When runC shimv2 starts, the StartShim interface will re-exec itself as
long-running process, which will read the `address` during initializing.
```happycase
Process
containerd-shim-runc-v1/v2 start containerd-shim-runc-v1/v2
initializing socket
reexec containerd-shim-runc-v1/v2
write address into file
initializing
read address
write back to containerd daemon
serving
...
remove address in Shutdown call
```
However, there is no synchronization after reexec. Then the data race is
like:
```leaking-case
Process
containerd-shim-runc-v1/v2 start containerd-shim-runc-v1/v2
initializing socket
reexec containerd-shim-runc-v1/v2
initializing
read address
write address into file
write back to containerd daemon
serving
...
fail to remove address
because of empty address
```
The `address` should be writen into file first before reexec.
And if shutdown the whole service before cleanup temporary
resource (like socket file), the Shutdown caller will receive `ttrpc: closed`
sometime, which depends on go runtime scheduler. Then it also causes leaking
socket files.
Since the shimV2-Delete binary API must be called to cleanup shim temporary
resource and shimV2-runC-v1 doesn't support grouping multi containers in one,
it is safe to remove the socket file in the binary call for shimV2-runC-v1.
But for the shimV2-runC-v2 shim, we still cleanup socket in Shutdown.
Hopefully we can find a way to cleanup socket in shimV2-Delete binary
call.
Fix: #5173
Signed-off-by: Wei Fu <fuweid89@gmail.com>
`config_linux.go` and `config_windows.go` are identical.
`config_unsupported.go` is also almost identical but enables debug logs by default.
Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
- changed the `MatchLocalhost` function in remotes/docker/registry.go
- Make use of SplitHostPort to split host and port number
- Added additional tests for modified code in remotes/docker/registry_test.go
- Note: this does not handle mathcing of IP addresses in octal, decimal or hex format or a mix of these.
Fixes: #5129
Signed-off-by: Madhav Jivrajani <madhav.jiv@gmail.com>
Now that they are using a multi-arch image, they should work on Windows
like they work elsewhere.
This also means non-AMD64 platforms do this test with their native
platform version, not the linux/amd64 platform version.
Signed-off-by: Paul "TBBle" Hampson <Paul.Hampson@Pobox.com>
This reduces the need to pull random images from docker.io, and should
greatly reduce the tendancy to hit their hourly rate-limit during
integration test runs.
TestImagePullSomePlatforms uses k8s.gcr.io/pause:3.2 so that it does not
see the content pulled by TestImagePullAllPlatforms. This image is
multi-arch, but not multi-os.
Signed-off-by: Paul "TBBle" Hampson <Paul.Hampson@Pobox.com>
This will be used instead of the cri registry config in the main config
toml.
---
Also pulls in changes from containerd/cri@d0b4eecbb3
Signed-off-by: Brian Goff <cpuguy83@gmail.com>
The certs dir parsing was skipping over files instead of reading them,
as such the certs would never load.
It was also stating the file name rather than the full path for cert
pairs.
Signed-off-by: Brian Goff <cpuguy83@gmail.com>
Both runc and containerd use BUILDTAGS to customize go build-tags.
When building containerd with custom build-tags, runc inherited
those, causing the default to be overwritten, e.g.;
make BUILDTAGS=no_btrfs cri-cni-release
(in script/setup/install-runc)
HEAD is now at 12644e61 VERSION: release 1.0.0~rc93
make[1]: Entering directory '/tmp/tmp.ZJzc2KtI0A/runc'
go build -trimpath "-mod=vendor" "-buildmode=pie" -tags "no_btrfs" -ldflags "-X main.gitCommit="12644e614e25b05da6fd08a38ffa0cfe1903fdec" -X main.version=1.0.0-rc93 " -o runc .
^^^^^^^^^^^^^^^^
This patch brings back the BUILDTAGS make-var in the runc-install
script, which fixates the buildtags to our defaults.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
To investigate issues like #4969, it would be helpful to understand
the status of the VM at the end.
Signed-off-by: Kazuyoshi Kato <katokazu@amazon.com>
