Commit Graph

1909 Commits

Author SHA1 Message Date
Evan Lezar
e6730fd0f0 FIX: Don't log that hooks is being removed if it is not
Signed-off-by: Evan Lezar <elezar@nvidia.com>
2022-04-06 15:13:32 +02:00
Evan Lezar
8db287af8b FIX: Fix typo in comment
Signed-off-by: Evan Lezar <elezar@nvidia.com>
2022-04-06 14:46:27 +02:00
Jon Mayo
3dab9da80e [ci] echo skipped commands 2022-04-04 07:02:33 -07:00
Evan Lezar
282a2c145e Fix typo in variable name
Signed-off-by: Evan Lezar <elezar@nvidia.com>
2022-04-04 14:16:26 +02:00
Evan Lezar
d0608844dc Add basic README for nvidia-container-runtime
Signed-off-by: Evan Lezar <elezar@nvidia.com>
2022-04-04 14:16:26 +02:00
Evan Lezar
a26d02890f Make error logging less verbose by default
Signed-off-by: Evan Lezar <elezar@nvidia.com>
2022-04-04 14:16:26 +02:00
Evan Lezar
14fe35c3f4 Implement hook remover for existing nvidia-container-runtime-hooks
Signed-off-by: Evan Lezar <elezar@nvidia.com>
2022-04-04 14:16:26 +02:00
Evan Lezar
d12dbd1bef Read top-level config to propagate Root to experimental runtime
Signed-off-by: Evan Lezar <elezar@nvidia.com>
2022-04-04 14:16:25 +02:00
Evan Lezar
33d9c1dd57 Split loading config from reader and getting config from toml.Tree
Signed-off-by: Evan Lezar <elezar@nvidia.com>
2022-04-04 14:16:25 +02:00
Evan Lezar
239b6d3739 Implement experimental modifier for NVIDIA Container Runtime
This change enables the experimental mode of the NVIDIA Container Runtime. If
enabled, the nvidia-container-runtime.discover-mode config option is
queried to determine how required OCI spec modifications should be defined.
If "legacy" is selected, the existing NVIDIA Container Runtime hooks is
discovered and injected into the OCI spec.

Signed-off-by: Evan Lezar <elezar@nvidia.com>
2022-04-04 14:16:25 +02:00
Evan Lezar
9dfe60b8b7 Add stable discoverer for nvidia-container-runtime hook
Signed-off-by: Evan Lezar <elezar@nvidia.com>
2022-04-04 14:16:25 +02:00
Evan Lezar
390e5747ea Add lookup abstraction for locating executable files
Signed-off-by: Evan Lezar <elezar@nvidia.com>
2022-04-04 14:16:25 +02:00
Evan Lezar
7137f4b05b Move runtime config to internal package
Signed-off-by: Evan Lezar <elezar@nvidia.com>
2022-04-04 14:16:24 +02:00
Evan Lezar
9be6cca6db Don't skip internal packages for linting
Signed-off-by: Evan Lezar <elezar@nvidia.com>
2022-04-04 14:16:24 +02:00
Evan Lezar
0c7eb93d62 Add experimental option to NVIDIA Container Runtime config
This change adds an experimental option to the NVIDIA Container Runtime config. To
simplify the extension of this experimental mode in future an error is raised if
this is enabled.

Signed-off-by: Evan Lezar <elezar@nvidia.com>
2022-04-04 14:16:24 +02:00
Evan Lezar
3bb539a5f7 Update libnvidia-container
Signed-off-by: Evan Lezar <elezar@nvidia.com>
2022-04-04 14:16:22 +02:00
Jon Mayo
e39412ca44 Merge branch 'ci-release-ifonly' into 'master'
[ci] Skip external releases if associated OUT_REGISTRY value is empty.

See merge request nvidia/container-toolkit/container-toolkit!123
2022-03-31 20:29:13 +00:00
Jon Mayo
c2f35badb0 [ci] Skip external releases if associated OUT_REGISTRY value is empty.
Allows CI/CD environment variables to quickly disable any release job derived from the .release:external template

Template Usage: DRYRUN_RELEASE set to a value to echo docker and regctl commands in Makefile without running them (dry-run) SKIP_RELEASE set to a value to remove the job from the pipeline.

