Load runtimes dynamically via go1.8 plugins

Signed-off-by: Michael Crosby <crosbymichael@gmail.com> Add registration for more subsystems via plugins Signed-off-by: Michael Crosby <crosbymichael@gmail.com> Move content service to separate package Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
2017-02-16 14:45:13 -08:00 · 2017-02-16 14:45:13 -08:00 · 3101be93bc
commit 3101be93bc
parent b7805198b1
25 changed files with 435 additions and 264 deletions
--- a/linux/shim/exec.go
+++ b/linux/shim/exec.go
@ -0,0 +1,142 @@
+package shim
+
+import (
+	"context"
+	"fmt"
+	"os"
+	"path/filepath"
+	"sync"
+
+	"github.com/crosbymichael/console"
+	runc "github.com/crosbymichael/go-runc"
+	shimapi "github.com/docker/containerd/api/services/shim"
+	specs "github.com/opencontainers/runtime-spec/specs-go"
+)
+
+type execProcess struct {
+	sync.WaitGroup
+
+	id      int
+	console console.Console
+	io      runc.IO
+	status  int
+	pid     int
+
+	parent *initProcess
+}
+
+func newExecProcess(context context.Context, r *shimapi.ExecRequest, parent *initProcess, id int) (process, error) {
+	cwd, err := os.Getwd()
+	if err != nil {
+		return nil, err
+	}
+	e := &execProcess{
+		id:     id,
+		parent: parent,
+	}
+	var (
+		socket  *runc.ConsoleSocket
+		io      runc.IO
+		pidfile = filepath.Join(cwd, fmt.Sprintf("%d.pid", id))
+	)
+	if r.Terminal {
+		if socket, err = runc.NewConsoleSocket(filepath.Join(cwd, "pty.sock")); err != nil {
+			return nil, err
+		}
+		defer os.Remove(socket.Path())
+	} else {
+		// TODO: get uid/gid
+		if io, err = runc.NewPipeIO(0, 0); err != nil {
+			return nil, err
+		}
+		e.io = io
+	}
+	opts := &runc.ExecOpts{
+		PidFile:       pidfile,
+		ConsoleSocket: socket,
+		IO:            io,
+		Detach:        true,
+	}
+	if err := parent.runc.Exec(context, parent.id, processFromRequest(r), opts); err != nil {
+		return nil, err
+	}
+	if socket != nil {
+		console, err := socket.ReceiveMaster()
+		if err != nil {
+			return nil, err
+		}
+		e.console = console
+		if err := copyConsole(context, console, r.Stdin, r.Stdout, r.Stderr, &e.WaitGroup); err != nil {
+			return nil, err
+		}
+	} else {
+		if err := copyPipes(context, io, r.Stdin, r.Stdout, r.Stderr, &e.WaitGroup); err != nil {
+			return nil, err
+		}
+	}
+	pid, err := runc.ReadPidFile(opts.PidFile)
+	if err != nil {
+		return nil, err
+	}
+	e.pid = pid
+	return e, nil
+}
+
+func processFromRequest(r *shimapi.ExecRequest) specs.Process {
+	var user specs.User
+	if r.User != nil {
+		user.UID = r.User.Uid
+		user.GID = r.User.Gid
+		user.AdditionalGids = r.User.AdditionalGids
+	}
+	return specs.Process{
+		Terminal:        r.Terminal,
+		User:            user,
+		Rlimits:         rlimits(r.Rlimits),
+		Args:            r.Args,
+		Env:             r.Env,
+		Cwd:             r.Cwd,
+		Capabilities:    r.Capabilities,
+		NoNewPrivileges: r.NoNewPrivileges,
+		ApparmorProfile: r.ApparmorProfile,
+		SelinuxLabel:    r.SelinuxLabel,
+	}
+}
+
+func rlimits(rr []*shimapi.Rlimit) (o []specs.LinuxRlimit) {
+	for _, r := range rr {
+		o = append(o, specs.LinuxRlimit{
+			Type: r.Type,
+			Hard: r.Hard,
+			Soft: r.Soft,
+		})
+	}
+	return o
+}
+
+func (e *execProcess) Pid() int {
+	return e.pid
+}
+
+func (e *execProcess) Status() int {
+	return e.status
+}
+
+func (e *execProcess) Exited(status int) {
+	e.status = status
+	e.Wait()
+	if e.io != nil {
+		e.io.Close()
+	}
+}
+
+func (e *execProcess) Delete(ctx context.Context) error {
+	return nil
+}
+
+func (e *execProcess) Resize(ws console.WinSize) error {
+	if e.console == nil {
+		return nil
