Cleanup CRI files

Signed-off-by: Maksym Pavlenko <pavlenko.maksym@gmail.com>

pkg/cri/sbserver/podsandbox/helpers.go

@@ -30,9 +30,7 @@ import (
 	"github.com/containerd/containerd/log"
 	"github.com/containerd/containerd/oci"
 	criconfig "github.com/containerd/containerd/pkg/cri/config"
-	containerstore "github.com/containerd/containerd/pkg/cri/store/container"
 	imagestore "github.com/containerd/containerd/pkg/cri/store/image"
-	sandboxstore "github.com/containerd/containerd/pkg/cri/store/sandbox"
 	ctrdutil "github.com/containerd/containerd/pkg/cri/util"
 	runtimeoptions "github.com/containerd/containerd/pkg/runtimeoptions/v1"
 	"github.com/containerd/containerd/plugin"
@@ -46,80 +44,26 @@ import (
 	runhcsoptions "github.com/Microsoft/hcsshim/cmd/containerd-shim-runhcs-v1/options"
 	imagedigest "github.com/opencontainers/go-digest"
 	"github.com/pelletier/go-toml"
-	runtime "k8s.io/cri-api/pkg/apis/runtime/v1"
 )
 
 const (
-	// errorStartReason is the exit reason when fails to start container.
-	errorStartReason = "StartError"
-	// errorStartExitCode is the exit code when fails to start container.
-	// 128 is the same with Docker's behavior.
-	// TODO(windows): Figure out what should be used for windows.
-	errorStartExitCode = 128
-	// completeExitReason is the exit reason when container exits with code 0.
-	completeExitReason = "Completed"
-	// errorExitReason is the exit reason when container exits with code non-zero.
-	errorExitReason = "Error"
-	// oomExitReason is the exit reason when process in container is oom killed.
-	oomExitReason = "OOMKilled"
 
 	// sandboxesDir contains all sandbox root. A sandbox root is the running
 	// directory of the sandbox, all files created for the sandbox will be
 	// placed under this directory.
 	sandboxesDir = "sandboxes"
-	// containersDir contains all container root.
-	containersDir = "containers"
-	// Delimiter used to construct container/sandbox names.
-	nameDelimiter = "_"
-
 	// criContainerdPrefix is common prefix for cri-containerd
 	criContainerdPrefix = "io.cri-containerd"
 	// containerKindLabel is a label key indicating container is sandbox container or application container
 	containerKindLabel = criContainerdPrefix + ".kind"
 	// containerKindSandbox is a label value indicating container is sandbox container
 	containerKindSandbox = "sandbox"
-	// containerKindContainer is a label value indicating container is application container
-	containerKindContainer = "container"
-	// imageLabelKey is the label key indicating the image is managed by cri plugin.
-	imageLabelKey = criContainerdPrefix + ".image"
-	// imageLabelValue is the label value indicating the image is managed by cri plugin.
-	imageLabelValue = "managed"
 	// sandboxMetadataExtension is an extension name that identify metadata of sandbox in CreateContainerRequest
 	sandboxMetadataExtension = criContainerdPrefix + ".sandbox.metadata"
-	// containerMetadataExtension is an extension name that identify metadata of container in CreateContainerRequest
-	containerMetadataExtension = criContainerdPrefix + ".container.metadata"
-
-	// defaultIfName is the default network interface for the pods
-	defaultIfName = "eth0"
-
 	// runtimeRunhcsV1 is the runtime type for runhcs.
 	runtimeRunhcsV1 = "io.containerd.runhcs.v1"
 )
 
-// makeSandboxName generates sandbox name from sandbox metadata. The name
-// generated is unique as long as sandbox metadata is unique.
-func makeSandboxName(s *runtime.PodSandboxMetadata) string {
-	return strings.Join([]string{
-		s.Name,                       // 0
-		s.Namespace,                  // 1
-		s.Uid,                        // 2
-		fmt.Sprintf("%d", s.Attempt), // 3
-	}, nameDelimiter)
-}
-
-// makeContainerName generates container name from sandbox and container metadata.
-// The name generated is unique as long as the sandbox container combination is
-// unique.
-func makeContainerName(c *runtime.ContainerMetadata, s *runtime.PodSandboxMetadata) string {
-	return strings.Join([]string{
-		c.Name,                       // 0: container name
-		s.Name,                       // 1: pod name
-		s.Namespace,                  // 2: pod namespace
-		s.Uid,                        // 3: pod uid
-		fmt.Sprintf("%d", c.Attempt), // 4: attempt number of creating the container
-	}, nameDelimiter)
-}
-
 // getSandboxRootDir returns the root directory for managing sandbox files,
 // e.g. hosts files.
 func (c *Controller) getSandboxRootDir(id string) string {
@@ -132,23 +76,6 @@ func (c *Controller) getVolatileSandboxRootDir(id string) string {
 	return filepath.Join(c.config.StateDir, sandboxesDir, id)
 }
 
