2016-07-29 22:35:10 +00:00
|
|
|
package oci
|
|
|
|
|
|
|
|
import (
|
2016-08-29 18:48:58 +00:00
|
|
|
"bytes"
|
|
|
|
"encoding/json"
|
|
|
|
"fmt"
|
2016-09-16 23:32:19 +00:00
|
|
|
"io/ioutil"
|
2016-08-01 17:39:42 +00:00
|
|
|
"os"
|
2016-08-29 18:48:58 +00:00
|
|
|
"os/exec"
|
2016-07-29 22:35:10 +00:00
|
|
|
"path/filepath"
|
2016-09-16 23:32:19 +00:00
|
|
|
"strconv"
|
2016-07-29 22:35:10 +00:00
|
|
|
"strings"
|
2016-09-13 20:58:25 +00:00
|
|
|
"sync"
|
2016-09-15 23:40:44 +00:00
|
|
|
"syscall"
|
2016-08-31 23:32:17 +00:00
|
|
|
"time"
|
2016-07-29 22:35:10 +00:00
|
|
|
|
2016-12-09 20:53:56 +00:00
|
|
|
specs "github.com/opencontainers/runtime-spec/specs-go"
|
|
|
|
|
2016-09-15 23:40:44 +00:00
|
|
|
"github.com/Sirupsen/logrus"
|
2016-11-23 17:16:21 +00:00
|
|
|
"github.com/containernetworking/cni/pkg/ns"
|
2016-12-14 11:15:20 +00:00
|
|
|
"github.com/kubernetes-incubator/cri-o/utils"
|
2016-09-27 18:35:40 +00:00
|
|
|
"golang.org/x/sys/unix"
|
2017-02-01 00:45:59 +00:00
|
|
|
"k8s.io/apimachinery/pkg/fields"
|
2016-10-26 11:23:53 +00:00
|
|
|
pb "k8s.io/kubernetes/pkg/kubelet/api/v1alpha1/runtime"
|
2016-07-29 22:35:10 +00:00
|
|
|
)
|
|
|
|
|
2016-10-06 22:16:21 +00:00
|
|
|
const (
|
|
|
|
// ContainerStateCreated represents the created state of a container
|
|
|
|
ContainerStateCreated = "created"
|
|
|
|
// ContainerStateRunning represents the running state of a container
|
|
|
|
ContainerStateRunning = "running"
|
|
|
|
// ContainerStateStopped represents the stopped state of a container
|
|
|
|
ContainerStateStopped = "stopped"
|
2016-10-13 06:07:22 +00:00
|
|
|
// ContainerCreateTimeout represents the value of container creating timeout
|
2017-03-23 17:06:52 +00:00
|
|
|
ContainerCreateTimeout = 10 * time.Second
|
2016-10-06 22:16:21 +00:00
|
|
|
)
|
|
|
|
|
2016-07-29 22:35:10 +00:00
|
|
|
// New creates a new Runtime with options provided
|
2017-02-21 10:51:16 +00:00
|
|
|
func New(runtimePath string, runtimeHostPrivilegedPath string, conmonPath string, conmonEnv []string, cgroupManager string) (*Runtime, error) {
|
2016-07-29 22:35:10 +00:00
|
|
|
r := &Runtime{
|
2017-02-21 10:51:16 +00:00
|
|
|
name: filepath.Base(runtimePath),
|
|
|
|
path: runtimePath,
|
|
|
|
privilegedPath: runtimeHostPrivilegedPath,
|
|
|
|
conmonPath: conmonPath,
|
|
|
|
conmonEnv: conmonEnv,
|
|
|
|
cgroupManager: cgroupManager,
|
2016-07-29 22:35:10 +00:00
|
|
|
}
|
|
|
|
return r, nil
|
|
|
|
}
|
|
|
|
|
2016-08-15 22:22:34 +00:00
|
|
|
// Runtime stores the information about a oci runtime
|
2016-07-29 22:35:10 +00:00
|
|
|
type Runtime struct {
|
2017-02-21 10:51:16 +00:00
|
|
|
name string
|
|
|
|
path string
|
|
|
|
privilegedPath string
|
|
|
|
conmonPath string
|
|
|
|
conmonEnv []string
|
|
|
|
cgroupManager string
|
2016-07-29 22:35:10 +00:00
|
|
|
}
|
|
|
|
|
2016-09-15 23:40:44 +00:00
|
|
|
// syncInfo is used to return data from monitor process to daemon
|
|
|
|
type syncInfo struct {
|
2016-09-19 07:21:14 +00:00
|
|
|
Pid int `json:"pid"`
|
2016-09-15 23:40:44 +00:00
|
|
|
}
|
|
|
|
|
2017-01-10 22:18:14 +00:00
|
|
|
// exitCodeInfo is used to return the monitored process exit code to the daemon
|
|
|
|
type exitCodeInfo struct {
|
|
|
|
ExitCode int32 `json:"exit_code"`
|
|
|
|
}
|
|
|
|
|
2016-07-29 22:35:10 +00:00
|
|
|
// Name returns the name of the OCI Runtime
|
|
|
|
func (r *Runtime) Name() string {
|
|
|
|
return r.name
|
|
|
|
}
|
|
|
|
|
2017-02-21 10:51:16 +00:00
|
|
|
// Path returns the full path the OCI Runtime executable.