+	}
+	return e.console.Resize(ws)
+}
--- a/linux/shim/init.go
+++ b/linux/shim/init.go
@ -0,0 +1,146 @@
+package shim
+
+import (
+	"context"
+	"os"
+	"path/filepath"
+	"sync"
+	"syscall"
+
+	"github.com/crosbymichael/console"
+	runc "github.com/crosbymichael/go-runc"
+	"github.com/docker/containerd"
+	shimapi "github.com/docker/containerd/api/services/shim"
+)
+
+type initProcess struct {
+	sync.WaitGroup
+
+	id      string
+	bundle  string
+	console console.Console
+	io      runc.IO
+	runc    *runc.Runc
+	status  int
+	pid     int
+}
+
+func newInitProcess(context context.Context, r *shimapi.CreateRequest) (*initProcess, error) {
+	cwd, err := os.Getwd()
+	if err != nil {
+		return nil, err
+	}
+	for _, rm := range r.Rootfs {
+		m := &containerd.Mount{
+			Type:    rm.Type,
+			Source:  rm.Source,
+			Options: rm.Options,
+		}
+		if err := m.Mount(filepath.Join(cwd, "rootfs")); err != nil {
+			return nil, err
+		}
+	}
+	runtime := &runc.Runc{
+		Command:      r.Runtime,
+		Log:          filepath.Join(cwd, "log.json"),
+		LogFormat:    runc.JSON,
+		PdeathSignal: syscall.SIGKILL,
+	}
+	p := &initProcess{
+		id:     r.ID,
+		bundle: r.Bundle,
+		runc:   runtime,
+	}
+	var (
+		socket *runc.ConsoleSocket
+		io     runc.IO
+	)
+	if r.Terminal {
+		if socket, err = runc.NewConsoleSocket(filepath.Join(cwd, "pty.sock")); err != nil {
+			return nil, err
+		}
+		defer os.Remove(socket.Path())
+	} else {
+		// TODO: get uid/gid
+		if io, err = runc.NewPipeIO(0, 0); err != nil {
+			return nil, err
+		}
+		p.io = io
+	}
+	opts := &runc.CreateOpts{
+		PidFile:       filepath.Join(cwd, "init.pid"),
+		ConsoleSocket: socket,
+		IO:            io,
+		NoPivot:       r.NoPivot,
+	}
+	if err := p.runc.Create(context, r.ID, r.Bundle, opts); err != nil {
+		return nil, err
+	}
+	if socket != nil {
+		console, err := socket.ReceiveMaster()
+		if err != nil {
+			return nil, err
+		}
+		p.console = console
+		if err := copyConsole(context, console, r.Stdin, r.Stdout, r.Stderr, &p.WaitGroup); err != nil {
+			return nil, err
+		}
+	} else {
+		if err := copyPipes(context, io, r.Stdin, r.Stdout, r.Stderr, &p.WaitGroup); err != nil {
+			return nil, err
+		}
+	}
+	pid, err := runc.ReadPidFile(opts.PidFile)
+	if err != nil {
+		return nil, err
+	}
+	p.pid = pid
+	return p, nil
+}
+
+func (p *initProcess) Pid() int {
+	return p.pid
+}
+
+func (p *initProcess) Status() int {
+	return p.status
+}
+
+func (p *initProcess) Start(context context.Context) error {
+	return p.runc.Start(context, p.id)
+}
+
+func (p *initProcess) Exited(status int) {
+	p.status = status
+}
+
+func (p *initProcess) Delete(context context.Context) error {
+	p.killAll(context)
+	p.Wait()
+	err := p.runc.Delete(context, p.id)
+	if p.io != nil {
+		p.io.Close()
+	}
+	return err
+}
+
+func (p *initProcess) Resize(ws console.WinSize) error {
+	if p.console == nil {
+		return nil
+	}
+	return p.console.Resize(ws)
+}
+
+func (p *initProcess) Pause(context context.Context) error {
+	return p.runc.Pause(context, p.id)
+}
+
+func (p *initProcess) Resume(context context.Context) error {
+	return p.runc.Resume(context, p.id)
+}
+
+func (p *initProcess) killAll(context context.Context) error {
+	return p.runc.Kill(context, p.id, int(syscall.SIGKILL), &runc.KillOpts{
+		All: true,
+	})
+}
--- a/linux/shim/io.go
+++ b/linux/shim/io.go
@ -0,0 +1,81 @@
+package shim
+
+import (
+	"context"
+	"fmt"
+	"io"
+	"sync"
+	"syscall"
+
+	"github.com/crosbymichael/console"
+	runc "github.com/crosbymichael/go-runc"
+	"github.com/tonistiigi/fifo"
+)
+
