Vendor cleanup

[vrothberg]

This PR cleans up the vendored dependencies by:

• forcing make vendor to always fetch the latest version of vndr to avoid divergence
• pin dependencies that used a branch to releases where possible or commits
• align the K8s dependencies to the appropriate releases
• add remaining file changes from vndr which have been forgotten in commits prior to this PR
• add a hack/tree_status.sh file to check the status of the local git tree
• enforce clean dependencies in Travis by first running make vendor followed by ./hack/tree_status.sh
• update libpod and its transitive dependencies
• fix Travis build

[k8s-ci-robot]

Hi @vrothberg. Thanks for your PR.

I'm waiting for a kubernetes-sigs or kubernetes member to verify that this patch is reasonable to test. If it is, they should reply with /ok-to-test on its own line. Until that is done, I will not automatically test new commits in this PR, but the usual testing commands by org members will still work. Regular contributors should join the org to skip this step.

Once the patch is verified, the new status will be reflected by the ok-to-test label.

I understand the commands that are listed here.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

[vrothberg]

@mrunalp @runcom @umohnani8 @haircommander @rhatdan PTAL

[vrothberg]

The CI seems to go wild on other PRs as well. However, Travis seems happy with the vendor changes. I'd appreciate if we can this PR in before the others to avoid potentially very hairy rebase conflicts.

[TomSweeneyRedHat]

The changes LGTM, best of luck getting Travis happy.

[vrothberg]

The changes LGTM, best of luck getting Travis happy.

Thanks, Tom! This PR was a bit of a challenge as so many things had to be touched.

[vrothberg]

/hold

[vrothberg]

One step further. We're now hitting a runtime error caused by a conflict between go-criu and run:

checkpoint-restore/go-criu#7

[saschagrunert]

👍 This cleanup is very great and important in my POV, so I would like to push the topic forward. There are just some small comments/suggestions from my side. Is it still on hold?

[saschagrunert]

I would still go for the error handling here since I have the feeling that it will be missed when the day comes that selinux.NewContext returns a real error.

[haircommander]

Agreed, from a maintainability perspective we should catch if there ever becomes an error

[vrothberg]

I think that @rhatdan wants to get rid of those entirely by letting containers/storage handle all label issue but I can update the code now to be on the safe side.

[vrothberg]

I've had a look at the call stack and don't think it's worth the effort. We had to change a whole bunch of APIs up to the ContainerServer which does not really implement error handling (even for {Add,Remove}Container).

I agree that errors shouldn't be ignored but given this affects large parts of the API, I prefer to defer this to a separate PR.

[saschagrunert]

The same for here. Another option would be to revert the selinux-go related changes and put it in a separate PR like this: #2127 WDYT? (If you disagree I will close my PR)

[vrothberg]

This cleanup is very great and important in my POV, so I would like to push the topic forward. There are just some small comments/suggestions from my side. Is it still on hold?

Thanks. Yes, it's currently on hold for #2123.

Regarding updating more deps: I prefer deferring that to another PR. This one is quite big already and I consider the first step of a series of commits. Once that's in, the deps are stable and CI will catch regressions.

[vrothberg]

Resuming work. May God have mercy on me while rebasing.

[vrothberg]

/test kata-containers

[vrothberg]

/test kata-containers

[vrothberg]

@mrunalp any idea what's going on? Kata seems to go south on other PRs as well.

[rhatdan]

Lets leave the SELinux issues to the other PR that @umohnani8 is working on. It is close.

LGTM

[vrothberg]

/test kata-containers

[saschagrunert]

LGTM, awesome cleanup!

[haircommander]

/retest

[vrothberg]

/test kata-containers

[vrothberg]

@sboeuf, do you know if the kata job has a hiccup at the moment? Other PRs show similar issues.

[sboeuf]

/cc @chavafg

[k8s-ci-robot]

@sboeuf: GitHub didn't allow me to request PR reviews from the following users: chavafg.

Note that only kubernetes-sigs members and repo collaborators can review this PR, and authors cannot review their own PRs.

In response to this:

/cc @chavafg

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

[chavafg]

the error looks pretty weird...

15:09:21 RUNTIME=kata-runtime ./integration/cri-o/cri-o.sh
15:09:21 Cannot connect to the Docker daemon at unix:///var/run/docker.sock. Is the docker daemon running?

Has something change in the way the cri-o tests are run? It is looking for the docker daemon to be running, which we actually stop it before running the tests.

https://github.com/kata-containers/tests/blob/master/integration/cri-o/cri-o.sh#L95-L100

[vrothberg]

Has something change in the way the cri-o tests are run? It is looking for the docker daemon to be running, which we actually stop it before running the tests.

Not to my knowledge. @saschagrunert, as you're the test master, do you have a suspicion?

[saschagrunert]

On the cri-o side nothing should have changed. @chavafg could the issue related to that part of the logs:

14:58:51 Set to test rootfs image
14:58:51 Add kata-runtime as a new/default Docker runtime.
14:58:51 manage_ctr_mgr.sh - INFO: docker_info: version: 18.06.3-ce
14:58:51 manage_ctr_mgr.sh - INFO: docker_info: default runtime: runc
14:58:51 manage_ctr_mgr.sh - INFO: docker_info: package name: docker-ce
14:58:52 <13>Mar 26 14:58:52 manage_ctr_mgr.sh: configure_docker: configuring kata-runtime as default docker runtime
14:58:52 ls: cannot access '/etc/systemd/system/docker.service.d/': No such file or directory
14:58:52 ls: cannot access '/etc/systemd/system/docker.service.d/': No such file or directory
14:58:52 Stopping the docker service
14:58:53 Removing /var/lib/docker
14:58:53 Changing docker service configuration
14:58:53 [Service]
14:58:53 Environment=""
14:58:53 Environment=""
14:58:53 ExecStart=
14:58:53 ExecStart=/usr/bin/dockerd -D --add-runtime kata-runtime=/usr/local/bin/kata-runtime --default-runtime=kata-runtime --storage-driver=overlay2
14:58:53 Reloading unit files and starting docker service
14:59:10 Script finished

I think the docker service does not start correctly but is listed as systemd state active. So shutting down docker does not work in that case.

[chavafg]

sorry, found the issue. One of our functions in .ci/lib.sh was trying to access docker, but it was already stopped. I removed the part where we were stopping the docker service on our jenkins job.
Should be fixed now, can you restart the job?

[haircommander]

Thanks @chavafg

[haircommander]

/retest

[vrothberg]

Thanks a lot folks :)

[haircommander]

LGTM @umohnani8 @mrunalp PTAL

[vrothberg]

/hold cancel

[giuseppe]

/lgtm

[giuseppe]

/approve

[k8s-ci-robot]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: giuseppe, vrothberg

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

• OWNERS [giuseppe]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment