To avoid importing all of grpc when consuming events, the types of
events have been split in to a separate package. This should allow a
reduction in memory usage in cases where a package is consuming events
but not using the gprc service directly.
Signed-off-by: Stephen J Day <stephen.day@docker.com>
This is needed for users on kernel older than 3.18 so they can avoid EBUSY
errors when trying to unlink, rename or remove a mountpoint that is present in
a shim namespace.
Signed-off-by: Kenfe-Mickael Laventure <mickael.laventure@gmail.com>
This converts the oom metric to be a const metric so that deleted tasks
do not fill up the metric labels.
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
This also fix the type used for RuncOptions.SystemCgroup, hence introducing
an API break.
Signed-off-by: Kenfe-Mickael Laventure <mickael.laventure@gmail.com>
Depends on https://github.com/containerd/go-runc/pull/24
The is currently a race with the reaper where you could miss some exit
events from processes.
The problem before and why the reaper was so complex was because
processes could fork, getting a pid, and then fail on an execve before
we would have time to register the process with the reaper. This could
cause pids to fill up in a map as a way to reduce the race.
This changes makes the reaper handle multiple subscribers so that the
caller can handle locking, for when they want to wait for a specific
pid, without affecting other callers using the reaper code.
Exit events are broadcast to multiple subscribers, in the case, the runc
commands and container pids that we get from a pid-file. Locking while
the entire container stats no longs affects runc commands where you want
to call `runc create` and wait until that has been completed.
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
Because runc will delete a container after a successful checkpoint we
need to handle a NotFound error from runc on delete.
There is also a race between SIGKILL'ing the shim and it actually
exiting to unmount the tasks rootfs, we need to loop and wait for the
task to actually be reaped before trying to delete the rootfs+bundle.
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
Since we now have a common set of error definitions, mapped to existing
error codes, we no longer need the specialized error codes used for
interaction with linux processes. The main issue was that string
matching was being used to map these to useful error codes. With this
change, we use errors defined in the `errdefs` package, which map
cleanly to GRPC error codes and are recoverable on either side of the
request.
The main focus of this PR was in removin these from the shim. We may
need follow ups to ensure error codes are preserved by the `Tasks`
service.
Signed-off-by: Stephen J Day <stephen.day@docker.com>
After review, there are cases where having common requirements for
namespaces and identifiers creates contention between applications. One
example is that it is nice to have namespaces comply with domain name
requirement, but that does not allow underscores, which are required for
certain identifiers.
The namespaces validation has been reverted to be in line with RFC 1035.
Existing identifiers has been modified to allow simply alpha-numeric
identifiers, while limiting adjacent separators.
We may follow up tweaks for the identifier charset but this split should
remove the hard decisions.
Signed-off-by: Stephen J Day <stephen.day@docker.com>
This removes the RuntimeEvent super proto with enums into separate
runtime event protos to be inline with the other events that are output
by containerd.
This also renames the runtime events into Task* events.
Fixes#1071
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
This makes it possible to enable shim debug by adding the following to
`config.toml`:
[plugins.linux]
shim_debug = true
I moved the debug setting from the `client.Config struct` to an argument to
`client.WithStart` since this is the only place it would be used.
Signed-off-by: Ian Campbell <ian.campbell@docker.com>
The compiler doesn't spot this, but guru does.
This seems to have become unused in 79e6a93624 ("Fix incorrect reference to
the gRPC runtime name as a binary").
Signed-off-by: Ian Campbell <ian.campbell@docker.com>
