2016-07-08 19:04:00 +00:00
|
|
|
package server
|
|
|
|
|
2016-07-29 22:35:10 +00:00
|
|
|
import (
|
2016-09-18 14:35:17 +00:00
|
|
|
"encoding/json"
|
2016-08-01 23:50:45 +00:00
|
|
|
"fmt"
|
2016-09-18 14:35:17 +00:00
|
|
|
"io/ioutil"
|
2016-08-04 14:34:30 +00:00
|
|
|
"os"
|
2016-09-18 14:35:17 +00:00
|
|
|
"path/filepath"
|
2016-09-17 14:10:35 +00:00
|
|
|
"sync"
|
2016-11-23 09:41:48 +00:00
|
|
|
"syscall"
|
2016-08-01 23:50:45 +00:00
|
|
|
|
2016-09-18 14:35:17 +00:00
|
|
|
"github.com/Sirupsen/logrus"
|
2016-09-20 08:27:11 +00:00
|
|
|
"github.com/docker/docker/pkg/registrar"
|
|
|
|
"github.com/docker/docker/pkg/truncindex"
|
2016-09-26 23:55:12 +00:00
|
|
|
"github.com/kubernetes-incubator/cri-o/oci"
|
2016-11-29 12:34:15 +00:00
|
|
|
"github.com/kubernetes-incubator/cri-o/server/apparmor"
|
2016-11-23 09:41:48 +00:00
|
|
|
"github.com/kubernetes-incubator/cri-o/server/seccomp"
|
2016-10-05 13:29:30 +00:00
|
|
|
"github.com/opencontainers/runc/libcontainer/label"
|
2016-09-20 08:27:11 +00:00
|
|
|
rspec "github.com/opencontainers/runtime-spec/specs-go"
|
2016-09-02 19:38:42 +00:00
|
|
|
"github.com/rajatchopra/ocicni"
|
2016-10-26 11:23:53 +00:00
|
|
|
pb "k8s.io/kubernetes/pkg/kubelet/api/v1alpha1/runtime"
|
2016-07-29 22:35:10 +00:00
|
|
|
)
|
|
|
|
|
2016-07-19 18:53:57 +00:00
|
|
|
const (
|
|
|
|
runtimeAPIVersion = "v1alpha1"
|
2016-07-08 19:04:00 +00:00
|
|
|
)
|
|
|
|
|
2016-07-19 18:53:57 +00:00
|
|
|
// Server implements the RuntimeService and ImageService
|
|
|
|
type Server struct {
|
2016-10-10 09:57:40 +00:00
|
|
|
config Config
|
2016-09-20 08:27:11 +00:00
|
|
|
runtime *oci.Runtime
|
|
|
|
stateLock sync.Mutex
|
|
|
|
state *serverState
|
|
|
|
netPlugin ocicni.CNIPlugin
|
|
|
|
podNameIndex *registrar.Registrar
|
|
|
|
podIDIndex *truncindex.TruncIndex
|
2016-10-04 23:00:04 +00:00
|
|
|
ctrNameIndex *registrar.Registrar
|
|
|
|
ctrIDIndex *truncindex.TruncIndex
|
2016-11-23 09:41:48 +00:00
|
|
|
|
|
|
|
seccompEnabled bool
|
|
|
|
seccompProfile seccomp.Seccomp
|
2016-11-29 12:34:15 +00:00
|
|
|
|
|
|
|
appArmorEnabled bool
|
2016-11-30 08:19:36 +00:00
|
|
|
appArmorProfile string
|
2016-07-08 19:04:00 +00:00
|
|
|
}
|
|
|
|
|
2016-10-07 14:20:04 +00:00
|
|
|
func (s *Server) loadContainer(id string) error {
|
|
|
|
config, err := ioutil.ReadFile(filepath.Join(s.runtime.ContainerDir(), id, "config.json"))
|
|
|
|
if err != nil {
|
|
|
|
return err
|
|
|
|
}
|
|
|
|
var m rspec.Spec
|
|
|
|
