linux: Honor RuncOptions if set on container
This also fix the type used for RuncOptions.SystemCgroup, hence introducing an API break. Signed-off-by: Kenfe-Mickael Laventure <mickael.laventure@gmail.com>
This commit is contained in:
Kenfe-Mickael Laventure
@@ -30,20 +30,20 @@ import (
|
||||
type ClientOpt func(context.Context, Config) (shim.ShimClient, io.Closer, error)
|
||||
|
||||
// WithStart executes a new shim process
|
||||
func WithStart(binary, address string, debug bool, exitHandler func()) ClientOpt {
|
||||
func WithStart(binary, address, daemonAddress, cgroup string, debug bool, exitHandler func()) ClientOpt {
|
||||
return func(ctx context.Context, config Config) (_ shim.ShimClient, _ io.Closer, err error) {
|
||||
socket, err := newSocket(config)
|
||||
socket, err := newSocket(address)
|
||||
if err != nil {
|
||||
return nil, nil, err
|
||||
}
|
||||
defer socket.Close()
|
||||
f, err := socket.File()
|
||||
if err != nil {
|
||||
return nil, nil, errors.Wrapf(err, "failed to get fd for socket %s", config.Address)
|
||||
return nil, nil, errors.Wrapf(err, "failed to get fd for socket %s", address)
|
||||
}
|
||||
defer f.Close()
|
||||
|
||||
cmd := newCommand(binary, address, debug, config, f)
|
||||
cmd := newCommand(binary, daemonAddress, debug, config, f)
|
||||
ec, err := reaper.Default.Start(cmd)
|
||||
if err != nil {
|
||||
return nil, nil, errors.Wrapf(err, "failed to start shim")
|
||||
@@ -59,19 +59,23 @@ func WithStart(binary, address string, debug bool, exitHandler func()) ClientOpt
|
||||
}()
|
||||
log.G(ctx).WithFields(logrus.Fields{
|
||||
"pid": cmd.Process.Pid,
|
||||
"address": config.Address,
|
||||
"address": address,
|
||||
"debug": debug,
|
||||
}).Infof("shim %s started", binary)
|
||||
// set shim in cgroup if it is provided
|
||||
if config.CgroupPath != "" {
|
||||
if err := setCgroup(ctx, config, cmd); err != nil {
|
||||
if cgroup != "" {
|
||||
if err := setCgroup(cgroup, cmd); err != nil {
|
||||
return nil, nil, err
|
||||
}
|
||||
log.G(ctx).WithFields(logrus.Fields{
|
||||
"pid": cmd.Process.Pid,
|
||||
"address": address,
|
||||
}).Infof("shim placed in cgroup %s", cgroup)
|
||||
}
|
||||
if err = sys.SetOOMScore(cmd.Process.Pid, sys.OOMScoreMaxKillable); err != nil {
|
||||
return nil, nil, errors.Wrap(err, "failed to set OOM Score on shim")
|
||||
}
|
||||
c, clo, err := WithConnect(ctx, config)
|
||||
c, clo, err := WithConnect(address)(ctx, config)
|
||||
if err != nil {
|
||||
return nil, nil, errors.Wrap(err, "failed to connect")
|
||||
}
|
||||
@@ -79,15 +83,23 @@ func WithStart(binary, address string, debug bool, exitHandler func()) ClientOpt
|
||||
}
|
||||
}
|
||||
|
||||
func newCommand(binary, address string, debug bool, config Config, socket *os.File) *exec.Cmd {
|
||||
func newCommand(binary, daemonAddress string, debug bool, config Config, socket *os.File) *exec.Cmd {
|
||||
args := []string{
|
||||
"--namespace", config.Namespace,
|
||||
"--address", address,
|
||||
"--workdir", config.WorkDir,
|
||||
"--address", daemonAddress,
|
||||
}
|
||||
|
||||
if config.Criu != "" {
|
||||
args = append(args, "--criu-path", config.Criu)
|
||||
}
|
||||
if config.SystemdCgroup {
|
||||
args = append(args, "--systemd-cgroup")
|
||||
}
|
||||
if debug {
|
||||
args = append(args, "--debug")
|
||||
}
|
||||
|
||||
cmd := exec.Command(binary, args...)