|
|
|
|
// Depending if the container is privileged, it will return
|
|
|
|
// the privileged runtime or not.
|
|
|
|
func (r *Runtime) Path(c *Container) string {
|
|
|
|
if c.privileged && r.privilegedPath != "" {
|
|
|
|
return r.privilegedPath
|
|
|
|
}
|
|
|
|
|
2016-07-29 22:35:10 +00:00
|
|
|
return r.path
|
|
|
|
}
|
|
|
|
|
|
|
|
// Version returns the version of the OCI Runtime
|
|
|
|
func (r *Runtime) Version() (string, error) {
|
|
|
|
runtimeVersion, err := getOCIVersion(r.path, "-v")
|
|
|
|
if err != nil {
|
|
|
|
return "", err
|
|
|
|
}
|
|
|
|
return runtimeVersion, nil
|
|
|
|
}
|
|
|
|
|
|
|
|
func getOCIVersion(name string, args ...string) (string, error) {
|
|
|
|
out, err := utils.ExecCmd(name, args...)
|
|
|
|
if err != nil {
|
|
|
|
return "", err
|
|
|
|
}
|
|
|
|
|
|
|
|
firstLine := out[:strings.Index(out, "\n")]
|
|
|
|
v := firstLine[strings.LastIndex(firstLine, " ")+1:]
|
|
|
|
return v, nil
|
|
|
|
}
|
2016-08-01 17:39:42 +00:00
|
|
|
|
|
|
|
// CreateContainer creates a container.
|
2017-03-06 23:08:46 +00:00
|
|
|
func (r *Runtime) CreateContainer(c *Container, cgroupParent string) error {
|
2016-09-15 23:40:44 +00:00
|
|
|
parentPipe, childPipe, err := newPipe()
|
|
|
|
if err != nil {
|
|
|
|
return fmt.Errorf("error creating socket pair: %v", err)
|
|
|
|
}
|
|
|
|
defer parentPipe.Close()
|
|
|
|
|
2016-12-19 23:06:27 +00:00
|
|
|
var args []string
|
|
|
|
if r.cgroupManager == "systemd" {
|
|
|
|
args = append(args, "-s")
|
|
|
|
}
|
|
|
|
args = append(args, "-c", c.name)
|
2017-02-21 10:51:16 +00:00
|
|
|
args = append(args, "-r", r.Path(c))
|
2016-11-14 16:52:58 +00:00
|
|
|
args = append(args, "-b", c.bundlePath)
|
|
|
|
args = append(args, "-p", filepath.Join(c.bundlePath, "pidfile"))
|
2016-10-07 15:59:39 +00:00
|
|
|
args = append(args, "-l", c.logPath)
|
2016-09-15 23:40:44 +00:00
|
|
|
if c.terminal {
|
|
|
|
args = append(args, "-t")
|
|
|
|
}
|
2016-10-07 15:59:39 +00:00
|
|
|
logrus.WithFields(logrus.Fields{
|
|
|
|
"args": args,
|
|
|
|
}).Debugf("running conmon: %s", r.conmonPath)
|
2016-09-15 23:40:44 +00:00
|
|
|
|
2016-09-28 19:49:46 +00:00
|
|
|
cmd := exec.Command(r.conmonPath, args...)