if err = json.Unmarshal(config, &m); err != nil {
|
|
|
|
return err
|
|
|
|
}
|
|
|
|
labels := make(map[string]string)
|
|
|
|
if err = json.Unmarshal([]byte(m.Annotations["ocid/labels"]), &labels); err != nil {
|
|
|
|
return err
|
|
|
|
}
|
|
|
|
name := m.Annotations["ocid/name"]
|
|
|
|
name, err = s.reserveContainerName(id, name)
|
|
|
|
if err != nil {
|
|
|
|
return err
|
|
|
|
}
|
2016-10-26 11:23:53 +00:00
|
|
|
var metadata pb.ContainerMetadata
|
|
|
|
if err = json.Unmarshal([]byte(m.Annotations["ocid/metadata"]), &metadata); err != nil {
|
|
|
|
return err
|
|
|
|
}
|
2016-10-07 14:20:04 +00:00
|
|
|
sb := s.getSandbox(m.Annotations["ocid/sandbox_id"])
|
|
|
|
if sb == nil {
|
|
|
|
logrus.Warnf("could not get sandbox with id %s, skipping", m.Annotations["ocid/sandbox_id"])
|
2016-10-11 22:36:34 +00:00
|
|
|
return nil
|
2016-10-07 14:20:04 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
var tty bool
|
|
|
|
if v := m.Annotations["ocid/tty"]; v == "true" {
|
|
|
|
tty = true
|
|
|
|
}
|
|
|
|
containerPath := filepath.Join(s.runtime.ContainerDir(), id)
|
|
|
|
|
2016-12-12 10:12:03 +00:00
|
|
|
var img *pb.ImageSpec
|
|
|
|
image, ok := m.Annotations["ocid/image"]
|
|
|
|
if ok {
|
|
|
|
img = &pb.ImageSpec{
|
|
|
|
Image: &image,
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
annotations := make(map[string]string)
|
|
|
|
if err = json.Unmarshal([]byte(m.Annotations["ocid/annotations"]), &annotations); err != nil {
|
|
|
|
return err
|
|
|
|
}
|
|
|
|
|
2016-11-23 17:16:21 +00:00
|
|
|
ctr, err := oci.NewContainer(id, name, containerPath, m.Annotations["ocid/log_path"], sb.netNs(), labels, annotations, img, &metadata, sb.id, tty)
|
2016-10-07 14:20:04 +00:00
|
|
|
if err != nil {
|
|
|
|
return err
|
|
|
|
}
|
|
|
|
s.addContainer(ctr)
|
|
|
|
if err = s.runtime.UpdateStatus(ctr); err != nil {
|
|
|
|
logrus.Warnf("error updating status for container %s: %v", ctr.ID(), err)
|
|
|
|
}
|
|
|
|
if err = s.ctrIDIndex.Add(id); err != nil {
|
|
|
|
return err
|
|
|
|
}
|
|
|
|
return nil
|
|
|
|
}
|
|
|
|
|
2016-11-23 17:16:21 +00:00
|
|
|
func configNetNsPath(spec rspec.Spec) (string, error) {
|
|
|
|
for _, ns := range spec.Linux.Namespaces {
|
|
|
|
if ns.Type != rspec.NetworkNamespace {
|
|
|
|
continue
|
|
|
|
}
|
|
|
|
|
|
|
|
if ns.Path == "" {
|
|
|
|
return "", fmt.Errorf("empty networking namespace")
|
|
|
|
}
|
|
|
|
|
|
|
|
return ns.Path, nil
|
|
|
|
}
|
|
|
|
|
|
|
|
return "", fmt.Errorf("missing networking namespace")
|
|
|
|
}
