Commit Graph

171 Commits (4e69662758446c7dc0e6de2bc1f7973d03bacbed)

Author SHA1 Message Date
Akihiro Suda 19d31737fb
Merge pull request #1963 from tonistiigi/release-count-fixes 2021-02-19 08:22:54 +09:00
Brian Goff d9834f872c
Add support for apparmor/selinux
Set's an apparmor profile on the OCI spec if one is configred on the
worker.
Adds selinux labels to containers (only added if selinux is enabled on
the system).

This assumes that the specified apparmor profile is already loaded on
the system and does not try to load it or even check if it is loaded.

SELinux support requires the `selinux` build tag to be added.
Likewise, `runc` would require both the `apparmor` and `selinux` build
tags.

Signed-off-by: Brian Goff <cpuguy83@gmail.com>

Vendored go-selinux to v1.8.0
Fixed tests

Signed-off-by: Tibor Vass <tibor@docker.com>
(cherry picked from commit 68bb095353)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2021-02-04 22:01:34 +01:00
Tonis Tiigi b4b0ece384 make sure result refs returned in errors are clone
Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
2021-02-03 10:49:38 -08:00
Tonis Tiigi 970e630f1b add debug for runcworker test
Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
2020-12-13 18:44:54 -08:00
Tonis Tiigi 0fe7550f2d cache-mounts: avoid leaking old index on no-cache
Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
2020-11-24 21:04:59 -08:00
Edgar Lee bcff7baf60 Allow scratch mounts with gateway.RunContainer
- Plumb default worker by adding GetDefault() to frontend.WorkerInfos
- To avoid cyclic dependency, refactor frontend.WorkerInfos to worker.Infos
- Refactor gateway.NewContainer to share code with llbsolver/ops/exec.go

Signed-off-by: Edgar Lee <edgarl@netflix.com>
2020-11-13 22:05:13 -08:00
Tibor Vass fad612e748 Allow worker to override GetRemote(), needed in moby integration
This fixes panics in the moby integration of buildkit when using cache.
Panics come from nil Differ in computeBlobChain which is called in GetRemote().

GetRemote() got moved from Worker to ImmutableRef during the lazy-pull refactor.
However, the ability to easily override GetRemote() got lost with that refactor.

This patch attempts to allow for the override while keeping changes minimal.

Signed-off-by: Tibor Vass <tibor@docker.com>
2020-11-13 21:30:35 +00:00
Tonis Tiigi bdcee17437 executor: change mount to struct
Allows readonly passed cleanly.

Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
2020-11-02 22:20:51 -08:00
Tonis Tiigi e3b05289d8 add session injection to remote loading
Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
2020-11-02 22:20:44 -08:00
Akihiro Suda 78f3e86dc1
Merge pull request #1627 from coryb/gateway-exec-proto
update gateway to add ability to run and exec into containers
2020-10-04 20:11:45 +09:00
Cory Bennett c04aeca088 fix unnecessary MetadataStore rename
Signed-off-by: Cory Bennett <cbennett@netflix.com>
2020-10-02 06:33:19 +00:00
Cory Bennett 3cc8aa0649 move ExecOps mounting logic into new package so logic can be reused from gateway exec
Signed-off-by: Cory Bennett <cbennett@netflix.com>
2020-09-15 07:01:42 +00:00
Cory Bennett 9855a080c7 ensure containerd is running for worker tests
Signed-off-by: Cory Bennett <cbennett@netflix.com>
2020-09-01 07:04:27 +00:00
Erik Sipsma 55cbd19dec Add support for lazily-pulled blobs in cache manager.
This allows the layers of images to only be pulled if/once they are actually
required.

Signed-off-by: Erik Sipsma <erik@sipsma.dev>
2020-08-05 17:18:43 -07:00
Cory Bennett f781f83a89 fix containerd executor Run/Exec to close container input on eof from stdin
Signed-off-by: Cory Bennett <cbennett@netflix.com>
2020-08-01 17:21:40 +00:00
Tonis Tiigi 06c4197c05 rename binfmt_misc to archutil
Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
2020-07-19 09:28:36 -07:00
Tonis Tiigi c8190b1518 lint: enable golint
Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
2020-07-19 09:28:24 -07:00
Cory Bennett 6a56695d3a remove `Get` prefix from Executor/CacheManager funcs and update to avoid naming conflicts
Signed-off-by: Cory Bennett <cbennett@netflix.com>
2020-07-17 00:54:15 +00:00
Cory Bennett 453c76d29e add Run/Exec to FrontendLLBBridge interface
Signed-off-by: Cory Bennett <cbennett@netflix.com>
2020-07-16 23:20:14 +00:00
Paul "TBBle" Hampson 156d66da02 Revert "Pin containerd runtime to v1"
This reverts commit 9290c15ffc.

This was pinned during the upgrade to containerd 1.3 series, which
changed the default runtime on Linux to io.containerd.runc.v2.

No specific rationale was listed for this pinning, and clearly it's the
wrong thing to do in the presence of Windows, which does not have this
runtime.

Instead, we rely on the containerd-internal defaults, which distinguish
the runtimes for Linux and Windows.

