a	Fix CRIU - process.Init#io could be nil - Make sure CreateTaskRequest#Options is not empty before unmarshaling Signed-off-by: Kazuyoshi Kato <katokazu@amazon.com>	2021-03-16 16:46:45 -07:00
Sebastiaan van Stijn	4e76bcf061	gofmt -s -w all the things Signed-off-by: Sebastiaan van Stijn <github@gone.nl>	2021-03-16 21:29:41 +01:00
Derek McGowan	f201b78b90	Merge pull request #5205 from dmcgowan/prepare-v1.5.0-beta.4 Prepare release notes for v1.5.0-beta.4	2021-03-16 10:45:28 -07:00
Derek McGowan	767600899b	Merge pull request #5207 from thaJeztah/bump_btrfs go.mod: update various dependencies	2021-03-16 10:34:51 -07:00
Sebastiaan van Stijn	569023fd51	go.mod: github.com/containerd/nri v0.0.0-20210316161719-dbaa18c31c14 full diff: `eb1350a751...dbaa18c31c` Signed-off-by: Sebastiaan van Stijn <github@gone.nl>	2021-03-16 17:56:01 +01:00
Sebastiaan van Stijn	0e1f59e896	go.mod: github.com/containerd/zfs v0.0.0-20210315114300-dde8f0fda960 no significant changes; removes the vendor directory in the repo Signed-off-by: Sebastiaan van Stijn <github@gone.nl>	2021-03-16 16:49:06 +01:00
Michael Crosby	1a28c2f7ec	Merge pull request #5200 from pacoxu/skip-error-check ctr plugin ls: plugin status should be skip, not error	2021-03-16 11:48:56 -04:00
pacoxu	ffff688663	upgrade pause image to 3.5 for non-root Signed-off-by: pacoxu <paco.xu@daocloud.io>	2021-03-16 23:20:35 +08:00
Sebastiaan van Stijn	88d3881e1d	go.mod: github.com/containerd/fifo v0.0.0-20210316144830-115abcc95a1d full diff: `0724c46b32...115abcc95a` Signed-off-by: Sebastiaan van Stijn <github@gone.nl>	2021-03-16 16:01:16 +01:00
Sebastiaan van Stijn	a22c43fa44	go.mod: github.com/containerd/aufs v0.0.0-20210316121734-20793ff83c97 full diff: `ffdde14902...20793ff83c` Signed-off-by: Sebastiaan van Stijn <github@gone.nl>	2021-03-16 15:36:29 +01:00
Sebastiaan van Stijn	f6f8617367	go.mod: github.com/containerd/btrfs v0.0.0-20210316141732-918d888fb676 full diff: `404b914980...918d888fb6` Signed-off-by: Sebastiaan van Stijn <github@gone.nl>	2021-03-16 15:33:23 +01:00
Sebastiaan van Stijn	460b35236e	go.mod: kubernetes v1.20.4 no changes in vendored code, but syncing with the latest v1.20.x patch release. Signed-off-by: Sebastiaan van Stijn <github@gone.nl>	2021-03-16 10:53:16 +01:00
Akihiro Suda	fef6bb8d33	Merge pull request #5204 from thaJeztah/overlayutils move overlay-checks to an overlayutils package	2021-03-16 15:50:29 +09:00
Iceber Gu	5e484c9613	runtime/v2/runc: fix the defer cleanup of the NewContainer Signed-off-by: Iceber Gu <wei.cai-nat@daocloud.io>	2021-03-16 11:41:17 +08:00
Derek McGowan	e6086d9c07	Prepare release notes for v1.5.0-beta.4 Signed-off-by: Derek McGowan <derek@mcg.dev>	2021-03-15 16:14:27 -07:00
Derek McGowan	34b7a5f094	Update mailmap Signed-off-by: Derek McGowan <derek@mcg.dev>	2021-03-15 16:14:27 -07:00
Derek McGowan	2755ead927	Merge pull request #4978 from cpuguy83/certs_dir Add support for using a host registry dir in cri	2021-03-15 13:47:03 -07:00
Sebastiaan van Stijn	ba8f9845ec	move overlay-checks to an overlayutils package This allows using the utilities without importing the whole snapshotter. Signed-off-by: Sebastiaan van Stijn <github@gone.nl>	2021-03-15 19:18:50 +01:00
Brian Goff	7776e5ef2a	Support adding devices by dir This enables cases where devices exist in a subdirectory of /dev, particularly where those device names are not portable across machines, which makes it problematic to specify from a runtime such as cri. Added this to `ctr` as well so I could test that the code at least works. Signed-off-by: Brian Goff <cpuguy83@gmail.com>	2021-03-15 16:42:23 +00:00