|
2016-09-15 23:40:44 +00:00
|
|
|
cmd.Dir = c.bundlePath
|
|
|
|
cmd.SysProcAttr = &syscall.SysProcAttr{
|
|
|
|
Setpgid: true,
|
|
|
|
}
|
|
|
|
cmd.Stdin = os.Stdin
|
|
|
|
cmd.Stdout = os.Stdout
|
|
|
|
cmd.Stderr = os.Stderr
|
|
|
|
cmd.ExtraFiles = append(cmd.ExtraFiles, childPipe)
|
|
|
|
// 0, 1 and 2 are stdin, stdout and stderr
|
2016-10-17 07:44:27 +00:00
|
|
|
cmd.Env = append(r.conmonEnv, fmt.Sprintf("_OCI_SYNCPIPE=%d", 3))
|
2016-09-15 23:40:44 +00:00
|
|
|
|
|
|
|
err = cmd.Start()
|
|
|
|
if err != nil {
|
|
|
|
childPipe.Close()
|
|
|
|
return err
|
|
|
|
}
|
|
|
|
|
|
|
|
// We don't need childPipe on the parent side
|
|
|
|
childPipe.Close()
|
|
|
|
|
2017-03-06 23:08:46 +00:00
|
|
|
// Move conmon to specified cgroup
|
|
|
|
if cgroupParent != "" {
|
|
|
|
if r.cgroupManager == "systemd" {
|
|
|
|
logrus.Infof("Running conmon under slice %s and unitName %s", cgroupParent, createUnitName("ocid", c.name))
|
2017-03-27 17:14:11 +00:00
|
|
|
if err = utils.RunUnderSystemdScope(cmd.Process.Pid, cgroupParent, createUnitName("ocid", c.name)); err != nil {
|
2017-03-06 23:08:46 +00:00
|
|
|
logrus.Warnf("Failed to add conmon to sandbox cgroup: %v", err)
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2016-09-15 23:40:44 +00:00
|
|
|
// Wait to get container pid from conmon
|
2016-10-13 06:07:22 +00:00
|
|
|
type syncStruct struct {
|
|
|
|
si *syncInfo
|
|
|
|
err error
|
|
|
|
}
|
|
|
|
ch := make(chan syncStruct)
|
|
|
|
go func() {
|
|
|
|
var si *syncInfo
|
|
|
|
if err = json.NewDecoder(parentPipe).Decode(&si); err != nil {
|
|
|
|
ch <- syncStruct{err: err}
|
|
|
|
return
|
|
|
|
}
|
|
|
|
ch <- syncStruct{si: si}
|
|
|
|
}()
|
|
|
|
|
|
|
|
select {
|
|
|
|
case ss := <-ch:
|
|
|
|
if ss.err != nil {
|
|
|
|
return err
|
|
|
|
}
|
2017-04-06 16:44:29 +00:00
|
|
|
logrus.Infof("Received container pid: %d", ss.si.Pid)
|
2016-10-13 06:07:22 +00:00
|
|
|
case <-time.After(ContainerCreateTimeout):
|
|
|
|
return fmt.Errorf("create container timeout")
|
2016-09-15 23:40:44 +00:00
|
|
|
}
|
|
|
|
return nil
|
2016-08-15 22:22:34 +00:00
|
|
|
}
|
|
|
|
|
2017-03-06 23:08:46 +00:00
|
|
|
func createUnitName(prefix string, name string) string {
|
|
|
|
return fmt.Sprintf("%s-%s.scope", prefix, name)
|
|
|
|
}
|
|
|
|
|
2016-08-15 22:22:34 +00:00
|
|
|
// StartContainer starts a container.
|
|
|
|
func (r *Runtime) StartContainer(c *Container) error {
|
2016-12-13 20:50:27 +00:00
|
|
|
c.opLock.Lock()
|
|
|
|
defer c.opLock.Unlock()
|
2017-02-21 10:51:16 +00:00
|
|
|
if err := utils.ExecCmdWithStdStreams(os.Stdin, os.Stdout, os.Stderr, r.Path(c), "start", c.name); err != nil {
|
2016-09-12 22:43:11 +00:00
|
|
|
return err
|
|
|
|
}
|
|
|
|
c.state.Started = time.Now()
|
|
|
|
return nil
|
2016-08-15 22:22:34 +00:00
|
|
|
}
|
|
|
|
|
2016-11-18 22:48:04 +00:00
|
|
|
// ExecSyncResponse is returned from ExecSync.
|
|
|
|
type ExecSyncResponse struct {
|
|
|
|
Stdout []byte
|
|
|
|
Stderr []byte
|
|
|
|
ExitCode int32
|
|
|
|
}
|
|
|
|
|
2016-11-24 09:57:10 +00:00
|
|
|
// ExecSyncError wraps command's streams, exit code and error on ExecSync error.
|
|
|
|
type ExecSyncError struct {
|
|
|
|
Stdout bytes.Buffer
|
|
|
|
Stderr bytes.Buffer
|
|
|
|
ExitCode int32
|
|
|
|
Err error
|
|
|
|
}
|
|
|
|
|
|
|
|
func (e ExecSyncError) Error() string {
|
|
|
|
return fmt.Sprintf("command error: %+v, stdout: %s, stderr: %s, exit code %d", e.Err, e.Stdout.Bytes(), e.Stderr.Bytes(), e.ExitCode)
|
|
|
|
}
|
|
|
|
|
2017-01-10 22:18:14 +00:00
|
|
|
func prepareExec() (pidFile, parentPipe, childPipe *os.File, err error) {
|
|
|
|
parentPipe, childPipe, err = os.Pipe()
|
|
|
|
if err != nil {
|
|
|
|
return nil, nil, nil, err
|
|
|
|
}
|
|
|
|
|
|
|
|
pidFile, err = ioutil.TempFile("", "pidfile")
|
|
|
|
if err != nil {
|
|
|
|
parentPipe.Close()
|
|
|
|
childPipe.Close()
|
|
|
|
return nil, nil, nil, err
|
|
|
|
}
|
|
|
|
|
|
|
|
return
|
|
|
|
}
|
|
|
|
|
2016-11-18 00:40:52 +00:00
|
|
|
// ExecSync execs a command in a container and returns it's stdout, stderr and return code.