|
|
|
|
|
2016-09-19 07:39:13 +00:00
|
|
|
func (s *Server) loadSandbox(id string) error {
|
2016-10-10 09:57:40 +00:00
|
|
|
config, err := ioutil.ReadFile(filepath.Join(s.config.SandboxDir, id, "config.json"))
|
2016-09-19 07:39:13 +00:00
|
|
|
if err != nil {
|
|
|
|
return err
|
|
|
|
}
|
2016-09-20 08:27:11 +00:00
|
|
|
var m rspec.Spec
|
|
|
|
if err = json.Unmarshal(config, &m); err != nil {
|
2016-09-19 07:39:13 +00:00
|
|
|
return err
|
|
|
|
}
|
2016-09-20 08:27:11 +00:00
|
|
|
labels := make(map[string]string)
|
|
|
|
if err = json.Unmarshal([]byte(m.Annotations["ocid/labels"]), &labels); err != nil {
|
|
|
|
return err
|
|
|
|
}
|
|
|
|
name := m.Annotations["ocid/name"]
|
2016-09-20 08:16:59 +00:00
|
|
|
name, err = s.reservePodName(id, name)
|
|
|
|
if err != nil {
|
|
|
|
return err
|
|
|
|
}
|
2016-10-26 11:23:53 +00:00
|
|
|
var metadata pb.PodSandboxMetadata
|
|
|
|
if err = json.Unmarshal([]byte(m.Annotations["ocid/metadata"]), &metadata); err != nil {
|
|
|
|
return err
|
|
|
|
}
|
2016-10-05 13:29:30 +00:00
|
|
|
|
|
|
|
processLabel, mountLabel, err := label.InitLabels(label.DupSecOpt(m.Process.SelinuxLabel))
|
|
|
|
if err != nil {
|
|
|
|
return err
|
|
|
|
}
|
2016-10-24 12:01:01 +00:00
|
|
|
|
2016-11-01 05:49:21 +00:00
|
|
|
annotations := make(map[string]string)
|
|
|
|
if err = json.Unmarshal([]byte(m.Annotations["ocid/annotations"]), &annotations); err != nil {
|
|
|
|
return err
|
|
|
|
}
|
|
|
|
|
2016-10-24 12:01:01 +00:00
|
|
|
sb := &sandbox{
|
2016-10-05 13:29:30 +00:00
|
|
|
id: id,
|
|
|
|
name: name,
|
|
|
|
logDir: m.Annotations["ocid/log_path"],
|
|
|
|
labels: labels,
|
|
|
|
containers: oci.NewMemoryStore(),
|
|
|
|
processLabel: processLabel,
|
|
|
|
mountLabel: mountLabel,
|
2016-11-01 05:49:21 +00:00
|
|
|
annotations: annotations,
|
2016-10-26 11:23:53 +00:00
|
|
|
metadata: &metadata,
|
2016-12-08 23:32:17 +00:00
|
|
|
shmPath: m.Annotations["ocid/shm_path"],
|
2016-10-24 12:01:01 +00:00
|
|
|
}
|
2016-11-23 17:16:21 +00:00
|
|
|
|
|
|
|
// We add a netNS only if we can load a permanent one.
|
|
|
|
// Otherwise, the sandbox will live in the host namespace.
|
|
|
|
netNsPath, err := configNetNsPath(m)
|
|
|
|
if err == nil {
|
2016-12-12 15:37:03 +00:00
|
|
|
netNS, nsErr := netNsGet(netNsPath, sb.name)
|
2016-11-23 17:16:21 +00:00
|
|
|
// If we can't load the networking namespace
|
|
|
|
// because it's closed, we just set the sb netns
|
|
|
|
// pointer to nil. Otherwise we return an error.