+func copyConsole(ctx context.Context, console console.Console, stdin, stdout, stderr string, wg *sync.WaitGroup) error {
+	in, err := fifo.OpenFifo(ctx, stdin, syscall.O_RDONLY, 0)
+	if err != nil {
+		return err
+	}
+	go io.Copy(console, in)
+	outw, err := fifo.OpenFifo(ctx, stdout, syscall.O_WRONLY, 0)
+	if err != nil {
+		return err
+	}
+	outr, err := fifo.OpenFifo(ctx, stdout, syscall.O_RDONLY, 0)
+	if err != nil {
+		return err
+	}
+	wg.Add(1)
+	go func() {
+		io.Copy(outw, console)
+		console.Close()
+		outr.Close()
+		outw.Close()
+		wg.Done()
+	}()
+	return nil
+}
+
+func copyPipes(ctx context.Context, rio runc.IO, stdin, stdout, stderr string, wg *sync.WaitGroup) error {
+	for name, dest := range map[string]func(wc io.WriteCloser, rc io.Closer){
+		stdout: func(wc io.WriteCloser, rc io.Closer) {
+			wg.Add(1)
+			go func() {
+				io.Copy(wc, rio.Stdout())
+				wg.Done()
+				wc.Close()
+				rc.Close()
+			}()
+		},
+		stderr: func(wc io.WriteCloser, rc io.Closer) {
+			wg.Add(1)
+			go func() {
+				io.Copy(wc, rio.Stderr())
+				wg.Done()
+				wc.Close()
+				rc.Close()
+			}()
+		},
+	} {
+		fw, err := fifo.OpenFifo(ctx, name, syscall.O_WRONLY, 0)
+		if err != nil {
+			return fmt.Errorf("containerd-shim: opening %s failed: %s", name, err)
+		}
+		fr, err := fifo.OpenFifo(ctx, name, syscall.O_RDONLY, 0)
+		if err != nil {
+			return fmt.Errorf("containerd-shim: opening %s failed: %s", name, err)
+		}
+		dest(fw, fr)
+	}
+	f, err := fifo.OpenFifo(ctx, stdin, syscall.O_RDONLY, 0)
+	if err != nil {
+		return fmt.Errorf("containerd-shim: opening %s failed: %s", stdin, err)
+	}
+	go func() {
+		io.Copy(rio.Stdin(), f)
+		rio.Stdin().Close()
+		f.Close()
+	}()
+	return nil
+}
--- a/linux/shim/process.go
+++ b/linux/shim/process.go
@ -0,0 +1,19 @@
+package shim
+
+import (
+	"context"
+
+	"github.com/crosbymichael/console"
+)
+
+type process interface {
+	// Pid returns the pid for the process
+	Pid() int
+	// Resize resizes the process console
+	Resize(ws console.WinSize) error
+	// Exited sets the exit status for the process
+	Exited(status int)
+	// Status returns the exit status
+	Status() int
+	Delete(context.Context) error
+}
--- a/linux/shim/service.go
+++ b/linux/shim/service.go
@ -0,0 +1,198 @@
+package shim
+
+import (
+	"os"
+	"sync"
+	"syscall"
+
+	"github.com/crosbymichael/console"
+	shimapi "github.com/docker/containerd/api/services/shim"
+	"github.com/docker/containerd/api/types/container"
+	"github.com/docker/containerd/utils"
+	google_protobuf "github.com/golang/protobuf/ptypes/empty"
+	"github.com/pkg/errors"
+	"golang.org/x/net/context"
+)
+
+var empty = &google_protobuf.Empty{}
+
+// New returns a new shim service that can be used via GRPC
+func New() *Service {
+	return &Service{
+		processes: make(map[int]process),
+		events:    make(chan *container.Event, 4096),
+	}
+}
+
+type Service struct {
+	initProcess *initProcess
+	id          string
+	bundle      string
+	mu          sync.Mutex
+	processes   map[int]process
+	events      chan *container.Event
+	execID      int
+}
+
+func (s *Service) Create(ctx context.Context, r *shimapi.CreateRequest) (*shimapi.CreateResponse, error) {
+	process, err := newInitProcess(ctx, r)
+	if err != nil {
+		return nil, err
+	}
+	s.mu.Lock()
+	s.id = r.ID
+	s.bundle = r.Bundle
+	s.initProcess = process
+	pid := process.Pid()
+	s.processes[pid] = process
+	s.mu.Unlock()
+	s.events <- &container.Event{
+		Type: container.Event_CREATE,
+		ID:   r.ID,
+		Pid:  uint32(pid),
+	}
+	return &shimapi.CreateResponse{
+		Pid: uint32(pid),
+	}, nil
+}
+