CI/CD Usage: NGC_SKIP_RELEASE set to disable external release to NGC. DOCKERHUB_SKIP_RELEASE set to disable external release to DH. NGC_DRYRUN_RELEASE set to dry-run external release to NGC. DOCKERHUB_DRYRUN_RELEASE set to dry-run external release to DH.
2022-03-31 20:29:13 +00:00
Evan Lezar
d0dfe27324 Merge branch 'refactor-stable-runtime' into 'master'
Refactor nvidia-container-runtime to prepare for experimental option

See merge request nvidia/container-toolkit/container-toolkit!119
2022-03-29 12:23:18 +00:00
Evan Lezar
c6dfc1027d Move modifier code for inserting nvidia-container-runtime-hook to separate package
This change moves the code defining the insertion of the nvidia-container-runtime
hook to a separate package. This allows for better distinction between the existing
and experimental modifications.

Signed-off-by: Evan Lezar <elezar@nvidia.com>
2022-03-29 11:05:42 +02:00
Evan Lezar
4177fddcc4 Import modifying runtime abstraction from experimental runtime
This change imports the modifying runtime abstraction from the
experimental branch. This encapsulates the checks for whether
modification is required, and forwards the loaded spec to
the specified modifier. This allows for the same code to be
reused when performing more complex modifications.

Signed-off-by: Evan Lezar <elezar@nvidia.com>
2022-03-29 11:05:42 +02:00
Evan Lezar
bf8c3bab72 Add test package with GetModuleRoot and PrependToPath function
Signed-off-by: Evan Lezar <elezar@nvidia.com>
2022-03-29 11:05:41 +02:00
Evan Lezar
c5c2ffd68f Ensure that Exec error is also logged to file
This change removes unneeded logging and renames the return error value to rerr
to avoid it being aliased by local error values.

Signed-off-by: Evan Lezar <elezar@nvidia.com>
2022-03-29 11:05:41 +02:00
Evan Lezar
48d5a1cd1a Update go vendoring
Signed-off-by: Evan Lezar <elezar@nvidia.com>
2022-03-29 11:05:41 +02:00
Evan Lezar
a7580e3872 Update podman hooks dependency
This is required to ensure that a newer version of
github.com/opencontainers/runtime-tools/generate is imported for use
with CDI.

Signed-off-by: Evan Lezar <elezar@nvidia.com>
2022-03-29 11:05:39 +02:00
Evan Lezar
4bf05325b5 Add .shell make target for non-Linux development
Signed-off-by: Evan Lezar <elezar@nvidia.com>
2022-03-29 11:05:39 +02:00
Evan Lezar
ea7b8ab1f6 Add gcc for centos package builds including cgo
Signed-off-by: Evan Lezar <elezar@nvidia.com>
2022-03-29 11:05:39 +02:00
Evan Lezar
c4bad9b36a Update gitignore
Signed-off-by: Evan Lezar <elezar@nvidia.com>
2022-03-29 11:05:39 +02:00
Evan Lezar
3479e353c5 Merge branch 'centos8-stream' into 'master'
Switch to CentOS Stream 8 to build centos8 packages

See merge request nvidia/container-toolkit/container-toolkit!122
2022-03-29 09:03:48 +00:00
Evan Lezar
f50b4b2f91 Switch from centos:8 to centos:stream8 images to build centos8 packages
Due to the EOL of centos:8 we switch to centos:stream8 to build the centos8 and
rhel8 packages.

Signed-off-by: Evan Lezar <elezar@nvidia.com>
2022-03-29 08:07:06 +02:00
Evan Lezar
24ce09db0e Update git submodules
Signed-off-by: Evan Lezar <elezar@nvidia.com>
2022-03-29 08:07:06 +02:00
Evan Lezar
a904076cf0 Update libnvidia-container submodule to v1.10.0-rc.1
Signed-off-by: Evan Lezar <elezar@nvidia.com>
2022-03-28 15:54:28 +02:00
Evan Lezar
24d3f854af Bump version to 1.10.0-rc.1
This change make the following version bumps:

