Containerization support for the kubelet

[smarterclayton]

Use OPENSHIFT_CONTAINERIZED=true in a docker image to toggle
containerized mode.

Fixes #3072

[smarterclayton]

@pmorie the mount issue we were talking about:

docker run --privileged --net=host -v /:/rootfs:ro -v /var/run:/var/run:rw -v /sys:/sys:ro -v /var/lib/docker:/var/lib/docker:rw --name os openshift/origin start --loglevel=5

I0611 21:38:02.105095       1 empty_dir.go:206] pod 0aeb1739-1082-11e5-b1c9-080027c5bfa9: mounting tmpfs for volume not-used with opts [rootcontext="system_u:object_r:svirt_sandbox_file_t:s0"]
I0611 21:38:02.105360       1 nsenter_mount.go:79] nsenter Mounting tmpfs /var/lib/openshift/openshift.local.volumes/pods/0aeb1739-1082-11e5-b1c9-080027c5bfa9/volumes/kubernetes.io~secret/deployer-token-q4vqu tmpfs [rootcontext="system_u:object_r:svirt_sandbox_file_t:s0"]
I0611 21:38:02.105445       1 nsenter_mount.go:82] Mount command: nsenter [--mount=/rootfs/proc/1/ns/mnt /usr/bin/mount -t tmpfs -o rootcontext="system_u:object_r:svirt_sandbox_file_t:s0" tmpfs /var/lib/openshift/openshift.local.volumes/pods/0aeb1739-1082-11e5-b1c9-080027c5bfa9/volumes/kubernetes.io~secret/deployer-token-q4vqu]
I0611 21:38:02.108821       1 nsenter_mount.go:86] Output from mount command: nsenter: failed to parse pid: 'tmpfs'
E0611 21:38:02.108901       1 kubelet.go:1111] Unable to mount volumes for pod "docker-registry-1-deploy_default": exit status 1; skipping pod

[smarterclayton]

This is on docker 1.6 in case we're getting burned by the /var/run secrets overmount issue.

[smarterclayton]

Still happens in 1.6.2 so no.

[pmorie]

I think the issue is the mount args.

On Thu, Jun 11, 2015 at 5:55 PM, Clayton Coleman [email protected]
wrote:

Still happens in 1.6.2 so no.

—
Reply to this email directly or view it on GitHub
#3112 (comment).

[smarterclayton]

Testing --, it's supposed to work

On Jun 11, 2015, at 6:01 PM, Paul Morie [email protected] wrote:

I think the issue is the mount args.

On Thu, Jun 11, 2015 at 5:55 PM, Clayton Coleman [email protected]
wrote:

Still happens in 1.6.2 so no.

—
Reply to this email directly or view it on GitHub
#3112 (comment).

—
Reply to this email directly or view it on GitHub.

[smarterclayton]

Works. New command

docker run --privileged --net=host -v /:/rootfs:ro -v /var/run:/var/run:rw -v /sys:/sys:ro -v /var/lib/docker:/var/lib/docker:rw -v /var/lib/openshift:/var/lib/openshift:rw --name os openshift/origin start

@pmorie review please and then merge at your convenience, I'll make a separate update to README.md

[smarterclayton]

[test]

[liggitt]

leading slash was wrong?

[smarterclayton]

Didn't search paths - should have let exec.Command search

On Jun 11, 2015, at 10:53 PM, Jordan Liggitt [email protected] wrote:

In Godeps/_workspace/src/github.com/GoogleCloudPlatform/kubernetes/pkg/util/mount/nsenter_mount.go:

@@ -54,7 +54,7 @@ var _ = Interface(&NsenterMounter{})
const (
hostRootFsPath = "/rootfs"
hostProcMountsPath = "/rootfs/proc/mounts"

• nsenterPath = "/nsenter"
• nsenterPath = "nsenter"
  leading slash was wrong?

—
Reply to this email directly or view it on GitHub.

[pmorie]

@liggitt The test image I used in upstream started out as a scratch image with just the kubelet and nsenter and I never fixed it.

[openshift-bot]

continuous-integration/openshift-jenkins/test SUCCESS (https://ci.openshift.redhat.com/jenkins/job/test_pull_requests_origin/3150/)

[pmorie]

We need to upstream this change -- I want to test it w/ my formula for the image I use to test this in upstream.

[pmorie]

LGTM but rebase needed

[pmorie]

Looks to me like jenkins flaked but I need to take a closer look after sleep.

[smarterclayton]

[merge]

[openshift-bot]

continuous-integration/openshift-jenkins/merge SUCCESS (https://ci.openshift.redhat.com/jenkins/job/test_pull_requests_origin/3150/) (Image: devenv-fedora_1796)

[smarterclayton]

[test]

[openshift-bot]

Evaluated for origin up to e99b8e3