-// getContainerRootDir returns the root directory for managing container files,
-// e.g. state checkpoint.
-func (c *Controller) getContainerRootDir(id string) string {
-	return filepath.Join(c.config.RootDir, containersDir, id)
-}
-
-// getVolatileContainerRootDir returns the root directory for managing volatile container files,
-// e.g. named pipes.
-func (c *Controller) getVolatileContainerRootDir(id string) string {
-	return filepath.Join(c.config.StateDir, containersDir, id)
-}
-
-// criContainerStateToString formats CRI container state to string.
-func criContainerStateToString(state runtime.ContainerState) string {
-	return runtime.ContainerState_name[int32(state)]
-}
-
 // getRepoDigestAngTag returns image repoDigest and repoTag of the named image reference.
 func getRepoDigestAndTag(namedRef docker.Named, digest imagedigest.Digest, schema1 bool) (string, string) {
 	var repoTag, repoDigest string
@@ -192,22 +119,6 @@ func getUserFromImage(user string) (*int64, string) {
 	return &uid, ""
 }
 
-// isInCRIMounts checks whether a destination is in CRI mount list.
-func isInCRIMounts(dst string, mounts []*runtime.Mount) bool {
-	for _, m := range mounts {
-		if filepath.Clean(m.ContainerPath) == filepath.Clean(dst) {
-			return true
-		}
-	}
-	return false
-}
-
-// filterLabel returns a label filter. Use `%q` here because containerd
-// filter needs extra quote to work properly.
-func filterLabel(k, v string) string {
-	return fmt.Sprintf("labels.%q==%q", k, v)
-}
-
 // buildLabel builds the labels from config to be passed to containerd
 func buildLabels(configLabels, imageConfigLabels map[string]string, containerType string) map[string]string {
 	labels := make(map[string]string)
@@ -229,16 +140,6 @@ func buildLabels(configLabels, imageConfigLabels map[string]string, containerTyp
 	return labels
 }
 
-// toRuntimeAuthConfig converts cri plugin auth config to runtime auth config.
-func toRuntimeAuthConfig(a criconfig.AuthConfig) *runtime.AuthConfig {
-	return &runtime.AuthConfig{
-		Username:      a.Username,
-		Password:      a.Password,
-		Auth:          a.Auth,
-		IdentityToken: a.IdentityToken,
-	}
-}
-
 // parseImageReferences parses a list of arbitrary image references and returns
 // the repotags and repodigests
 func parseImageReferences(refs []string) ([]string, []string) {
@@ -310,32 +211,6 @@ func getRuntimeOptions(c containers.Container) (interface{}, error) {
 	return opts, nil
 }
 
-const (
-	// unknownExitCode is the exit code when exit reason is unknown.
-	unknownExitCode = 255
-	// unknownExitReason is the exit reason when exit reason is unknown.
-	unknownExitReason = "Unknown"
-)
-
-// unknownContainerStatus returns the default container status when its status is unknown.
-func unknownContainerStatus() containerstore.Status {
-	return containerstore.Status{
-		CreatedAt:  0,
-		StartedAt:  0,
-		FinishedAt: 0,
-		ExitCode:   unknownExitCode,
-		Reason:     unknownExitReason,
-		Unknown:    true,
-	}
-}
-
-// unknownSandboxStatus returns the default sandbox status when its status is unknown.
-func unknownSandboxStatus() sandboxstore.Status {
-	return sandboxstore.Status{
-		State: sandboxstore.StateUnknown,
-	}
-}
-
 // getPassthroughAnnotations filters requested pod annotations by comparing
 // against permitted annotations for the given runtime.
 func getPassthroughAnnotations(podAnnotations map[string]string,