|
|
|
|
if nsErr != nil && nsErr != errSandboxClosedNetNS {
|
|
|
|
return nsErr
|
|
|
|
}
|
|
|
|
|
|
|
|
sb.netns = netNS
|
|
|
|
}
|
|
|
|
|
2016-10-24 12:01:01 +00:00
|
|
|
s.addSandbox(sb)
|
|
|
|
|
2016-10-10 09:57:40 +00:00
|
|
|
sandboxPath := filepath.Join(s.config.SandboxDir, id)
|
2016-10-05 13:29:30 +00:00
|
|
|
|
2016-12-08 23:40:59 +00:00
|
|
|
if err = label.ReserveLabel(processLabel); err != nil {
|
2016-10-07 14:20:04 +00:00
|
|
|
return err
|
|
|
|
}
|
|
|
|
|
|
|
|
cname, err := s.reserveContainerName(m.Annotations["ocid/container_id"], m.Annotations["ocid/container_name"])
|
|
|
|
if err != nil {
|
|
|
|
return err
|
|
|
|
}
|
2016-11-23 17:16:21 +00:00
|
|
|
scontainer, err := oci.NewContainer(m.Annotations["ocid/container_id"], cname, sandboxPath, sandboxPath, sb.netNs(), labels, annotations, nil, nil, id, false)
|
2016-09-19 07:39:13 +00:00
|
|
|
if err != nil {
|
|
|
|
return err
|
|
|
|
}
|
2016-10-24 12:01:01 +00:00
|
|
|
sb.infraContainer = scontainer
|
2016-09-19 07:39:13 +00:00
|
|
|
if err = s.runtime.UpdateStatus(scontainer); err != nil {
|
2016-10-07 14:20:04 +00:00
|
|
|
logrus.Warnf("error updating status for container %s: %v", scontainer.ID(), err)
|
|
|
|
}
|
|
|
|
if err = s.ctrIDIndex.Add(scontainer.ID()); err != nil {
|
|
|
|
return err
|
2016-09-19 07:39:13 +00:00
|
|
|
}
|
2016-09-20 08:16:59 +00:00
|
|
|
if err = s.podIDIndex.Add(id); err != nil {
|
|
|
|
return err
|
|
|
|
}
|
2016-09-19 07:39:13 +00:00
|
|
|
return nil
|
|
|
|
}
|
|
|
|
|
2016-10-07 14:20:04 +00:00
|
|
|
func (s *Server) restore() {
|
2016-10-10 09:57:40 +00:00
|
|
|
sandboxDir, err := ioutil.ReadDir(s.config.SandboxDir)
|
2016-10-08 12:36:14 +00:00
|
|
|
if err != nil && !os.IsNotExist(err) {
|
2016-10-07 14:20:04 +00:00
|
|
|
logrus.Warnf("could not read sandbox directory %s: %v", sandboxDir, err)
|
2016-09-19 07:39:13 +00:00
|
|
|
}
|
2016-10-07 14:20:04 +00:00
|
|
|
for _, v := range sandboxDir {
|
|
|
|
if !v.IsDir() {
|
|
|
|
continue
|
|
|
|
}
|
|
|
|
if err = s.loadSandbox(v.Name()); err != nil {
|
|
|
|
logrus.Warnf("could not restore sandbox %s: %v", v.Name(), err)
|
|
|
|
}
|
|
|
|
}
|
|
|
|
containerDir, err := ioutil.ReadDir(s.runtime.ContainerDir())
|
2016-10-08 12:36:14 +00:00
|
|
|
if err != nil && !os.IsNotExist(err) {
|
2016-10-07 14:20:04 +00:00
|
|
|
logrus.Warnf("could not read container directory %s: %v", s.runtime.ContainerDir(), err)
|
|
|
|
}
|
|
|
|
for _, v := range containerDir {
|
|
|
|
if !v.IsDir() {
|
|
|
|
continue
|
|
|
|
}
|
|
|
|
if err := s.loadContainer(v.Name()); err != nil {
|
|
|
|
logrus.Warnf("could not restore container %s: %v", v.Name(), err)
|
|
|
|
|
2016-09-18 14:35:17 +00:00
|
|
|
}
|
2016-09-19 07:39:13 +00:00
|
|
|
}
|
2016-09-18 14:35:17 +00:00