Signed-off-by: Paul "TBBle" Hampson <Paul.Hampson@Pobox.com>
2020-07-16 15:06:20 +10:00
Cory Bennett 5909d1642e simplify done channel handling, fix other pr comments.
Signed-off-by: Cory Bennett <cbennett@netflix.com>
2020-07-11 01:14:37 +00:00
Cory Bennett 5e91dff4ed fix error handling for exec when container fails to start
update run/exec tests for stdin and expected failures
move common tests for runc and container to shared tests package

Signed-off-by: Cory Bennett <cbennett@netflix.com>
2020-07-10 22:06:42 +00:00
Cory Bennett 6d58121c11 Update Executor interface for Run and Exec
Signed-off-by: Cory Bennett <cbennett@netflix.com>
2020-07-09 23:40:36 +00:00
Tonis Tiigi 2e9987ad16 session: track sessions with a group construct
Avoid hidden session passing and allow one session to drop when
multiple builds share a vertex.

Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
2020-07-05 00:15:25 -07:00
Tonis Tiigi 37b8832d00 upgrade errors checks to Is()
Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
2020-04-18 22:53:38 -07:00
Tonis Tiigi 2c3cf11fde resolver: update to new registryhosts based config
Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
2020-03-05 19:56:43 -08:00
Akihiro Suda 7b579cdb98 vendor: update containerd (and various packages)
Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
2020-02-28 10:24:10 +09:00
Tonis Tiigi d1458a6587 update supported platforms without restart
Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
2020-02-26 08:15:42 -08:00
Tonis Tiigi 8cfe2de889 solver: evaluate solve results lazily
Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
2020-02-05 15:29:43 -08:00
Paul "TBBle" Hampson e801cc8238 Recognise Runtime V2 containerd plugins
This makes this code successfully discover the Windows Runtime V2
(hcsshim-based) plugin now that the Windows Runtime V1 (runhcs-based)
plugin has been removed upstream.

Signed-off-by: Paul "TBBle" Hampson <Paul.Hampson@Pobox.com>
2020-01-30 00:34:44 +11:00
Paul "TBBle" Hampson c67499de09 Create a new Error when there is no Error to wrap
Wrapping a `nil` error produces `nil`, which causes the calling code to
see success, and continue on with a default-created WorkerOpt, which
causes segfaults later.

Signed-off-by: Paul "TBBle" Hampson <Paul.Hampson@Pobox.com>
2020-01-30 00:34:44 +11:00
Edgar Lee 2edb431a0f Allow previous solve results to be used in new solves
Signed-off-by: Edgar Lee <edgarl@netflix.com>
2020-01-23 11:02:40 -08:00
Tõnis Tiigi e7304e9a51
Merge pull request #1283 from jeffreyhuang23/issue-1230
Fix issue #1230 (add --oci-worker-binary)
2019-12-12 20:57:59 -08:00
Nikhil Pandeti 7efcee49c5 Oci worker binary documentation and add missing constructor arg in runc_test
Signed-off-by: Nikhil Pandeti <nikhil.pandeti@utexas.edu>
2019-12-12 13:25:56 -06:00
Jeffrey Huang 20258652b3 Fix issue #1230
To support switching the OCI worker binary via buildkitd and without modifying the Dockerfile, an optional command-line flag was added to main_oci_worker.go that allowed for input the name of an OCI worker binary (ex. crun). This OCI worker binary would then replace the current buildkit-runc with a symbolic link to that binary. The above was done using the os/exec package's Command func.

Signed-off-by: Jeffrey Huang <jeffreyhuang23@gmail.com>
2019-12-12 04:33:24 -06:00
Wei Fu 65388edc6c exporter: support compression for layer blob data
Allow user to choose the compression type for layer data. Gzip is
default compression for layer exporter, which consume more Cpu resources
and take long time to export. With compression option, user can use
nocompressed option to export to save time. And future, zstd is one new
option for end-user.

Signed-off-by: Wei Fu <fuweid89@gmail.com>
2019-12-09 23:51:38 +08:00
Tonis Tiigi 339d4b2fef leaseutil: mark temporary leases with timestamps
Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
2019-10-16 10:35:50 -07:00
Tonis Tiigi 31a9aeea88 cache: add migration flow to new lease based format
Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
2019-10-16 10:35:49 -07:00
Tonis Tiigi d35d2c1c94 blobs: ensure lease is held on GetDiffPairs
Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
2019-10-16 10:35:48 -07:00
Tonis Tiigi 6be136db6e cleanup unused code
Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
2019-10-16 10:33:01 -07:00
Tonis Tiigi a9209caa93 clean up temporary leases on startup after crash
Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
2019-10-16 10:32:57 -07:00
Tonis Tiigi 2d0f9d3cc0 add manifest/config to the lease
Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
2019-10-16 10:32:52 -07:00
Tonis Tiigi 688e2c2272 cache: update components to new lease based cache manager
Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
2019-10-16 10:32:04 -07:00
Derek McGowan d5108d038d Update to containerd 1.3.0
Signed-off-by: Derek McGowan <derek@mcgstyle.net>
2019-09-30 14:45:18 -07:00
Tonis Tiigi 481d39c176 add cross-repo push support
Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
2019-08-22 17:25:13 -07:00
Michael Crosby 9290c15ffc Pin containerd runtime to v1
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
2019-08-20 17:03:04 -07:00
Tonis Tiigi 57d19b1208 network: refactor cni support to multiple packages
Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
2019-08-06 12:52:37 -07:00
Tonis Tiigi 92c3fd477b worker: remove unreferenced cache mount after release
Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
2019-07-29 15:41:49 -07:00
Tonis Tiigi 7b1bae7a42 solver: support no-cache for exec cache mounts
Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
2019-07-26 14:42:32 -07:00
Akihiro Suda d750cb188a
Merge pull request #1073 from tonistiigi/cni-net
add cni networking support
2019-07-19 10:47:27 +09:00