|
||||
cmd.Dir = config.Path
|
||||
// make sure the shim can be re-parented to system init
|
||||
@@ -102,13 +114,13 @@ func newCommand(binary, address string, debug bool, config Config, socket *os.Fi
|
||||
return cmd
|
||||
}
|
||||
|
||||
func newSocket(config Config) (*net.UnixListener, error) {
|
||||
if len(config.Address) > 106 {
|
||||
return nil, errors.Errorf("%q: unix socket path too long (limit 106)", config.Address)
|
||||
func newSocket(address string) (*net.UnixListener, error) {
|
||||
if len(address) > 106 {
|
||||
return nil, errors.Errorf("%q: unix socket path too long (limit 106)", address)
|
||||
}
|
||||
l, err := net.Listen("unix", "\x00"+config.Address)
|
||||
l, err := net.Listen("unix", "\x00"+address)
|
||||
if err != nil {
|
||||
return nil, errors.Wrapf(err, "failed to listen to abstract unix socket %q", config.Address)
|
||||
return nil, errors.Wrapf(err, "failed to listen to abstract unix socket %q", address)
|
||||
}
|
||||
|
||||
return l.(*net.UnixListener), nil
|
||||
@@ -144,18 +156,20 @@ func dialAddress(address string) string {
|
||||
}
|
||||
|
||||
// WithConnect connects to an existing shim
|
||||
func WithConnect(ctx context.Context, config Config) (shim.ShimClient, io.Closer, error) {
|
||||
conn, err := connect(config.Address, annonDialer)
|
||||
if err != nil {
|
||||
return nil, nil, err
|
||||
func WithConnect(address string) ClientOpt {
|
||||
return func(ctx context.Context, config Config) (shim.ShimClient, io.Closer, error) {
|
||||
conn, err := connect(address, annonDialer)
|
||||
if err != nil {
|
||||
return nil, nil, err
|
||||
}
|
||||
return shim.NewShimClient(conn), conn, nil
|
||||
}
|
||||
return shim.NewShimClient(conn), conn, nil
|
||||
}
|
||||
|
||||
// WithLocal uses an in process shim
|
||||
func WithLocal(publisher events.Publisher) func(context.Context, Config) (shim.ShimClient, io.Closer, error) {
|
||||
return func(ctx context.Context, config Config) (shim.ShimClient, io.Closer, error) {
|
||||
service, err := NewService(config.Path, config.Namespace, config.WorkDir, publisher)
|
||||
service, err := NewService(config, publisher)
|
||||
if err != nil {
|
||||
return nil, nil, err
|
||||
}
|
||||
@@ -164,11 +178,11 @@ func WithLocal(publisher events.Publisher) func(context.Context, Config) (shim.S
|
||||
}
|
||||
|
||||
type Config struct {
|
||||
Address string
|
||||
Path string
|
||||
Namespace string
|
||||
CgroupPath string
|
||||
WorkDir string
|
||||
Path string
|
||||
Namespace string
|
||||
WorkDir string
|
||||
Criu string
|
||||
SystemdCgroup bool
|
||||
}
|
||||
|
||||
// New returns a new shim client
|
||||
|
||||
@@ -3,14 +3,11 @@
|
||||
package shim
|
||||
|
||||
import (
|
||||
"context"
|
||||
"os/exec"
|
||||
"syscall"
|
||||
|
||||
"github.com/containerd/cgroups"
|
||||
"github.com/containerd/containerd/log"
|
||||
"github.com/pkg/errors"
|
||||
"github.com/sirupsen/logrus"
|
||||
)
|
||||
|
||||
var atter = syscall.SysProcAttr{
|
||||
@@ -18,19 +15,15 @@ var atter = syscall.SysProcAttr{
|
||||
Setpgid: true,
|
||||
}
|
||||
|
||||
func setCgroup(ctx context.Context, config Config, cmd *exec.Cmd) error {
|
||||
cg, err := cgroups.Load(cgroups.V1, cgroups.StaticPath(config.CgroupPath))
|
||||
func setCgroup(cgroupPath string, cmd *exec.Cmd) error {
|
||||
cg, err := cgroups.Load(cgroups.V1, cgroups.StaticPath(cgroupPath))
|
||||
if err != nil {
|
||||
return errors.Wrapf(err, "failed to load cgroup %s", config.CgroupPath)
|
||||
return errors.Wrapf(err, "failed to load cgroup %s", cgroupPath)
|
||||
}
|