|
2016-11-18 22:48:04 +00:00
|
|
|
func (r *Runtime) ExecSync(c *Container, command []string, timeout int64) (resp *ExecSyncResponse, err error) {
|
2017-01-10 22:18:14 +00:00
|
|
|
pidFile, parentPipe, childPipe, err := prepareExec()
|
|
|
|
if err != nil {
|
|
|
|
return nil, ExecSyncError{
|
|
|
|
ExitCode: -1,
|
|
|
|
Err: err,
|
|
|
|
}
|
|
|
|
}
|
|
|
|
defer parentPipe.Close()
|
|
|
|
defer func() {
|
|
|
|
if e := os.Remove(pidFile.Name()); e != nil {
|
|
|
|
logrus.Warnf("could not remove temporary PID file %s", pidFile.Name())
|
|
|
|
}
|
|
|
|
}()
|
|
|
|
|
2016-10-07 15:59:39 +00:00
|
|
|
logFile, err := ioutil.TempFile("", "ocid-log-"+c.name)
|
|
|
|
if err != nil {
|
|
|
|
return nil, ExecSyncError{
|
|
|
|
ExitCode: -1,
|
|
|
|
Err: err,
|
|
|
|
}
|
|
|
|
}
|
|
|
|
logPath := logFile.Name()
|
|
|
|
defer func() {
|
|
|
|
logFile.Close()
|
|
|
|
os.RemoveAll(logPath)
|
|
|
|
}()
|
|
|
|
|
2017-01-10 22:18:14 +00:00
|
|
|
var args []string
|
|
|
|
args = append(args, "-c", c.name)
|
2017-02-21 10:51:16 +00:00
|
|
|
args = append(args, "-r", r.Path(c))
|
2017-01-10 22:18:14 +00:00
|
|
|
args = append(args, "-p", pidFile.Name())
|
|
|
|
args = append(args, "-e")
|
|
|
|
if c.terminal {
|
|
|
|
args = append(args, "-t")
|
|
|
|
}
|
2016-10-07 15:59:39 +00:00
|
|
|
args = append(args, "-l", logPath)
|
2017-01-10 22:18:14 +00:00
|
|
|
|
2016-11-18 00:40:52 +00:00
|
|
|
args = append(args, command...)
|
2017-01-10 22:18:14 +00:00
|
|
|
|
|
|
|
cmd := exec.Command(r.conmonPath, args...)
|
|
|
|
|
2016-11-18 00:40:52 +00:00
|
|
|
var stdoutBuf, stderrBuf bytes.Buffer
|
|
|
|
cmd.Stdout = &stdoutBuf
|
|
|
|
cmd.Stderr = &stderrBuf
|
2017-01-10 22:18:14 +00:00
|
|
|
cmd.ExtraFiles = append(cmd.ExtraFiles, childPipe)
|
|
|
|
// 0, 1 and 2 are stdin, stdout and stderr
|
|
|
|
cmd.Env = append(r.conmonEnv, fmt.Sprintf("_OCI_SYNCPIPE=%d", 3))
|
|
|
|
|
2016-11-18 00:40:52 +00:00
|
|
|
err = cmd.Start()
|
|
|
|
if err != nil {
|
2017-01-10 22:18:14 +00:00
|
|
|
childPipe.Close()
|
2016-11-24 09:57:10 +00:00
|
|
|
return nil, ExecSyncError{
|
|
|
|
Stdout: stdoutBuf,
|
|
|
|
Stderr: stderrBuf,
|
2016-11-18 22:48:04 +00:00
|
|
|
ExitCode: -1,
|
2016-11-24 09:57:10 +00:00
|
|
|
Err: err,
|
|
|
|
}
|
2016-11-18 00:40:52 +00:00
|
|
|
}
|
2016-11-18 22:48:04 +00:00
|
|
|
|
2017-01-10 22:18:14 +00:00
|
|
|
// We don't need childPipe on the parent side
|
|
|
|
childPipe.Close()
|
|
|
|
|
2016-11-18 22:48:04 +00:00
|
|
|
if timeout > 0 {
|
|
|
|
done := make(chan error, 1)
|
|
|
|
go func() {
|
|
|
|
done <- cmd.Wait()
|
|
|
|
}()
|
|
|
|
|
|
|
|
select {
|
|
|
|
case <-time.After(time.Duration(timeout) * time.Second):
|
|
|
|
err = unix.Kill(cmd.Process.Pid, syscall.SIGKILL)
|
|
|
|
if err != nil && err != syscall.ESRCH {
|
2016-11-24 09:57:10 +00:00
|
|
|
return nil, ExecSyncError{
|
|
|
|
Stdout: stdoutBuf,
|
|
|
|
Stderr: stderrBuf,
|
2016-11-18 22:48:04 +00:00
|
|
|
ExitCode: -1,
|
