vbatts/cri-o
1
0
Fork 0
Code Issues Pull requests Releases Wiki Activity

Merge bff62b1bb2 into 77561e95cf

Browse source
This commit is contained in:
Mrunal Patel 2018-01-19 00:30:24 +00:00 committed by GitHub
commit 5ecc51d376
11 changed files with 52 additions and 8 deletions
Download patch file Download diff file Expand all files Collapse all files

1
README.md
View file

@ -83,6 +83,7 @@ For sync communication we have an IRC channel #CRI-O, on chat.freenode.net, that
- socat - socat
- iproute - iproute
- iptables - iptables
- strace (required for debugging using cri-o strace annotation)
Latest version of `runc` is expected to be installed on the system. It is picked up as the default runtime by CRI-O. Latest version of `runc` is expected to be installed on the system. It is picked up as the default runtime by CRI-O.

7
cmd/crio/main.go
View file

@ -147,6 +147,9 @@ func mergeConfig(config *server.Config, ctx *cli.Context) error {
if ctx.GlobalIsSet("image-volumes") { if ctx.GlobalIsSet("image-volumes") {
config.ImageVolumes = lib.ImageVolumesType(ctx.GlobalString("image-volumes")) config.ImageVolumes = lib.ImageVolumesType(ctx.GlobalString("image-volumes"))
} }
if ctx.GlobalIsSet("allow-strace") {
config.AllowStrace = ctx.GlobalBool("allow-strace")
}
return nil return nil
} }
@ -351,6 +354,10 @@ func main() {
Value: 9090, Value: 9090,
Usage: "port for the metrics endpoint", Usage: "port for the metrics endpoint",
}, },
cli.BoolFlag{
Name: "allow-strace",
Usage: "allow the cri-o strace annotation/label to take effect",
},
} }
sort.Sort(cli.FlagsByName(app.Flags)) sort.Sort(cli.FlagsByName(app.Flags))

2
docs/crio.8.md
View file

@ -120,6 +120,8 @@ crio [GLOBAL OPTIONS] config [OPTIONS]
**--cpu-profile**: Set the CPU profile file path **--cpu-profile**: Set the CPU profile file path
**--allow-strace**: Allow strace for containers when the strace annotation/label "io.kubernetes.cri-o.Strace=true" is set
**--version, -v**: Print the version **--version, -v**: Print the version
# COMMANDS # COMMANDS

4
lib/config.go
View file

@ -168,6 +168,10 @@ type RuntimeConfig struct {
// ContainerExitsDir is the directory in which container exit files are // ContainerExitsDir is the directory in which container exit files are
// written to by conmon. // written to by conmon.
ContainerExitsDir string `toml:"container_exits_dir"` ContainerExitsDir string `toml:"container_exits_dir"`
// AllowStrace determinates whether strace is started for a container
// which has the CRI-O strace annotation/label "io.kubernetes.cri-o.Strace=true".
AllowStrace bool `toml:"allow_strace"`
} }
// ImageConfig represents the "crio.image" TOML config table. // ImageConfig represents the "crio.image" TOML config table.

4
lib/container_server.go
View file

@ -389,7 +389,7 @@ func (c *ContainerServer) LoadSandbox(id string) error {
return err return err
} }
scontainer, err := oci.NewContainer(m.Annotations[annotations.ContainerID], cname, sandboxPath, m.Annotations[annotations.LogPath], sb.NetNs(), labels, m.Annotations, kubeAnnotations, "", "", "", nil, id, false, false, false, privileged, trusted, sandboxDir, created, m.Annotations["org.opencontainers.image.stopSignal"]) scontainer, err := oci.NewContainer(m.Annotations[annotations.ContainerID], cname, sandboxPath, m.Annotations[annotations.LogPath], sb.NetNs(), labels, m.Annotations, kubeAnnotations, "", "", "", nil, id, false, false, false, privileged, trusted, c.Config().AllowStrace, sandboxDir, created, m.Annotations["org.opencontainers.image.stopSignal"])
if err != nil { if err != nil {
return err return err
} }
@ -513,7 +513,7 @@ func (c *ContainerServer) LoadContainer(id string) error {
return err return err
} }
ctr, err := oci.NewContainer(id, name, containerPath, m.Annotations[annotations.LogPath], sb.NetNs(), labels, m.Annotations, kubeAnnotations, img, imgName, imgRef, &metadata, sb.ID(), tty, stdin, stdinOnce, sb.Privileged(), sb.Trusted(), containerDir, created, m.Annotations["org.opencontainers.image.stopSignal"]) ctr, err := oci.NewContainer(id, name, containerPath, m.Annotations[annotations.LogPath], sb.NetNs(), labels, m.Annotations, kubeAnnotations, img, imgName, imgRef, &metadata, sb.ID(), tty, stdin, stdinOnce, sb.Privileged(), sb.Trusted(), c.Config().AllowStrace, containerDir, created, m.Annotations["org.opencontainers.image.stopSignal"])
if err != nil { if err != nil {
return err return err
} }