Phil Estes	a1138182d5	Merge pull request #5180 from dmcgowan/lint-enforce-comments Fix exported comments enforcer in CI	2021-03-15 10:50:06 -04:00
Phil Estes	fad66f94ec	Merge pull request #5174 from fuweid/fix-5130 runtime: ignore file-already-closed error if dead shim	2021-03-15 10:38:41 -04:00
Phil Estes	bd4f468c62	Merge pull request #5186 from cpuguy83/fix_docker_cert_loading Fix docker style cert loading.	2021-03-15 10:36:42 -04:00
Phil Estes	5461fa3a75	Merge pull request #5196 from Iceber/fix-rootfs rootfs: fix the error handling of the snapshotter.Commit	2021-03-15 09:54:47 -04:00
Wei Fu	d895118c7c	runtime/v2/runc: fix leaking socket path When runC shimv2 starts, the StartShim interface will re-exec itself as long-running process, which will read the `address` during initializing. ```happycase Process containerd-shim-runc-v1/v2 start containerd-shim-runc-v1/v2 initializing socket reexec containerd-shim-runc-v1/v2 write address into file initializing read address write back to containerd daemon serving ... remove address in Shutdown call ``` However, there is no synchronization after reexec. Then the data race is like: ```leaking-case Process containerd-shim-runc-v1/v2 start containerd-shim-runc-v1/v2 initializing socket reexec containerd-shim-runc-v1/v2 initializing read address write address into file write back to containerd daemon serving ... fail to remove address because of empty address ``` The `address` should be writen into file first before reexec. And if shutdown the whole service before cleanup temporary resource (like socket file), the Shutdown caller will receive `ttrpc: closed` sometime, which depends on go runtime scheduler. Then it also causes leaking socket files. Since the shimV2-Delete binary API must be called to cleanup shim temporary resource and shimV2-runC-v1 doesn't support grouping multi containers in one, it is safe to remove the socket file in the binary call for shimV2-runC-v1. But for the shimV2-runC-v2 shim, we still cleanup socket in Shutdown. Hopefully we can find a way to cleanup socket in shimV2-Delete binary call. Fix: #5173 Signed-off-by: Wei Fu <fuweid89@gmail.com>	2021-03-15 18:32:00 +08:00
pacoxu	a76cefd124	plugin status should be skip, not error Signed-off-by: pacoxu <paco.xu@daocloud.io>	2021-03-15 18:04:37 +08:00
Shiming Zhang	766e7953ab	Change dgst to digest in debug Signed-off-by: Shiming Zhang <wzshiming@foxmail.com>	2021-03-15 16:46:19 +08:00
Iceber Gu	4e8b2f309a	rootfs: fix the error handling of the createInitLayer Signed-off-by: Iceber Gu <wei.cai-nat@daocloud.io>	2021-03-15 15:48:48 +08:00
Fu, Wei	6b410ba41f	Merge pull request #5197 from Iceber/fix-ctr-command cmd/ctr: fix export command	2021-03-15 15:41:14 +08:00
Fu, Wei	06e6f45c31	Merge pull request #5198 from Iceber/fix-usage cmd/ctr: use e.g. in the command usage	2021-03-15 15:37:39 +08:00
Iceber Gu	d3ad7f3908	cmd/ctr: use e.g. in the command usage Signed-off-by: Iceber Gu <wei.cai-nat@daocloud.io>	2021-03-15 13:48:25 +08:00
Iceber Gu	231bbdc379	cmd/ctr: fix export command Signed-off-by: Iceber Gu <wei.cai-nat@daocloud.io>	2021-03-15 13:22:56 +08:00