2016-11-24 09:57:10 +00:00
|
|
|
Err: fmt.Errorf("failed to kill process on timeout: %+v", err),
|
|
|
|
}
|
2016-11-18 00:40:52 +00:00
|
|
|
}
|
2016-11-24 09:57:10 +00:00
|
|
|
return nil, ExecSyncError{
|
|
|
|
Stdout: stdoutBuf,
|
|
|
|
Stderr: stderrBuf,
|
2016-11-18 22:48:04 +00:00
|
|
|
ExitCode: -1,
|
2016-11-24 09:57:10 +00:00
|
|
|
Err: fmt.Errorf("command timed out"),
|
|
|
|
}
|
2016-11-18 22:48:04 +00:00
|
|
|
case err = <-done:
|
|
|
|
if err != nil {
|
|
|
|
if exitErr, ok := err.(*exec.ExitError); ok {
|
|
|
|
if status, ok := exitErr.Sys().(syscall.WaitStatus); ok {
|
2016-11-24 09:57:10 +00:00
|
|
|
return nil, ExecSyncError{
|
|
|
|
Stdout: stdoutBuf,
|
|
|
|
Stderr: stderrBuf,
|
2016-11-18 22:48:04 +00:00
|
|
|
ExitCode: int32(status.ExitStatus()),
|
2016-11-24 09:57:10 +00:00
|
|
|
Err: err,
|
|
|
|
}
|
2016-11-18 22:48:04 +00:00
|
|
|
}
|
|
|
|
} else {
|
2016-11-24 09:57:10 +00:00
|
|
|
return nil, ExecSyncError{
|
|
|
|
Stdout: stdoutBuf,
|
|
|
|
Stderr: stderrBuf,
|
2016-11-18 22:48:04 +00:00
|
|
|
ExitCode: -1,
|
2016-11-24 09:57:10 +00:00
|
|
|
Err: err,
|
|
|
|
}
|
2016-11-18 22:48:04 +00:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
}
|
|
|
|
} else {
|
|
|
|
err = cmd.Wait()
|
|
|
|
if err != nil {
|
|
|
|
if exitErr, ok := err.(*exec.ExitError); ok {
|
|
|
|
if status, ok := exitErr.Sys().(syscall.WaitStatus); ok {
|
2016-11-24 09:57:10 +00:00
|
|
|
return nil, ExecSyncError{
|
|
|
|
Stdout: stdoutBuf,
|
|
|
|
Stderr: stderrBuf,
|
2016-11-18 22:48:04 +00:00
|
|
|
ExitCode: int32(status.ExitStatus()),
|
2016-11-24 09:57:10 +00:00
|
|
|
Err: err,
|
|
|
|
}
|
2016-11-18 22:48:04 +00:00
|
|
|
}
|
|
|
|
} else {
|
2016-11-24 09:57:10 +00:00
|
|
|
return nil, ExecSyncError{
|
|
|
|
Stdout: stdoutBuf,
|
|
|
|
Stderr: stderrBuf,
|
2016-11-18 22:48:04 +00:00
|
|
|
ExitCode: -1,
|
2016-11-24 09:57:10 +00:00
|
|
|
Err: err,
|
|
|
|
}
|
2016-11-18 22:48:04 +00:00
|
|
|
}
|
2017-01-10 22:18:14 +00:00
|
|
|
}
|
|
|
|
}
|
2016-11-18 22:48:04 +00:00
|
|
|
|
2017-01-10 22:18:14 +00:00
|
|
|
var ec *exitCodeInfo
|
|
|
|
if err := json.NewDecoder(parentPipe).Decode(&ec); err != nil {
|
|
|
|
return nil, ExecSyncError{
|
|
|
|
Stdout: stdoutBuf,
|
|
|
|
Stderr: stderrBuf,
|
|
|
|
ExitCode: -1,
|
|
|
|
Err: err,
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
logrus.Infof("Received container exit code: %v", ec.ExitCode)
|
|
|
|
|
|
|
|
if ec.ExitCode != 0 {
|
|
|
|
return nil, ExecSyncError{
|
|
|
|
Stdout: stdoutBuf,
|
|
|
|
Stderr: stderrBuf,
|
|
|
|
ExitCode: ec.ExitCode,
|
|
|
|
Err: fmt.Errorf("container workload exited with error %v", ec.ExitCode),
|
2016-11-18 00:40:52 +00:00
|
|
|
}
|
|
|
|
}
|
2016-11-18 22:48:04 +00:00
|
|
|
|
2016-10-07 15:59:39 +00:00
|
|
|
// The actual logged output is not the same as stdoutBuf and stderrBuf,
|
|
|
|
// which are used for getting error information. For the actual
|
|
|
|
// ExecSyncResponse we have to read the logfile.