||||
if err := cg.Add(cgroups.Process{
|
||||
Pid: cmd.Process.Pid,
|
||||
}); err != nil {
|
||||
return errors.Wrapf(err, "failed to join cgroup %s", config.CgroupPath)
|
||||
return errors.Wrapf(err, "failed to join cgroup %s", cgroupPath)
|
||||
}
|
||||
log.G(ctx).WithFields(logrus.Fields{
|
||||
"pid": cmd.Process.Pid,
|
||||
"address": config.Address,
|
||||
}).Infof("shim placed in cgroup %s", config.CgroupPath)
|
||||
return nil
|
||||
}
|
||||
|
||||
@@ -3,7 +3,6 @@
|
||||
package shim
|
||||
|
||||
import (
|
||||
"context"
|
||||
"os/exec"
|
||||
"syscall"
|
||||
)
|
||||
@@ -12,6 +11,6 @@ var atter = syscall.SysProcAttr{
|
||||
Setpgid: true,
|
||||
}
|
||||
|
||||
func setCgroup(ctx context.Context, config Config, cmd *exec.Cmd) error {
|
||||
func setCgroup(cgroupPath string, cmd *exec.Cmd) error {
|
||||
return nil
|
||||
}
|
||||
|
||||
@@ -56,7 +56,7 @@ type initProcess struct {
|
||||
rootfs string
|
||||
}
|
||||
|
||||
func newInitProcess(context context.Context, plat platform, path, namespace, workDir string, r *shimapi.CreateTaskRequest) (*initProcess, error) {
|
||||
func (s *Service) newInitProcess(context context.Context, r *shimapi.CreateTaskRequest) (*initProcess, error) {
|
||||
var success bool
|
||||
|
||||
if err := identifiers.Validate(r.ID); err != nil {
|
||||
@@ -71,7 +71,7 @@ func newInitProcess(context context.Context, plat platform, path, namespace, wor
|
||||
options = *v.(*runcopts.CreateOptions)
|
||||
}
|
||||
|
||||
rootfs := filepath.Join(path, "rootfs")
|
||||
rootfs := filepath.Join(s.config.Path, "rootfs")
|
||||
// count the number of successful mounts so we can undo
|
||||
// what was actually done rather than what should have been
|
||||
// done.
|
||||
@@ -95,16 +95,18 @@ func newInitProcess(context context.Context, plat platform, path, namespace, wor
|
||||
}
|
||||
runtime := &runc.Runc{
|
||||
Command: r.Runtime,
|
||||
Log: filepath.Join(path, "log.json"),
|
||||
Log: filepath.Join(s.config.Path, "log.json"),
|
||||
LogFormat: runc.JSON,
|
||||
PdeathSignal: syscall.SIGKILL,
|
||||
Root: filepath.Join(RuncRoot, namespace),
|
||||
Root: filepath.Join(RuncRoot, s.config.Namespace),
|
||||
Criu: s.config.Criu,
|
||||
// SystemdCgroup: s.config.SystemdCgroup,
|
||||
}
|
||||
p := &initProcess{
|
||||
id: r.ID,
|
||||
bundle: r.Bundle,
|
||||
runtime: runtime,
|
||||
platform: plat,
|
||||
platform: s.platform,
|
||||
stdio: stdio{
|
||||
stdin: r.Stdin,
|
||||
stdout: r.Stdout,
|
||||
@@ -112,7 +114,7 @@ func newInitProcess(context context.Context, plat platform, path, namespace, wor
|
||||
terminal: r.Terminal,
|
||||
},
|
||||
rootfs: rootfs,
|
||||
workDir: workDir,
|
||||
workDir: s.config.WorkDir,
|
||||
}
|
||||
p.initState = &createdState{p: p}
|
||||
var (
|
||||
@@ -133,7 +135,7 @@ func newInitProcess(context context.Context, plat platform, path, namespace, wor
|
||||
return nil, errors.Wrap(err, "failed to create OCI runtime io pipes")
|
||||
}
|
||||
}
|
||||
pidFile := filepath.Join(path, InitPidFile)
|
||||
pidFile := filepath.Join(s.config.Path, InitPidFile)
|
||||
if r.Checkpoint != "" {
|
||||
opts := &runc.RestoreOpts{
|
||||
CheckpointOpts: runc.CheckpointOpts{
|
||||
@@ -178,7 +180,7 @@ func newInitProcess(context context.Context, plat platform, path, namespace, wor
|
||||
if err != nil {
|
||||
return nil, errors.Wrap(err, "failed to retrieve console master")
|
||||
}
|
||||
console, err = plat.copyConsole(context, console, r.Stdin, r.Stdout, r.Stderr, &p.WaitGroup, ©WaitGroup)
|
||||
