At present they use a small shared function called "prepare"
that does the read-write remounts, that I will switch to doing overlay
mounts soon.
Signed-off-by: Justin Cormack <justin.cormack@docker.com>
After #2289 we need to bind /etc/resolv.conf into the docker and kubelet
containers on both node and master.
Also since #2289 the metadata container requires /etc/resolv.conf to be
populated on the host, which means running DHCP earlier in oneshot onboot mode,
do so.
Signed-off-by: Ian Campbell <ijc@docker.com>
This makes the need to pull $(BASE) redundant.
Rebuild resulted in linuxkit/guestfs:aecc40bf84ce4f4238e06934c46d7cc570a39eed@sha256:62e810869e83dabe04af7ac8fcd81d9f177d986a3424dcb9c4eb5439993c962f
Signed-off-by: Ian Campbell <ijc@docker.com>
with cwd of test this was done with:
for i in pkg/* ; do make --no-print-directory -C $i show-tag; done | ( IFS=: ; while read image hash ; do ../scripts/update-component-sha.sh --image $image $hash ; done )
Note that `linuxkit/test-virtsock` (built by `test/pkg/virtsock`) does not
appear to be referenced anywhere.
Signed-off-by: Ian Campbell <ijc@docker.com>
Makefile and Dockerfile are implicit from pacakge.mk.
Need to list the other files consumed by the Dockerfile though.
template.yml is only for manual testing and so is not a dependency of the
standard build.
Signed-off-by: Ian Campbell <ijc@docker.com>
This makes the package actually build reproducibly, with the downside that it
requires changing the hash. Perhaps this should move to tools/alpine.
Signed-off-by: Ian Campbell <ijc@docker.com>
This commit adds a myriad of test cases to ensure the format and mount
and extend packages are working as expected
Signed-off-by: Dave Tucker <dt@docker.com>
This was split out from pkg/format into its own package.
It has the ability to extend ext4, btrfs and xfs partitions.
Signed-off-by: Dave Tucker <dt@docker.com>
This commit rewrites the mount package in Go.
It adds the ability to mount the by label, UUID or name.
It also fixes the automatic mount logic to check that a drive isn't
already mounted before attempting to mount it. This allows for multiple
uses of the mount pkg in a single YAML file.
Signed-off-by: Dave Tucker <dt@docker.com>
This commit re-writes the format package in Go and adds the ability to
add partition labels and also specify either ext4, btrfs or xfs
Signed-off-by: Dave Tucker <dt@docker.com>
This moves most of the initialisation of containers to the
service init in the `service` command.
Still leaves remounting root file systems read only but this
will go away shortly. Another step closer to removing shell
scripts in base system.
Signed-off-by: Justin Cormack <justin.cormack@docker.com>
This is like the `push` target but omits the pulls and depends on forcetag
instead. With the git commit now being embedded into the image this is now a
necessary part of rebasing a PR for which images have already been pushed.
Also adds PHONY targets for existing forcetag and push targets which were
missing.
NB $(error) appends a "." to omit the final one from the error message
Signed-off-by: Ian Campbell <ijc@docker.com>
These tests run individual and a mix of namespace stress tests
mostly around networking and unix domain sockets where either
the client or the server of socket echo application is run inside
a container in different configurations:
- different protocols
- short or long lived connections
- different levels of concurrency
Tests are only run if the 'kernel' label is specified and more
detailed tests are run if the additional 'kernel-extra' label
is specified.
Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
The previous version just created a network name space which does
not allow us to also test additional namespaces, e.g. for unix
domain sockets.
This commit uses runc to create a fully namespaced container to
run a test in. It creates a container, configures the network
interfaces in the new network namespace before starting the
container.
A OCI config.json template is used and then customised for a
given test based on command line arguments.
Finally, instead of iperf, we use the socket stress test from
https://github.com/linuxkit/virtsock as it provides finer-grained
control over the traffic patterns (e.g. long lived vs lots of
short lived connections).
Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
We should always pull and push linuxkit/alpine with content trust
irrespective of architecture, unless explicitly disabled.
Currently, we have to dance around various other issues on arm64,
which are now documented in the Makefile.
Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
These contribute ~140M to the common image cache but do not appear to be used
by either the base system nor the sock-shop demo. They can/will still be pulled
on demands as necessary.
Signed-off-by: Ian Campbell <ijc@docker.com>
Bumps kubernetes and associated tools and images to v1.6.7 (from v1.6.1).
Updates weave from v1.9.4 to v2.0.1
Updates cni from a snapshot to v0.5.2. Note that the download location has
changed and the tarball no longer includes the `bin` subdirectory, so adjust
build to compensate.
Signed-off-by: Ian Campbell <ijc@docker.com>
Much smaller than the CentOS based one.
Note that ijc25/alpine-ssh has entrypoint==ssh.
Drop Compression=yes, this is used for local ssh so no point compressing (just uses CPU).
Signed-off-by: Ian Campbell <ijc@docker.com>