|
|
|
|
// XXX: Currently runC dups the same console over both stdout and stderr,
|
|
|
|
// so we can't differentiate between the two.
|
|
|
|
|
|
|
|
outputBytes, err := ioutil.ReadFile(logPath)
|
|
|
|
if err != nil {
|
|
|
|
return nil, ExecSyncError{
|
|
|
|
Stdout: stdoutBuf,
|
|
|
|
Stderr: stderrBuf,
|
|
|
|
ExitCode: -1,
|
|
|
|
Err: err,
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2016-11-18 22:48:04 +00:00
|
|
|
return &ExecSyncResponse{
|
2016-10-07 15:59:39 +00:00
|
|
|
Stdout: outputBytes,
|
|
|
|
Stderr: nil,
|
2016-11-18 22:48:04 +00:00
|
|
|
ExitCode: 0,
|
|
|
|
}, nil
|
2016-11-18 00:40:52 +00:00
|
|
|
}
|
|
|
|
|
2016-08-15 22:22:34 +00:00
|
|
|
// StopContainer stops a container.
|
|
|
|
func (r *Runtime) StopContainer(c *Container) error {
|
2016-12-13 20:50:27 +00:00
|
|
|
c.opLock.Lock()
|
|
|
|
defer c.opLock.Unlock()
|
2017-02-21 10:51:16 +00:00
|
|
|
if err := utils.ExecCmdWithStdStreams(os.Stdin, os.Stdout, os.Stderr, r.Path(c), "kill", c.name, "TERM"); err != nil {
|
2016-09-27 18:35:40 +00:00
|
|
|
return err
|
|
|
|
}
|
|
|
|
i := 0
|
|
|
|
for {
|
|
|
|
if i == 1000 {
|
|
|
|
err := unix.Kill(c.state.Pid, syscall.SIGKILL)
|
|
|
|
if err != nil && err != syscall.ESRCH {
|
|
|
|
return fmt.Errorf("failed to kill process: %v", err)
|
|
|
|
}
|
2016-12-14 11:15:20 +00:00
|
|
|
break
|
2016-09-27 18:35:40 +00:00
|
|
|
}
|
|
|
|
// Check if the process is still around
|
|
|
|
err := unix.Kill(c.state.Pid, 0)
|
|
|
|
if err == syscall.ESRCH {
|
|
|
|
break
|
|
|
|
}
|
|
|
|
time.Sleep(10 * time.Millisecond)
|
|
|
|
i++
|
|
|
|
}
|
|
|
|
|
|
|
|
return nil
|
2016-08-01 17:39:42 +00:00
|
|
|
}
|
|
|
|
|
2016-08-16 17:16:05 +00:00
|
|
|
// DeleteContainer deletes a container.
|
|
|
|
func (r *Runtime) DeleteContainer(c *Container) error {
|
2016-12-13 20:50:27 +00:00
|
|
|
c.opLock.Lock()
|
|
|
|
defer c.opLock.Unlock()
|
2017-02-21 10:51:16 +00:00
|
|
|
return utils.ExecCmdWithStdStreams(os.Stdin, os.Stdout, os.Stderr, r.Path(c), "delete", c.name)
|
2016-08-16 17:16:05 +00:00
|
|
|
}
|
|
|
|
|
2016-09-19 07:21:14 +00:00
|
|
|
// UpdateStatus refreshes the status of the container.