Akihiro Suda	ecb881e5e6	add imgcrypt stream processors to the default config Enable the following config by default: ```toml version = 2 [plugins."io.containerd.grpc.v1.cri".image_decryption] key_model = "node" [stream_processors] [stream_processors."io.containerd.ocicrypt.decoder.v1.tar.gzip"] accepts = ["application/vnd.oci.image.layer.v1.tar+gzip+encrypted"] returns = "application/vnd.oci.image.layer.v1.tar+gzip" path = "ctd-decoder" args = ["--decryption-keys-path", "/etc/containerd/ocicrypt/keys"] env = ["OCICRYPT_KEYPROVIDER_CONFIG=/etc/containerd/ocicrypt/ocicrypt_keyprovider.conf"] [stream_processors."io.containerd.ocicrypt.decoder.v1.tar"] accepts = ["application/vnd.oci.image.layer.v1.tar+encrypted"] returns = "application/vnd.oci.image.layer.v1.tar" path = "ctd-decoder" args = ["--decryption-keys-path", "/etc/containerd/ocicrypt/keys"] env = ["OCICRYPT_KEYPROVIDER_CONFIG=/etc/containerd/ocicrypt/ocicrypt_keyprovider.conf"] ``` Fix issue 5128 Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>	2021-03-15 13:27:16 +09:00
Akihiro Suda	ac2726e12c	cmd/containerd: deduplicate config*.go `config_linux.go` and `config_windows.go` are identical. `config_unsupported.go` is also almost identical but enables debug logs by default. Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>	2021-03-15 13:27:16 +09:00
Akihiro Suda	9a7ca39cbd	defaults: add DefaultConfigDir Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>	2021-03-15 13:27:15 +09:00
Madhav Jivrajani	8f863afd3a	Use net.IP.IsLoopback() to match loopback addresses - changed the `MatchLocalhost` function in remotes/docker/registry.go - Make use of SplitHostPort to split host and port number - Added additional tests for modified code in remotes/docker/registry_test.go - Note: this does not handle mathcing of IP addresses in octal, decimal or hex format or a mix of these. Fixes: #5129 Signed-off-by: Madhav Jivrajani <madhav.jiv@gmail.com>	2021-03-15 09:57:01 +05:30
Wei Fu	eabd9b98b6	runtime: ignore file-already-closed error if dead shim fix: #5130 Signed-off-by: Wei Fu <fuweid89@gmail.com>	2021-03-15 12:18:26 +08:00
Maksym Pavlenko	e231b955dd	Merge pull request #5154 from estesp/zero-len Better error when handling a descriptor of size zero	2021-03-14 15:40:39 -07:00
Maksym Pavlenko	5b7f2657d7	Merge pull request #5184 from thaJeztah/fixate_buildtags Prevent runc inheriting BUILDTAGS from containerd	2021-03-13 22:32:01 -08:00
Phil Estes	f6a9942733	Better error when handling a descriptor of size zero Signed-off-by: Phil Estes <estesp@amazon.com>	2021-03-13 22:48:55 -05:00
Phil Estes	92009ad7a3	Merge pull request #5164 from errordeveloper/master Improve unexpected response error handling	2021-03-13 22:05:53 -05:00
Phil Estes	6f94b156fa	Merge pull request #5189 from TBBle/reduce-load-on-ratelimited-docker.io Reduce load on ratelimited docker.io	2021-03-13 22:05:15 -05:00
Phil Estes	42266dadcf	Merge pull request #5182 from thaJeztah/bump_go_runc go.mod: github.com/containerd/go-runc v0.0.0-20201020171139-16b287bc67d0	2021-03-13 22:01:56 -05:00
Sebastiaan van Stijn	bd2c0898aa	go.mod: github.com/containerd/go-runc v0.0.0-20201020171139-16b287bc67d0 full diff: `7016d3ce23...16b287bc67` Signed-off-by: Sebastiaan van Stijn <github@gone.nl>	2021-03-13 20:12:12 +01:00
Derek McGowan	1432839310	Merge pull request #5185 from thaJeztah/update_imgcrypt go.mod: update containerd/imgcrypt, containerd/aufs, containerd/zfs	2021-03-13 09:55:14 -08:00
Sebastiaan van Stijn	24a8b460e7	go.mod: github.com/containerd/zfs v0.0.0-20210313052028-2233970b74b1 full diff: `11e8f1707f...2233970b74` Signed-off-by: Sebastiaan van Stijn <github@gone.nl>	2021-03-13 10:45:23 +01:00
Sebastiaan van Stijn	f0b6bcb775	go.mod: github.com/containerd/aufs v0.0.0-20210313051948-ffdde1490233 full diff: `76a6863f29...ffdde14902` Signed-off-by: Sebastiaan van Stijn <github@gone.nl>	2021-03-13 10:41:46 +01:00

... 5 6 7 8 9 ...

9192 Commits