pkg/cri/sbserver/podsandbox/helpers_linux.go

@@ -30,7 +30,6 @@ import (
 
 	"github.com/containerd/containerd/log"
 	"github.com/containerd/containerd/mount"
-	"github.com/containerd/containerd/pkg/apparmor"
 	"github.com/containerd/containerd/pkg/seccomp"
 	"github.com/containerd/containerd/pkg/seutil"
 	"github.com/moby/sys/mountinfo"
@@ -51,12 +50,8 @@ const (
 	devShm = "/dev/shm"
 	// etcHosts is the default path of /etc/hosts file.
 	etcHosts = "/etc/hosts"
-	// etcHostname is the default path of /etc/hostname file.
-	etcHostname = "/etc/hostname"
 	// resolvConfPath is the abs path of resolv.conf on host or container.
 	resolvConfPath = "/etc/resolv.conf"
-	// hostnameEnv is the key for HOSTNAME env.
-	hostnameEnv = "HOSTNAME"
 )
 
 // getCgroupsPath generates container cgroups path.
@@ -138,27 +133,10 @@ func checkSelinuxLevel(level string) error {
 	return nil
 }
 
-// apparmorEnabled returns true if apparmor is enabled, supported by the host,
-// if apparmor_parser is installed, and if we are not running docker-in-docker.
-func (c *Controller) apparmorEnabled() bool {
-	if c.config.DisableApparmor {
-		return false
-	}
-	return apparmor.HostSupports()
-}
-
 func (c *Controller) seccompEnabled() bool {
 	return seccomp.IsEnabled()
 }
 
-// openLogFile opens/creates a container log file.
-func openLogFile(path string) (*os.File, error) {
-	if err := os.MkdirAll(filepath.Dir(path), 0755); err != nil {
-		return nil, err
-	}
-	return os.OpenFile(path, os.O_CREATE|os.O_APPEND|os.O_WRONLY, 0640)
-}
-
 // unmountRecursive unmounts the target and all mounts underneath, starting with
 // the deepest mount first.
 func unmountRecursive(ctx context.Context, target string) error {

pkg/cri/sbserver/podsandbox/helpers_other.go

@@ -26,11 +26,6 @@ import (
 	"github.com/opencontainers/runtime-spec/specs-go"
 )
 
-// openLogFile opens/creates a container log file.
-func openLogFile(path string) (*os.File, error) {
-	return os.OpenFile(path, os.O_CREATE|os.O_APPEND|os.O_WRONLY, 0640)
-}
-
 // ensureRemoveAll wraps `os.RemoveAll` to check for specific errors that can
 // often be remedied.
 // Only use `ensureRemoveAll` if you really want to make every effort to remove

pkg/cri/sbserver/podsandbox/helpers_windows.go

@@ -19,145 +19,10 @@ package podsandbox
 import (
 	"context"
 	"os"
-	"path/filepath"
-	"syscall"
 
 	"github.com/opencontainers/runtime-spec/specs-go"
 )
 
