Depending on if a container has an allocated tty, you can get
different results from docker top unless you pass the -e
argument. Adding the -e option will give correct results
regardless.
This is documented in https://bugzilla.redhat.com/show_bug.cgi?id=1293063.
In 374d344 "stop" was converted to only expect the argument provided
to be the name/id of a running container. This eliminated the usage
where a user wanted to execute the "STOP" label from a container image
rather than actually stopping a named container. This commit re-enables
the functionality to be able to run a stop label.
This allows users to skip all/certain tests.
$ sudo make test
tests all integration tests
$ sudo make test TEST_INTEGRATION=
skip all integration tests
$ sudo make test TEST_INTEGRATION='display pass'
test only the 'display' and 'pass' integration tests
Resolves: #259
oscap-docker on Fedora 23 failed with a MountError exception. strace-ing the process produced the following output:
[pid 17354] execve("/sbin/dmsetup", ["dmsetup", "create", "docker-253:1-791413-c135d4b9e1cd9f68485765ed681cf80b8fe1e91559fc8a3101ecf59e35a05501", "--table", "0 20971520.0 thin /dev/mapper/vg_air-docker--pool 445"], [/* 38 vars */]) = 0
[pid 17354] +++ exited with 1 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=17354, si_uid=0, si_status=1, si_utime=0, si_stime=0} ---
Traceback (most recent call last):
File "/bin/oscap-docker", line 108, in <module>
args.func()
File "/bin/oscap-docker", line 44, in cve_scan
result = OS.scan_cve(self.args.scan_target, self.unknown_args)
File "/usr/lib/python3.4/site-packages/oscap_docker_python/oscap_docker_util.py", line 193, in scan_cve
_tmp_mnt_dir = DM.mount(image)
File "/usr/lib/python3.4/site-packages/Atomic/mount.py", line 294, in mount
driver_mount_fn(identifier, options)
File "/usr/lib/python3.4/site-packages/Atomic/mount.py", line 372, in _mount_devicemapper
dm_pool)
File "/usr/lib/python3.4/site-packages/Atomic/mount.py", line 91, in _activate_thin_device
raise MountError('Failed to create thin device: ' + r.stderr.decode('utf-8'))
Atomic.mount.MountError: Failed to create thin device: device-mapper: reload ioctl on docker-253:1-791413-c135d4b9e1cd9f68485765ed681cf80b8fe1e91559fc8a3101ecf59e35a05501 failed: Invalid argument
Command failed
"dmsetup create" is passed decimal 20971520.0 when an integer is
required.
Floor division, //, provides the integer-only result desired in Python 2
and 3.
---
This is untested, but a similar change worked on Fedora's atomic-1.6-5.git09ac479.fc23.x86_64 package.
Basic tests for atomic diff and top which should catch
basic code regressions.
In top.py, added -n for number of iterations. And added
tty detection so that tests can pass in a jenkins environment
where there is no tty.
This is causing atomic unmount to fail. This searches for the DeviceName
in the list of containers to umount.
Since I was constantly typing `atomic umount` rather then `atomic unmount`,
I thought we should add an alias.
Correcting a bug observed by the openscap team where under
certain conditions, the deletion of a temporary image would
cause a traceback when noprune=False.
After discussing with dwalsh and vgoyal, we decided to revert
to the original PR implementation of a timeout as the lazy
umounts and deferred removals and deletion complicated matters.
We now have simple timeout loop for unmounting by path to prevent
race failures between openscap, docker, the filesystem, and/or
dms.
With the remote_inspect function in RH docker, we can inspect
and image on a remote repository for various information like
versions (when present). This allows us to expand atomic
verify to check a local version against a remote version.
atomic verify now can take an image as input (as before) and
provide a greater level of detail when checking each base
image (defined as a non-intermediate image). It now iterates
on those base images looking for update status.
The output of atomic verify has also been changed slightly to
include a verbose option. When invoked, the verify output
will list each base image with its versioning information.
The non-verbose output remains largely the same, where only
base images that have identified updates are put to stdout.
If verbose is not called for by the user but we find base
images with no version information, we output a warning
message and print verbosely anyway.
Updated man page
Adding a new atomic sub-command that behaves like GNU top
but for processes being run for containers. It currently
displays the container id, container name,
pid, cpu% (as reported by docker
top), mem% (as reported by docker top), and the command.
You can optionally pass in -o ppid, stime, time to collect
more data on the processes themselves.
While in the interactive display, you can also sort on
the columns to re-organize the data as needed.
You can define an interval for refreshing the process
information.
atomic top can be run without any additional
parameters. If that is the case, it will by default
show processes for all active containers. You can also
add one or more container_ids for exclusive process
monitoring by container.
Also added an AtomicDocker class to atomic.py which
allows for custom docker, python-api calls without
having to re-invent the wheel.
Under the condition that you diff two images and one or both
of the images are not RPM based, no cleanup of the mounts and
dm devices was done. This was reported via BZ #1285006.
We now handle the exit and cleanup differently which counts
for this condition.
Also added a try/except for catching control-c, where if found
it will clean up the mounts and dm devices.
Set a pattern where if an atomic subfunction
is lengthy, then we can break that out into its own class.
This reduces the overall size of the Atomic class and allows
new development and debug to be cleaner.
Instead of using the func function of argparser, we pass
the Class and Function that should be run as variables. For
example, the Atomic verify subfunction would now be:
_class=Atomic.Atomic, func='verify'
The defined class is instantiated after parseargs is run. We
then perform the set_args and call the function.