|
2016-08-29 18:48:58 +00:00
|
|
|
func (r *Runtime) UpdateStatus(c *Container) error {
|
2016-12-13 20:50:27 +00:00
|
|
|
c.opLock.Lock()
|
|
|
|
defer c.opLock.Unlock()
|
2017-02-21 10:51:16 +00:00
|
|
|
out, err := exec.Command(r.Path(c), "state", c.name).CombinedOutput()
|
2016-08-29 18:48:58 +00:00
|
|
|
if err != nil {
|
2016-12-09 20:53:56 +00:00
|
|
|
return fmt.Errorf("error getting container state for %s: %s: %q", c.name, err, out)
|
2016-08-29 18:48:58 +00:00
|
|
|
}
|
2016-12-09 20:53:56 +00:00
|
|
|
if err := json.NewDecoder(bytes.NewBuffer(out)).Decode(&c.state); err != nil {
|
2016-08-29 18:48:58 +00:00
|
|
|
return fmt.Errorf("failed to decode container status for %s: %s", c.name, err)
|
|
|
|
}
|
2016-09-16 23:32:19 +00:00
|
|
|
|
2016-10-06 22:16:21 +00:00
|
|
|
if c.state.Status == ContainerStateStopped {
|
2016-09-16 23:32:19 +00:00
|
|
|
exitFilePath := filepath.Join(c.bundlePath, "exit")
|
|
|
|
fi, err := os.Stat(exitFilePath)
|
|
|
|
if err != nil {
|
2017-03-14 20:39:09 +00:00
|
|
|
logrus.Warnf("failed to find container exit file: %v", err)
|
|
|
|
c.state.ExitCode = -1
|
|
|
|
} else {
|
|
|
|
st := fi.Sys().(*syscall.Stat_t)
|
|
|
|
c.state.Finished = time.Unix(st.Ctim.Sec, st.Ctim.Nsec)
|
2016-09-16 23:32:19 +00:00
|
|
|
|
2017-03-14 20:39:09 +00:00
|
|
|
statusCodeStr, err := ioutil.ReadFile(exitFilePath)
|
|
|
|
if err != nil {
|
|
|
|
return fmt.Errorf("failed to read exit file: %v", err)
|
|
|
|
}
|
|
|
|
statusCode, err := strconv.Atoi(string(statusCodeStr))
|
|
|
|
if err != nil {
|
|
|
|
return fmt.Errorf("status code conversion failed: %v", err)
|
|
|
|
}
|
|
|
|
c.state.ExitCode = int32(statusCode)
|
2016-09-16 23:32:19 +00:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2016-08-29 18:48:58 +00:00
|
|
|
return nil
|
|
|
|
}
|
|
|
|
|
|
|
|
// ContainerStatus returns the state of a container.
|
2016-08-31 23:32:17 +00:00
|
|
|
func (r *Runtime) ContainerStatus(c *Container) *ContainerState {
|
2016-12-13 20:50:27 +00:00
|
|
|
c.opLock.Lock()
|
|
|
|
defer c.opLock.Unlock()
|
2016-08-29 18:48:58 +00:00
|
|
|
return c.state
|
|
|
|
}
|
|
|
|
|
2016-08-01 17:39:42 +00:00
|
|
|
// Container respresents a runtime container.
|
|
|
|
type Container struct {
|
2016-12-12 10:12:03 +00:00
|
|
|
id string
|
|
|
|
name string
|
|
|
|
bundlePath string
|
|
|
|
logPath string
|
|
|
|
labels fields.Set
|
|
|
|
annotations fields.Set
|
|
|
|
image *pb.ImageSpec
|
|
|
|
sandbox string
|
2016-11-23 17:16:21 +00:00
|
|
|
netns ns.NetNS
|
2016-12-12 10:12:03 +00:00
|
|
|
terminal bool
|
2017-02-21 10:51:16 +00:00
|
|
|
privileged bool
|
2016-12-12 10:12:03 +00:00
|
|
|
state *ContainerState
|
|
|
|
metadata *pb.ContainerMetadata
|
2016-12-13 20:50:27 +00:00
|
|
|
opLock sync.Mutex
|
2016-08-29 18:48:58 +00:00
|
|
|
}
|
|
|
|
|
2016-09-19 07:21:14 +00:00
|
|
|
// ContainerState represents the status of a container.
|
2016-08-31 23:32:17 +00:00
|
|
|
type ContainerState struct {
|
|
|
|
specs.State
|
2016-09-16 23:32:19 +00:00
|
|
|
Created time.Time `json:"created"`
|
|
|
|
Started time.Time `json:"started"`
|
|
|
|
Finished time.Time `json:"finished"`
|
|
|
|
ExitCode int32 `json:"exitCode"`
|
2016-08-01 17:39:42 +00:00
|
|
|
}
|
|
|
|
|
2016-08-15 22:22:34 +00:00
|
|
|
// NewContainer creates a container object.