+func (s *Service) Start(ctx context.Context, r *shimapi.StartRequest) (*google_protobuf.Empty, error) {
+	if err := s.initProcess.Start(ctx); err != nil {
+		return nil, err
+	}
+	s.events <- &container.Event{
+		Type: container.Event_START,
+		ID:   s.id,
+		Pid:  uint32(s.initProcess.Pid()),
+	}
+	return empty, nil
+}
+
+func (s *Service) Delete(ctx context.Context, r *shimapi.DeleteRequest) (*shimapi.DeleteResponse, error) {
+	s.mu.Lock()
+	p, ok := s.processes[int(r.Pid)]
+	s.mu.Unlock()
+	if !ok {
+		p = s.initProcess
+	}
+	if err := p.Delete(ctx); err != nil {
+		return nil, err
+	}
+	s.mu.Lock()
+	delete(s.processes, p.Pid())
+	s.mu.Unlock()
+	return &shimapi.DeleteResponse{
+		ExitStatus: uint32(p.Status()),
+	}, nil
+}
+
+func (s *Service) Exec(ctx context.Context, r *shimapi.ExecRequest) (*shimapi.ExecResponse, error) {
+	s.mu.Lock()
+	defer s.mu.Unlock()
+	s.execID++
+	process, err := newExecProcess(ctx, r, s.initProcess, s.execID)
+	if err != nil {
+		return nil, err
+	}
+	pid := process.Pid()
+	s.processes[pid] = process
+	s.events <- &container.Event{
+		Type: container.Event_EXEC_ADDED,
+		ID:   s.id,
+		Pid:  uint32(pid),
+	}
+	return &shimapi.ExecResponse{
+		Pid: uint32(pid),
+	}, nil
+}
+
+func (s *Service) Pty(ctx context.Context, r *shimapi.PtyRequest) (*google_protobuf.Empty, error) {
+	if r.Pid == 0 {
+		return nil, errors.Errorf("pid not provided in request")
+	}
+	ws := console.WinSize{
+		Width:  uint16(r.Width),
+		Height: uint16(r.Height),
+	}
+	s.mu.Lock()
+	p, ok := s.processes[int(r.Pid)]
+	s.mu.Unlock()
+	if !ok {
+		return nil, errors.Errorf("process does not exist %d", r.Pid)
+	}
+	if err := p.Resize(ws); err != nil {
+		return nil, err
+	}
+	return empty, nil
+}
+
+func (s *Service) Events(r *shimapi.EventsRequest, stream shimapi.Shim_EventsServer) error {
+	for e := range s.events {
+		if err := stream.Send(e); err != nil {
+			return err
+		}
+	}
+	return nil
+}
+
+func (s *Service) State(ctx context.Context, r *shimapi.StateRequest) (*shimapi.StateResponse, error) {
+	o := &shimapi.StateResponse{
+		ID:        s.id,
+		Bundle:    s.bundle,
+		Pid:       uint32(s.initProcess.Pid()),
+		Processes: []*container.Process{},
+	}
+	s.mu.Lock()
+	defer s.mu.Unlock()
+	for _, p := range s.processes {
+		status := container.Status_RUNNING
+		if err := syscall.Kill(p.Pid(), 0); err != nil {
+			if err != syscall.ESRCH {
+				return nil, err
+			}
+			status = container.Status_STOPPED
+		}
+		o.Processes = append(o.Processes, &container.Process{
+			Pid:    uint32(p.Pid()),
+			Status: status,
+		})
+	}
+	return o, nil
+}
+
+func (s *Service) Pause(ctx context.Context, r *shimapi.PauseRequest) (*google_protobuf.Empty, error) {
+	if err := s.initProcess.Pause(ctx); err != nil {
+		return nil, err
+	}
+	return empty, nil
+}
+
+func (s *Service) Resume(ctx context.Context, r *shimapi.ResumeRequest) (*google_protobuf.Empty, error) {
+	if err := s.initProcess.Resume(ctx); err != nil {
+		return nil, err
+	}
+	return empty, nil
+}
+
+func (s *Service) Exit(ctx context.Context, r *shimapi.ExitRequest) (*google_protobuf.Empty, error) {
+	// signal ourself to exit
+	if err := syscall.Kill(os.Getpid(), syscall.SIGTERM); err != nil {
+		return nil, err
+	}
+	return empty, nil
+}
+
+func (s *Service) ProcessExit(e utils.Exit) error {
+	s.mu.Lock()
+	if p, ok := s.processes[e.Pid]; ok {
+		p.Exited(e.Status)
+		s.events <- &container.Event{
+			Type:       container.Event_EXIT,
+			ID:         s.id,
+			Pid:        uint32(p.Pid()),
+			ExitStatus: uint32(e.Status),
+		}
+	}
+	s.mu.Unlock()
+	return nil
+}