-// openLogFile opens/creates a container log file.
-// It specifies `FILE_SHARE_DELETE` option to make sure
-// log files can be rotated by kubelet.
-// TODO(windows): Use golang support after 1.14. (https://github.com/golang/go/issues/32088)
-func openLogFile(path string) (*os.File, error) {
-	path = fixLongPath(path)
-	if len(path) == 0 {
-		return nil, syscall.ERROR_FILE_NOT_FOUND
-	}
-	pathp, err := syscall.UTF16PtrFromString(path)
-	if err != nil {
-		return nil, err
-	}
-	createmode := uint32(syscall.OPEN_ALWAYS)
-	access := uint32(syscall.FILE_APPEND_DATA)
-	sharemode := uint32(syscall.FILE_SHARE_READ | syscall.FILE_SHARE_WRITE | syscall.FILE_SHARE_DELETE)
-	h, err := syscall.CreateFile(pathp, access, sharemode, nil, createmode, syscall.FILE_ATTRIBUTE_NORMAL, 0)
-	if err != nil {
-		return nil, err
-	}
-	return os.NewFile(uintptr(h), path), nil
-}
-
-// Copyright (c) 2009 The Go Authors. All rights reserved.
-//
-// Redistribution and use in source and binary forms, with or without
-// modification, are permitted provided that the following conditions are
-// met:
-//
-//    * Redistributions of source code must retain the above copyright
-// notice, this list of conditions and the following disclaimer.
-//    * Redistributions in binary form must reproduce the above
-// copyright notice, this list of conditions and the following disclaimer
-// in the documentation and/or other materials provided with the
-// distribution.
-//    * Neither the name of Google Inc. nor the names of its
-// contributors may be used to endorse or promote products derived from
-// this software without specific prior written permission.
-//
-// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
-// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
-// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
-// A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
-// OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
-// LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
-// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
-// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
-// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
-// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
-
-// fixLongPath returns the extended-length (\\?\-prefixed) form of
-// path when needed, in order to avoid the default 260 character file
-// path limit imposed by Windows. If path is not easily converted to
-// the extended-length form (for example, if path is a relative path
-// or contains .. elements), or is short enough, fixLongPath returns
-// path unmodified.
-//
-// See https://msdn.microsoft.com/en-us/library/windows/desktop/aa365247(v=vs.85).aspx#maxpath
-//
-// This is copied from https://golang.org/src/path/filepath/path_windows.go.
-func fixLongPath(path string) string {
-	// Do nothing (and don't allocate) if the path is "short".
-	// Empirically (at least on the Windows Server 2013 builder),
-	// the kernel is arbitrarily okay with < 248 bytes. That
-	// matches what the docs above say:
-	// "When using an API to create a directory, the specified
-	// path cannot be so long that you cannot append an 8.3 file
-	// name (that is, the directory name cannot exceed MAX_PATH
-	// minus 12)." Since MAX_PATH is 260, 260 - 12 = 248.
-	//
-	// The MSDN docs appear to say that a normal path that is 248 bytes long
-	// will work; empirically the path must be less then 248 bytes long.
-	if len(path) < 248 {
-		// Don't fix. (This is how Go 1.7 and earlier worked,
-		// not automatically generating the \\?\ form)
-		return path
-	}
-
-	// The extended form begins with \\?\, as in
-	// \\?\c:\windows\foo.txt or \\?\UNC\server\share\foo.txt.
-	// The extended form disables evaluation of . and .. path
-	// elements and disables the interpretation of / as equivalent
-	// to \. The conversion here rewrites / to \ and elides
-	// . elements as well as trailing or duplicate separators. For
-	// simplicity it avoids the conversion entirely for relative
-	// paths or paths containing .. elements. For now,
-	// \\server\share paths are not converted to
-	// \\?\UNC\server\share paths because the rules for doing so
-	// are less well-specified.
-	if len(path) >= 2 && path[:2] == `\\` {
-		// Don't canonicalize UNC paths.
-		return path
-	}
-	if !filepath.IsAbs(path) {
-		// Relative path
-		return path
-	}
-
-	const prefix = `\\?`
-
-	pathbuf := make([]byte, len(prefix)+len(path)+len(`\`))
-	copy(pathbuf, prefix)
-	n := len(path)
-	r, w := 0, len(prefix)
-	for r < n {
-		switch {
-		case os.IsPathSeparator(path[r]):
-			// empty block
-			r++
-		case path[r] == '.' && (r+1 == n || os.IsPathSeparator(path[r+1])):
-			// /./
-			r++
-		case r+1 < n && path[r] == '.' && path[r+1] == '.' && (r+2 == n || os.IsPathSeparator(path[r+2])):
-			// /../ is currently unhandled
-			return path
-		default:
-			pathbuf[w] = '\\'
-			w++
-			for ; r < n && !os.IsPathSeparator(path[r]); r++ {
-				pathbuf[w] = path[r]
-				w++
-			}
-		}
-	}
-	// A drive's root directory needs a trailing \
-	if w == len(`\\?\c:`) {
-		pathbuf[w] = '\\'
-		w++
-	}
-	return string(pathbuf[:w])
-}
-
 // ensureRemoveAll is a wrapper for os.RemoveAll on Windows.
 func ensureRemoveAll(_ context.Context, dir string) error {
 	return os.RemoveAll(dir)

pkg/cri/sbserver/podsandbox/sandbox_run.go

@@ -84,10 +84,10 @@ func (c *Controller) Start(ctx context.Context, id string) (_ uint32, retErr err
 	}
 	log.G(ctx).WithField("podsandboxid", id).Debugf("sandbox container spec: %#+v", spew.NewFormatter(spec))
 
-	processLabel := spec.Process.SelinuxLabel
+	metadata.ProcessLabel = spec.Process.SelinuxLabel
 	defer func() {
 		if retErr != nil {
-			selinux.ReleaseLabel(processLabel)
+			selinux.ReleaseLabel(metadata.ProcessLabel)
 		}
 	}()