|
|
|
}
|
|
|
|
|
2016-09-20 08:27:11 +00:00
|
|
|
func (s *Server) reservePodName(id, name string) (string, error) {
|
|
|
|
if err := s.podNameIndex.Reserve(name, id); err != nil {
|
|
|
|
if err == registrar.ErrNameReserved {
|
|
|
|
id, err := s.podNameIndex.Get(name)
|
|
|
|
if err != nil {
|
2016-12-11 16:46:37 +00:00
|
|
|
logrus.Warnf("conflict, pod name %q already reserved", name)
|
2016-09-20 08:27:11 +00:00
|
|
|
return "", err
|
|
|
|
}
|
2016-12-11 16:46:37 +00:00
|
|
|
return "", fmt.Errorf("conflict, name %q already reserved for pod %q", name, id)
|
2016-09-20 08:27:11 +00:00
|
|
|
}
|
2016-12-11 16:46:37 +00:00
|
|
|
return "", fmt.Errorf("error reserving pod name %q", name)
|
2016-09-20 08:27:11 +00:00
|
|
|
}
|
|
|
|
return name, nil
|
|
|
|
}
|
|
|
|
|
2016-09-26 22:35:34 +00:00
|
|
|
func (s *Server) releasePodName(name string) {
|
|
|
|
s.podNameIndex.Release(name)
|
|
|
|
}
|
|
|
|
|
2016-10-04 23:00:04 +00:00
|
|
|
func (s *Server) reserveContainerName(id, name string) (string, error) {
|
|
|
|
if err := s.ctrNameIndex.Reserve(name, id); err != nil {
|
|
|
|
if err == registrar.ErrNameReserved {
|
|
|
|
id, err := s.ctrNameIndex.Get(name)
|
|
|
|
if err != nil {
|
2016-12-11 16:46:37 +00:00
|
|
|
logrus.Warnf("conflict, ctr name %q already reserved", name)
|
2016-10-04 23:00:04 +00:00
|
|
|
return "", err
|
|
|
|
}
|
2016-12-11 16:46:37 +00:00
|
|
|
return "", fmt.Errorf("conflict, name %q already reserved for ctr %q", name, id)
|
2016-10-04 23:00:04 +00:00
|
|
|
}
|
2016-12-11 16:46:37 +00:00
|
|
|
return "", fmt.Errorf("error reserving ctr name %s", name)
|
2016-10-04 23:00:04 +00:00
|
|
|
}
|
|
|
|
return name, nil
|
|
|
|
}
|
|
|
|
|
|
|
|
func (s *Server) releaseContainerName(name string) {
|
|
|
|
s.ctrNameIndex.Release(name)
|
|
|
|
}
|
|
|
|
|
2016-11-23 09:41:48 +00:00
|
|
|
const (
|
|
|
|
// SeccompModeFilter refers to the syscall argument SECCOMP_MODE_FILTER.
|
|
|
|
SeccompModeFilter = uintptr(2)
|
|
|
|
)
|
|
|
|
|
|
|
|
func seccompEnabled() bool {
|
|
|
|
var enabled bool
|
|
|
|
// Check if Seccomp is supported, via CONFIG_SECCOMP.
|
|
|
|
if _, _, err := syscall.RawSyscall(syscall.SYS_PRCTL, syscall.PR_GET_SECCOMP, 0, 0); err != syscall.EINVAL {
|
|
|
|
// Make sure the kernel has CONFIG_SECCOMP_FILTER.
|
|
|
|
if _, _, err := syscall.RawSyscall(syscall.SYS_PRCTL, syscall.PR_SET_SECCOMP, SeccompModeFilter, 0); err != syscall.EINVAL {
|
|
|
|
enabled = true
|
|
|
|
}
|
|
|
|
}
|
|
|
|
return enabled
|
|
|
|
}
|
|
|
|
|
2016-07-19 18:53:57 +00:00
|
|
|
// New creates a new Server with options provided
|
2016-10-10 09:57:40 +00:00
|
|
|
func New(config *Config) (*Server, error) {
|
2016-10-21 09:50:49 +00:00
|
|
|
if err := os.MkdirAll(config.ImageDir, 0755); err != nil {