|
2017-02-21 17:19:06 +00:00
|
|
|
func NewContainer(id string, name string, bundlePath string, logPath string, netns ns.NetNS, labels map[string]string, annotations map[string]string, image *pb.ImageSpec, metadata *pb.ContainerMetadata, sandbox string, terminal bool, privileged bool) (*Container, error) {
|
2016-08-01 17:39:42 +00:00
|
|
|
c := &Container{
|
2016-12-12 10:12:03 +00:00
|
|
|
id: id,
|
|
|
|
name: name,
|
|
|
|
bundlePath: bundlePath,
|
|
|
|
logPath: logPath,
|
|
|
|
labels: labels,
|
|
|
|
sandbox: sandbox,
|
2016-11-23 17:16:21 +00:00
|
|
|
netns: netns,
|
2016-12-12 10:12:03 +00:00
|
|
|
terminal: terminal,
|
2017-02-21 17:19:06 +00:00
|
|
|
privileged: privileged,
|
2016-12-12 10:12:03 +00:00
|
|
|
metadata: metadata,
|
|
|
|
annotations: annotations,
|
|
|
|
image: image,
|
2016-08-01 17:39:42 +00:00
|
|
|
}
|
|
|
|
return c, nil
|
|
|
|
}
|
|
|
|
|
|
|
|
// Name returns the name of the container.
|
|
|
|
func (c *Container) Name() string {
|
|
|
|
return c.name
|
|
|
|
}
|
|
|
|
|
2016-10-04 21:17:15 +00:00
|
|
|
// ID returns the id of the container.
|
|
|
|
func (c *Container) ID() string {
|
|
|
|
return c.id
|
|
|
|
}
|
|
|
|
|
2016-08-01 17:39:42 +00:00
|
|
|
// BundlePath returns the bundlePath of the container.
|
|
|
|
func (c *Container) BundlePath() string {
|
|
|
|
return c.bundlePath
|
|
|
|
}
|
|
|
|
|
|
|
|
// LogPath returns the log path of the container.
|
|
|
|
func (c *Container) LogPath() string {
|
|
|
|
return c.logPath
|
|
|
|
}
|
|
|
|
|
|
|
|
// Labels returns the labels of the container.
|
|
|
|
func (c *Container) Labels() map[string]string {
|
|
|
|
return c.labels
|
|
|
|
}
|
|
|
|
|
2016-12-12 10:12:03 +00:00
|
|
|
// Annotations returns the annotations of the container.
|
|
|
|
func (c *Container) Annotations() map[string]string {
|
|
|
|
return c.annotations
|
|
|
|
}
|
|
|
|
|
|
|
|
// Image returns the image of the container.
|
|
|
|
func (c *Container) Image() *pb.ImageSpec {
|
|
|
|
return c.image
|
|
|
|
}
|
|
|
|
|
2016-08-01 17:39:42 +00:00
|
|
|
// Sandbox returns the sandbox name of the container.
|
|
|
|
func (c *Container) Sandbox() string {
|
|
|
|
return c.sandbox
|
|
|
|
}
|
2016-08-31 23:38:14 +00:00
|
|
|
|
|
|
|
// NetNsPath returns the path to the network namespace of the container.
|
|
|
|
func (c *Container) NetNsPath() (string, error) {
|
|
|
|
if c.state == nil {
|
|
|
|
return "", fmt.Errorf("container state is not populated")
|
|
|
|
}
|
2016-11-23 17:16:21 +00:00
|
|
|
|
|
|
|
if c.netns == nil {
|
|
|
|
return fmt.Sprintf("/proc/%d/ns/net", c.state.Pid), nil
|
|
|
|
}
|
|
|
|
|
|
|
|
return c.netns.Path(), nil
|
2016-08-31 23:38:14 +00:00
|
|
|
}
|
2016-09-15 23:40:44 +00:00
|
|
|
|
2016-10-26 11:23:53 +00:00
|
|
|
// Metadata returns the metadata of the container.
|
|
|
|
func (c *Container) Metadata() *pb.ContainerMetadata {
|
|
|
|
return c.metadata
|
|
|
|
}
|
|
|
|
|
2016-09-15 23:40:44 +00:00
|
|
|
// newPipe creates a unix socket pair for communication
|
|
|
|
func newPipe() (parent *os.File, child *os.File, err error) {
|
|
|
|
fds, err := syscall.Socketpair(syscall.AF_LOCAL, syscall.SOCK_STREAM|syscall.SOCK_CLOEXEC, 0)
|
|
|
|
if err != nil {
|
|
|
|
return nil, nil, err
|
|
|
|
}
|
|
|
|
return os.NewFile(uintptr(fds[1]), "parent"), os.NewFile(uintptr(fds[0]), "child"), nil
|
|
|
|
}
|
2016-11-18 15:03:13 +00:00
|
|
|
|
|
|
|
// RuntimeReady checks if the runtime is up and ready to accept
|
|
|
|
// basic containers e.g. container only needs host network.
|
|
|
|
func (r *Runtime) RuntimeReady() (bool, error) {
|
|
|
|
return true, nil
|
|
|
|
}
|
|
|
|
|
|
|
|
// NetworkReady checks if the runtime network is up and ready to
|
|
|
|
// accept containers which require container network.
|
|
|
|
func (r *Runtime) NetworkReady() (bool, error) {
|
|
|
|
return true, nil
|
|
|
|
}
|