* nvidia-container-toolkit to 1.10.0-rc.1
* nvidia-contianer-runtime to 3.10.0-rc.1
* nvidia-docker to 2.10.0-rc.1

Signed-off-by: Evan Lezar <elezar@nvidia.com>
2022-03-24 16:56:27 +02:00
Evan Lezar
56ad97b8e5 Merge branch 'bump-1.9.0' into 'master'
Bump version to 1.9.0

See merge request nvidia/container-toolkit/container-toolkit!118
2022-03-18 13:36:30 +00:00
Evan Lezar
eb3be9d676 Use nvcr.io registry for Ubuntu CUDA base images
Signed-off-by: Evan Lezar <elezar@nvidia.com>
2022-03-18 14:44:55 +02:00
Evan Lezar
4a3b532c29 Add CI definitions for building and publishing Ubuntu20.04 images
Signed-off-by: Evan Lezar <elezar@nvidia.com>
2022-03-18 14:24:50 +02:00
Evan Lezar
cc68635c70 Upcate libnvidia-container submodule
Signed-off-by: Evan Lezar <elezar@nvidia.com>
2022-03-18 12:34:02 +02:00
Evan Lezar
106279368a Bump version to 1.9.0
Signed-off-by: Evan Lezar <elezar@nvidia.com>
2022-03-18 06:19:58 +02:00
Christopher Desiniotis
96772ccdcc Merge branch 'cve-libsasl' into 'master'
Update libsasl in both ubuntu/ubi toolkit images to address CVE-2022-24407

See merge request nvidia/container-toolkit/container-toolkit!116
2022-03-16 17:41:21 +00:00
Christopher Desiniotis
e2d1d379d5 Update libsasl in both ubuntu/ubi toolkit images to address CVE-2022-24407 2022-03-16 17:41:21 +00:00
Evan Lezar
cf74d14504 Merge branch 'update-libnvidia-container' into 'master'
Update libnvidia-container subcomponent

See merge request nvidia/container-toolkit/container-toolkit!112
2022-02-25 21:55:22 +00:00
Evan Lezar
aa3784d185 Update libnvidia-container subcomponent
Signed-off-by: Evan Lezar <elezar@nvidia.com>
2022-02-25 21:58:19 +02:00
Evan Lezar
b0bb7b46e4 Merge branch 'CNT-2170/multi-arch' into 'master'
Use buildx and regctl to publish multi-arch images

See merge request nvidia/container-toolkit/container-toolkit!103
2022-02-23 07:08:56 +00:00
Evan Lezar
43ba5267c7 Merge branch 'add-docker-restart-mode-to-config' into 'master'
Add --restart-mode to docker config CLI

See merge request nvidia/container-toolkit/container-toolkit!106
2022-02-22 16:47:11 +00:00
Evan Lezar
5d4ecc24cb Use 'none' instead of 'NONE' to skip containerd restart
Signed-off-by: Evan Lezar <elezar@nvidia.com>
2022-02-22 16:13:44 +02:00
Evan Lezar
d8ed16585a Add --restart-mode to docker config CLI
This change adds a --restart-mode option to the docker config CLI.
This mirrors the option added for containerd and allows 'none' to be
specified to disable the restart of docker. This is useful in
cases where the updated docker config should be reloaded out of
band.

Signed-off-by: Evan Lezar <elezar@nvidia.com>
2022-02-22 16:13:44 +02:00
Evan Lezar
a2060c74b3 Update component submodules
Signed-off-by: Evan Lezar <elezar@nvidia.com>
2022-02-22 16:13:44 +02:00
Evan Lezar
2e4ed47ac4 Fix pushing of short tag for devel images
Signed-off-by: Evan Lezar <elezar@nvidia.com>
2022-02-22 10:19:20 +02:00
Evan Lezar
93ca91ac3f Add multi-arch image scans
Signed-off-by: Evan Lezar <elezar@nvidia.com>
2022-02-22 10:19:20 +02:00
Evan Lezar
cc593087d2 Also search /usr/lib/aarch64-linux-gnu for libnvidia-container libs
Signed-off-by: Evan Lezar <elezar@nvidia.com>
2022-02-22 10:19:20 +02:00