|
2016-08-04 14:34:30 +00:00
|
|
|
return nil, err
|
|
|
|
}
|
|
|
|
|
2016-10-10 09:57:40 +00:00
|
|
|
if err := os.MkdirAll(config.SandboxDir, 0755); err != nil {
|
2016-09-18 15:00:37 +00:00
|
|
|
return nil, err
|
|
|
|
}
|
|
|
|
|
2016-12-19 23:05:32 +00:00
|
|
|
r, err := oci.New(config.Runtime, config.ContainerDir, config.Conmon, config.ConmonEnv, config.CgroupManager)
|
2016-07-19 18:53:57 +00:00
|
|
|
if err != nil {
|
2016-07-29 22:35:10 +00:00
|
|
|
return nil, err
|
2016-07-19 18:53:57 +00:00
|
|
|
}
|
2016-08-01 23:05:37 +00:00
|
|
|
sandboxes := make(map[string]*sandbox)
|
2016-09-19 11:09:30 +00:00
|
|
|
containers := oci.NewMemoryStore()
|
2016-12-17 11:23:07 +00:00
|
|
|
netPlugin, err := ocicni.InitCNI(config.NetworkDir)
|
2016-09-02 19:38:42 +00:00
|
|
|
if err != nil {
|
|
|
|
return nil, err
|
|
|
|
}
|
2016-09-18 14:35:17 +00:00
|
|
|
s := &Server{
|
2016-10-10 09:57:40 +00:00
|
|
|
runtime: r,
|
|
|
|
netPlugin: netPlugin,
|
|
|
|
config: *config,
|
2016-08-01 23:05:37 +00:00
|
|
|
state: &serverState{
|
2016-08-01 17:39:42 +00:00
|
|
|
sandboxes: sandboxes,
|
|
|
|
containers: containers,
|
2016-08-01 23:05:37 +00:00
|
|
|
},
|
2016-11-29 12:34:15 +00:00
|
|
|
seccompEnabled: seccompEnabled(),
|
|
|
|
appArmorEnabled: apparmor.IsEnabled(),
|
2016-12-12 07:55:17 +00:00
|
|
|
appArmorProfile: config.ApparmorProfile,
|
2016-11-23 09:41:48 +00:00
|
|
|
}
|
|
|
|
seccompProfile, err := ioutil.ReadFile(config.SeccompProfile)
|
|
|
|
if err != nil {
|
|
|
|
return nil, fmt.Errorf("opening seccomp profile (%s) failed: %v", config.SeccompProfile, err)
|
|
|
|
}
|
|
|
|
var seccompConfig seccomp.Seccomp
|
|
|
|
if err := json.Unmarshal(seccompProfile, &seccompConfig); err != nil {
|
|
|
|
return nil, fmt.Errorf("decoding seccomp profile failed: %v", err)
|
2016-09-18 14:35:17 +00:00
|
|
|
}
|
2016-11-23 09:41:48 +00:00
|
|
|
s.seccompProfile = seccompConfig
|
2016-10-04 23:00:04 +00:00
|
|
|
|
2016-12-12 07:55:17 +00:00
|
|
|
if s.appArmorEnabled && s.appArmorProfile == apparmor.DefaultApparmorProfile {
|
|
|
|
if err := apparmor.EnsureDefaultApparmorProfile(); err != nil {
|
|
|
|
return nil, fmt.Errorf("ensuring the default apparmor profile is installed failed: %v", err)
|
|
|
|
}
|
2016-11-29 12:34:15 +00:00
|
|
|
}
|
|
|
|
|
2016-09-20 08:27:11 +00:00
|
|
|
s.podIDIndex = truncindex.NewTruncIndex([]string{})
|
|
|
|
s.podNameIndex = registrar.NewRegistrar()
|
2016-10-04 23:00:04 +00:00
|
|
|
s.ctrIDIndex = truncindex.NewTruncIndex([]string{})
|
|
|
|
s.ctrNameIndex = registrar.NewRegistrar()
|
|
|
|
|
2016-10-07 14:20:04 +00:00
|
|
|
s.restore()
|
|
|
|
|
2016-09-18 14:35:17 +00:00
|
|
|
logrus.Debugf("sandboxes: %v", s.state.sandboxes)
|
|
|
|
