Add support for oci-hooks to libkpod

Add new directory /etc/crio/hooks.d, where packagers can drop a json config file to specify a hook. The json must specify a valid executable to run. The json must also specify which stage(s) to run the hook: prestart, poststart, poststop The json must specify under which criteria the hook should be launched If the container HasBindMounts If the container cmd matches a list of regular expressions If the containers annotations matches a list of regular expressions. If any of these match the the hook will be launched. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
2017-08-12 10:29:22 +00:00 · 2017-08-12 10:29:22 +00:00 · 139d0841e8
commit 139d0841e8
parent 8538c4067a
13 changed files with 365 additions and 1 deletions
--- a/libkpod/container_server.go
+++ b/libkpod/container_server.go
@ -36,6 +36,7 @@ type ContainerServer struct {
 	ctrIDIndex           *truncindex.TruncIndex
 	podNameIndex         *registrar.Registrar
 	podIDIndex           *truncindex.TruncIndex
+	hooks                map[string]HookParams

 	imageContext *types.SystemContext
 	stateLock    sync.Locker
@ -48,6 +49,11 @@ func (c *ContainerServer) Runtime() *oci.Runtime {
 	return c.runtime
 }

+// Hooks returns the oci hooks for the ContainerServer
+func (c *ContainerServer) Hooks() map[string]HookParams {
+	return c.hooks
+}
+
 // Store returns the Store for the ContainerServer
 func (c *ContainerServer) Store() cstorage.Store {
 	return c.store
@ -131,6 +137,21 @@ func New(config *Config) (*ContainerServer, error) {
 		lock = new(sync.Mutex)
 	}

+	hooks := make(map[string]HookParams)
+	// If hooks directory is set in config use it
+	if config.HooksDirPath != "" {
+		if err := readHooks(config.HooksDirPath, hooks); err != nil {
+			return nil, err
+		}
+		// If user overrode default hooks, this means it is in a test, so don't
+		// use OverrideHooksDirPath
+		if config.HooksDirPath == DefaultHooksDirPath {
+			if err := readHooks(OverrideHooksDirPath, hooks); err != nil {
+				return nil, err
+			}
+		}
+	}
+
 	return &ContainerServer{
 		runtime:              runtime,
 		store:                store,
@ -141,6 +162,7 @@ func New(config *Config) (*ContainerServer, error) {
 		podNameIndex:         registrar.NewRegistrar(),
 		podIDIndex:           truncindex.NewTruncIndex([]string{}),
 		imageContext:         &types.SystemContext{SignaturePolicyPath: config.SignaturePolicyPath},
+		hooks:                hooks,
 		stateLock:            lock,
 		state: &containerServerState{
 			containers:      oci.NewMemoryStore(),