4
oci/container.go
View file

@ -36,6 +36,7 @@ type Container struct {
stdinOnce bool stdinOnce bool
privileged bool privileged bool
trusted bool trusted bool
allowStrace bool
state *ContainerState state *ContainerState
metadata *pb.ContainerMetadata metadata *pb.ContainerMetadata
opLock sync.Locker opLock sync.Locker
@ -71,7 +72,7 @@ type ContainerState struct {
} }
// NewContainer creates a container object. // NewContainer creates a container object.
func NewContainer(id string, name string, bundlePath string, logPath string, netns ns.NetNS, labels map[string]string, crioAnnotations map[string]string, annotations map[string]string, image string, imageName string, imageRef string, metadata *pb.ContainerMetadata, sandbox string, terminal bool, stdin bool, stdinOnce bool, privileged bool, trusted bool, dir string, created time.Time, stopSignal string) (*Container, error) { func NewContainer(id string, name string, bundlePath string, logPath string, netns ns.NetNS, labels map[string]string, crioAnnotations map[string]string, annotations map[string]string, image string, imageName string, imageRef string, metadata *pb.ContainerMetadata, sandbox string, terminal bool, stdin bool, stdinOnce bool, privileged bool, trusted bool, allowStrace bool, dir string, created time.Time, stopSignal string) (*Container, error) {
state := &ContainerState{} state := &ContainerState{}
state.Created = created state.Created = created
c := &Container{ c := &Container{
@ -87,6 +88,7 @@ func NewContainer(id string, name string, bundlePath string, logPath string, net
stdinOnce: stdinOnce, stdinOnce: stdinOnce,
privileged: privileged, privileged: privileged,
trusted: trusted, trusted: trusted,
allowStrace: allowStrace,
metadata: metadata, metadata: metadata,
annotations: annotations, annotations: annotations,
crioAnnotations: crioAnnotations, crioAnnotations: crioAnnotations,

25
oci/oci.go
View file

@ -14,6 +14,7 @@ import (
"time" "time"
"github.com/containerd/cgroups" "github.com/containerd/cgroups"
"github.com/kubernetes-incubator/cri-o/pkg/annotations"
"github.com/kubernetes-incubator/cri-o/utils" "github.com/kubernetes-incubator/cri-o/utils"
rspec "github.com/opencontainers/runtime-spec/specs-go" rspec "github.com/opencontainers/runtime-spec/specs-go"
"github.com/sirupsen/logrus" "github.com/sirupsen/logrus"
@ -284,6 +285,7 @@ func (r *Runtime) CreateContainer(c *Container, cgroupParent string) (err error)
if ss.err != nil { if ss.err != nil {
return fmt.Errorf("error reading container (probably exited) json message: %v", ss.err) return fmt.Errorf("error reading container (probably exited) json message: %v", ss.err)
} }
c.state.Pid = ss.si.Pid
logrus.Debugf("Received container pid: %d", ss.si.Pid) logrus.Debugf("Received container pid: %d", ss.si.Pid)
if ss.si.Pid == -1 { if ss.si.Pid == -1 {
if ss.si.Message != "" { if ss.si.Message != "" {
@ -297,6 +299,29 @@ func (r *Runtime) CreateContainer(c *Container, cgroupParent string) (err error)
logrus.Errorf("Container creation timeout (%v)", ContainerCreateTimeout) logrus.Errorf("Container creation timeout (%v)", ContainerCreateTimeout)
return fmt.Errorf("create container timeout") return fmt.Errorf("create container timeout")
} }
enableStrace := false
if _, ok := c.annotations[annotations.Strace]; ok {
logrus.Debugf("Enabling strace from annotation")
enableStrace = true
}
if !enableStrace {
if _, ok := c.labels[annotations.Strace]; ok {
logrus.Debugf("Enabling strace from label")
enableStrace = true
}
}
if enableStrace && c.allowStrace {
go func() {
straceCmd := exec.Command("strace", "-f", "-o", fmt.Sprintf("/tmp/%v", c.id), "-p", fmt.Sprintf("%d", c.state.Pid))
_, err := straceCmd.CombinedOutput()
if err != nil {
logrus.Errorf("Failed to execute strace: %v", err)
}
}()
}
return nil return nil
} }