console, err = s.platform.copyConsole(context, console, r.Stdin, r.Stdout, r.Stderr, &p.WaitGroup, ©WaitGroup)
|
||||
if err != nil {
|
||||
return nil, errors.Wrap(err, "failed to start console copy")
|
||||
}
|
||||
|
||||
@@ -33,7 +33,7 @@ func (c *local) Start(ctx context.Context, in *shimapi.StartRequest, opts ...grp
|
||||
|
||||
func (c *local) Delete(ctx context.Context, in *google_protobuf.Empty, opts ...grpc.CallOption) (*shimapi.DeleteResponse, error) {
|
||||
// make sure we unmount the containers rootfs for this local
|
||||
if err := unix.Unmount(filepath.Join(c.s.path, "rootfs"), 0); err != nil {
|
||||
if err := unix.Unmount(filepath.Join(c.s.config.Path, "rootfs"), 0); err != nil {
|
||||
return nil, err
|
||||
}
|
||||
return c.s.Delete(ctx, in)
|
||||
|
||||
@@ -32,23 +32,21 @@ var empty = &google_protobuf.Empty{}
|
||||
const RuncRoot = "/run/containerd/runc"
|
||||
|
||||
// NewService returns a new shim service that can be used via GRPC
|
||||
func NewService(path, namespace, workDir string, publisher events.Publisher) (*Service, error) {
|
||||
if namespace == "" {
|
||||
func NewService(config Config, publisher events.Publisher) (*Service, error) {
|
||||
if config.Namespace == "" {
|
||||
return nil, fmt.Errorf("shim namespace cannot be empty")
|
||||
}
|
||||
context := namespaces.WithNamespace(context.Background(), namespace)
|
||||
context := namespaces.WithNamespace(context.Background(), config.Namespace)
|
||||
context = log.WithLogger(context, logrus.WithFields(logrus.Fields{
|
||||
"namespace": namespace,
|
||||
"namespace": config.Namespace,
|
||||
"path": config.Path,
|
||||
"pid": os.Getpid(),
|
||||
"path": path,
|
||||
}))
|
||||
s := &Service{
|
||||
path: path,
|
||||
config: config,
|
||||
context: context,
|
||||
processes: make(map[string]process),
|
||||
events: make(chan interface{}, 4096),
|
||||
namespace: namespace,
|
||||
context: context,
|
||||
workDir: workDir,
|
||||
ec: reaper.Default.Subscribe(),
|
||||
}
|
||||
go s.processExits()
|
||||
@@ -67,25 +65,24 @@ type platform interface {
|
||||
}
|
||||
|
||||
type Service struct {
|
||||
path string
|
||||
id string
|
||||
bundle string
|
||||
mu sync.Mutex
|
||||
processes map[string]process
|
||||
events chan interface{}
|
||||
deferredEvent interface{}
|
||||
namespace string
|
||||
context context.Context
|
||||
ec chan runc.Exit
|
||||
mu sync.Mutex
|
||||
|
||||
workDir string
|
||||
platform platform
|
||||
config Config
|
||||
context context.Context
|
||||
processes map[string]process
|
||||
events chan interface{}
|
||||
platform platform
|
||||
ec chan runc.Exit
|
||||
|
||||
// Filled by Create()
|
||||
id string
|
||||
bundle string
|
||||
}
|
||||
|
||||
func (s *Service) Create(ctx context.Context, r *shimapi.CreateTaskRequest) (*shimapi.CreateTaskResponse, error) {
|
||||
s.mu.Lock()
|
||||
defer s.mu.Unlock()
|
||||
process, err := newInitProcess(ctx, s.platform, s.path, s.namespace, s.workDir, r)
|
||||
process, err := s.newInitProcess(ctx, r)
|
||||
if err != nil {
|
||||
return nil, errdefs.ToGRPC(err)
|
||||
}
|
||||
@@ -194,7 +191,7 @@ func (s *Service) Exec(ctx context.Context, r *shimapi.ExecProcessRequest) (*goo
|
||||
return nil, errdefs.ToGRPCf(errdefs.ErrFailedPrecondition, "container must be created")
|
||||
}
|
||||
|
||||
process, err := newExecProcess(ctx, s.path, r, p.(*initProcess), r.ID)
|
||||
process, err := newExecProcess(ctx, s.config.Path, r, p.(*initProcess), r.ID)
|
||||
if err != nil {
|
||||
return nil, errdefs.ToGRPC(err)
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user