logrus.Debugf("containers: %v", s.state.containers)
|
|
|
|
return s, nil
|
2016-07-08 19:04:00 +00:00
|
|
|
}
|
2016-07-20 01:30:05 +00:00
|
|
|
|
2016-08-01 23:05:37 +00:00
|
|
|
type serverState struct {
|
2016-08-01 17:39:42 +00:00
|
|
|
sandboxes map[string]*sandbox
|
2016-09-19 11:09:30 +00:00
|
|
|
containers oci.Store
|
2016-08-01 23:05:37 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
func (s *Server) addSandbox(sb *sandbox) {
|
2016-09-17 14:10:35 +00:00
|
|
|
s.stateLock.Lock()
|
2016-09-20 08:27:11 +00:00
|
|
|
s.state.sandboxes[sb.id] = sb
|
2016-09-17 14:10:35 +00:00
|
|
|
s.stateLock.Unlock()
|
|
|
|
}
|
|
|
|
|
2016-09-20 08:27:11 +00:00
|
|
|
func (s *Server) getSandbox(id string) *sandbox {
|
2016-09-17 14:10:35 +00:00
|
|
|
s.stateLock.Lock()
|
2016-09-20 08:27:11 +00:00
|
|
|
sb := s.state.sandboxes[id]
|
2016-09-17 14:10:35 +00:00
|
|
|
s.stateLock.Unlock()
|
|
|
|
return sb
|
2016-08-01 23:05:37 +00:00
|
|
|
}
|
2016-08-01 17:39:42 +00:00
|
|
|
|
2016-09-20 08:27:11 +00:00
|
|
|
func (s *Server) hasSandbox(id string) bool {
|
2016-09-17 14:10:35 +00:00
|
|
|
s.stateLock.Lock()
|
2016-09-20 08:27:11 +00:00
|
|
|
_, ok := s.state.sandboxes[id]
|
2016-09-17 14:10:35 +00:00
|
|
|
s.stateLock.Unlock()
|
2016-08-01 17:39:42 +00:00
|
|
|
return ok
|
|
|
|
}
|
|
|
|
|
2016-09-27 08:40:08 +00:00
|
|
|
func (s *Server) removeSandbox(id string) {
|
|
|
|
s.stateLock.Lock()
|
|
|
|
delete(s.state.sandboxes, id)
|
|
|
|
s.stateLock.Unlock()
|
|
|
|
}
|
|
|
|
|
2016-08-01 17:39:42 +00:00
|
|
|
func (s *Server) addContainer(c *oci.Container) {
|
2016-09-17 14:10:35 +00:00
|
|
|
s.stateLock.Lock()
|
2016-08-01 17:39:42 +00:00
|
|
|
sandbox := s.state.sandboxes[c.Sandbox()]
|
2016-09-20 08:27:11 +00:00
|
|
|
// TODO(runcom): handle !ok above!!! otherwise it panics!
|
2016-08-01 17:39:42 +00:00
|
|
|
sandbox.addContainer(c)
|
2016-10-04 23:50:29 +00:00
|
|
|
s.state.containers.Add(c.ID(), c)
|
2016-09-17 14:10:35 +00:00
|
|
|
s.stateLock.Unlock()
|
|
|
|
}
|
|
|
|
|
2016-10-04 23:50:29 +00:00
|
|
|
func (s *Server) getContainer(id string) *oci.Container {
|
2016-09-17 14:10:35 +00:00
|
|
|
s.stateLock.Lock()
|
2016-10-04 23:50:29 +00:00
|
|
|
c := s.state.containers.Get(id)
|
2016-09-17 14:10:35 +00:00
|
|
|
s.stateLock.Unlock()
|
|
|
|
return c
|
2016-08-01 17:39:42 +00:00
|
|
|
}
|
2016-08-25 19:14:59 +00:00
|
|
|
|
|
|
|
func (s *Server) removeContainer(c *oci.Container) {
|
2016-09-17 14:10:35 +00:00
|
|
|
s.stateLock.Lock()
|
2016-08-25 19:14:59 +00:00
|
|
|
sandbox := s.state.sandboxes[c.Sandbox()]
|
|
|
|
sandbox.removeContainer(c)
|
2016-10-04 23:50:29 +00:00
|
|
|
s.state.containers.Delete(c.ID())
|
2016-09-17 14:10:35 +00:00
|
|
|
s.stateLock.Unlock()
|
2016-08-25 19:14:59 +00:00
|
|
|
}
|