Executing `select {}` to wait forever triggers Go runtime deadlock
detection and kills the child, causing the number actual processes
be less than expected.
PiperOrigin-RevId: 376298799
Due to https://github.com/moby/moby/issues/42345, the docker daemon is passing
the incorrect `--root` flag to runsc. So our profiler is not able to find the
container stat files where it expects them to be.
PiperOrigin-RevId: 372067954
- Don't cleanup containers in Network.Cleanup, otherwise containers will
be killed and removed several times.
- Don't set AutoRemove for containers. This will prevent the confusing
'removal already in progress' messages.
Fixes#3795
PiperOrigin-RevId: 364404414
The syscall package has been deprecated in favor of golang.org/x/sys.
Note that syscall is still used in the following places:
- pkg/sentry/socket/hostinet/stack.go: some netlink related functionalities
are not yet available in golang.org/x/sys.
- syscall.Stat_t is still used in some places because os.FileInfo.Sys() still
returns it and not unix.Stat_t.
Updates #214
PiperOrigin-RevId: 360701387
Fix issue with iperf where b.N wasn't changing across runs.
Also, if the given runtime is runc/not given, don't run a profile against it.
PiperOrigin-RevId: 357231450
Whether the variable was found is already returned by syscall.Getenv.
os.Getenv drops this value while os.Lookupenv passes it along.
PiperOrigin-RevId: 351674032
gvisor-containerd-shim is not compatible with containerd 1.1 or earlier.
Starting from containerd 1.2, shim v2 is the preferred interface.
PiperOrigin-RevId: 351485556
This creates a TTY pair and runs `/bin/sh` in interactive mode within it.
It provides useful helper functions to interact with the shell and read the
output of commands run within it.
This is meant to be used for testing upcoming changes allowing `runsc exec` to
work in `-detach=false -tty=true` mode.
PiperOrigin-RevId: 350841006
This includes minor fix-ups:
* Handle SIGTERM in runsc debug, to exit gracefully.
* Fix cmd.debug.go opening all profiles as RDONLY.
* Fix the test name in fio_test.go, and encode the block size in the test.
PiperOrigin-RevId: 350205718
- Tweak the benchmarks to work with b.N where appropriate. In many cases,
b.N was simply being ignored. This creates an implicit dependency in the
user passing a reasonable benchtime (less than or equal to the actual
runtime of the test, or using the X syntax) otherwise the test runs
forever.
- In cases where the above is impossible, explicitly set benchtime from
the test wrapper, to prevent the above behavior (tensorflow).
- Drop the *Reverse variants, which are simply hey benchmarks. We should
just add a hey benchmark. The platforms benchmarks already include a
native platform, and thus these benchmarks are incredibly confusing.
(In other words, BenchmarkNginxReverse has nothing to do with an nginx
benchmark for runsc.)
- Remove the redunant Harness object, which contains no state, in order
to slightly simplify the code.
- Make Block and Heap profiling actually work, but setting appropriate
runtime parameters (and plumbing them through the config).
- Split the profiling into two phases: start and stop, since some will
need to be started early, and others will need to happen at the end.
PiperOrigin-RevId: 349495377
testutil.RandomID was using Rand.Read which is not safe for concurrent use.
It caused name conflicts in packetimpact tests when they are run in parallel.
Adding a mutex to protect the Rand.Read operation.
PiperOrigin-RevId: 345360062
Currently, if containerd is installed locally via tools/installers/containerd,
then it will not necessarily be used if containerd is installed in the system
path. This means that the existing containerd tests are all likely broken.
Also, use libbtrfs-dev instead of btrfs-tools, which is not actually required.
PiperOrigin-RevId: 344879109
Docker does not have IPv6 port forwarding as tracked by the following issue:
https://github.com/moby/moby/issues/11518
So when running bazel itself inside a docker container, we can not use the host
port bindings to communicate with sockets inside the container. This was causing
integration tests and image tests to fail when run through our Makefile targets.
PiperOrigin-RevId: 332355051
Use reflection and tags to provide automatic conversion from
Config to flags. This makes adding new flags less error-prone,
skips flags using default values (easier to read), and makes
tests correctly use default flag values for test Configs.
Updates #3494
PiperOrigin-RevId: 328662070
Mark all tests passing for VFS2 in:
image_test
integration_test
There's no way to do negative look ahead/behind in golang test regex,
so check if the tests uses VFS2 and skip CheckPointRestore if it does.
PiperOrigin-RevId: 326050915
//test/iptables:iptables_test runs 30 seconds faster on my machine.
* Using contexts instead of many smaller timeouts makes the tests less
likely to flake and removes unnecessary complexity.
* We also use context to properly shut down concurrent goroutines and
the test container.
* Container logs are always logged.
Adds profiling with `runsc debug` or pprof to dockerutil. All
targets using dockerutil should now be able to use profiling.
In addition, modifies existing benchmarks to use profiling.
PiperOrigin-RevId: 323298634
Previously, ICMP destination unreachable datagrams were ignored by TCP
endpoints. This caused connect to hang when an intermediate router
couldn't find a route to the host.
This manifested as a Kokoro error when Docker IPv6 was enabled. The Ruby
image test would try to install the sinatra gem and hang indefinitely
attempting to use an IPv6 address.
Fixes#3079.
The go.mod dependency tree for the shim was somehow contradictory. After
resolving these issues (e.g. explicitly imported k8s 1.14, pulling a
specific dbus version), and adding all dependencies, the shim can now be
build as part of the regular bazel tree.
As part of this process, minor cleanup was done in all the source files:
headers were standardized (and include "The gVisor Authors" in addition
to the "The containerd Authors" if originally derived from containerd
sources), and comments were cleaned up to meet coding standards.
This change makes the containerd installation dynamic, so that multiple
versions can be tested, and drops the static installer for the VM image
itself.
This change also updates test/root/crictl_test.go and related utilities,
so that the containerd tests can be run on any version (and in cases
where it applies, they can be run on both v1 and v2 as parameterized
tests).
Fixed an issue with the runtime test runner which enables us to run tests in
shards. We had to touch the status file as indicated by an env var.
PiperOrigin-RevId: 320236205
Jamie Liu
Fabricio Voznika
Ayush Ranjan
Adin Scannell
Zeling Feng
Zach Koopmans
Dean Deng
Etienne Perot
Peter Johnston
Bhasker Hariharan
gVisor bot
Kevin Krakauer
Ian Lewis
Ian Gudger
Eyal Soha