3
pkg/annotations/annotations.go
View file

@ -84,6 +84,9 @@ const (
// Volumes is the volumes annotatoin // Volumes is the volumes annotatoin
Volumes = "io.kubernetes.cri-o.Volumes" Volumes = "io.kubernetes.cri-o.Volumes"
// Strace is enable strace debug annotation.
Strace = "io.kubernetes.cri-o.Strace"
) )
// ContainerType values // ContainerType values

2
server/container_create.go
View file

@ -1252,7 +1252,7 @@ func (s *Server) createSandboxContainer(ctx context.Context, containerID string,
crioAnnotations := specgen.Spec().Annotations crioAnnotations := specgen.Spec().Annotations
container, err := oci.NewContainer(containerID, containerName, containerInfo.RunDir, logPath, sb.NetNs(), labels, crioAnnotations, kubeAnnotations, image, imageName, imageRef, metadata, sb.ID(), containerConfig.Tty, containerConfig.Stdin, containerConfig.StdinOnce, sb.Privileged(), sb.Trusted(), containerInfo.Dir, created, containerImageConfig.Config.StopSignal) container, err := oci.NewContainer(containerID, containerName, containerInfo.RunDir, logPath, sb.NetNs(), labels, crioAnnotations, kubeAnnotations, image, imageName, imageRef, metadata, sb.ID(), containerConfig.Tty, containerConfig.Stdin, containerConfig.StdinOnce, sb.Privileged(), sb.Trusted(), s.config.Config.AllowStrace, containerInfo.Dir, created, containerImageConfig.Config.StopSignal)
if err != nil { if err != nil {
return nil, err return nil, err
} }

6
server/inspect_test.go
View file

@ -67,7 +67,7 @@ func TestGetContainerInfo(t *testing.T) {
"io.kubernetes.test1": "value1", "io.kubernetes.test1": "value1",
} }
getContainerFunc := func(id string) *oci.Container { getContainerFunc := func(id string) *oci.Container {
container, err := oci.NewContainer("testid", "testname", "", "/container/logs", mockNetNS{}, labels, annotations, annotations, "image", "imageName", "imageRef", &runtime.ContainerMetadata{}, "testsandboxid", false, false, false, false, false, "/root/for/container", created, "SIGKILL") container, err := oci.NewContainer("testid", "testname", "", "/container/logs", mockNetNS{}, labels, annotations, annotations, "image", "imageName", "imageRef", &runtime.ContainerMetadata{}, "testsandboxid", false, false, false, false, false, false, "/root/for/container", created, "SIGKILL")
if err != nil { if err != nil {
t.Fatal(err) t.Fatal(err)
} }
@ -184,7 +184,7 @@ func TestGetContainerInfoCtrStateNil(t *testing.T) {
labels := map[string]string{} labels := map[string]string{}
annotations := map[string]string{} annotations := map[string]string{}
getContainerFunc := func(id string) *oci.Container { getContainerFunc := func(id string) *oci.Container {
container, err := oci.NewContainer("testid", "testname", "", "/container/logs", mockNetNS{}, labels, annotations, annotations, "imageName", "imageName", "imageRef", &runtime.ContainerMetadata{}, "testsandboxid", false, false, false, false, false, "/root/for/container", created, "SIGKILL") container, err := oci.NewContainer("testid", "testname", "", "/container/logs", mockNetNS{}, labels, annotations, annotations, "imageName", "imageName", "imageRef", &runtime.ContainerMetadata{}, "testsandboxid", false, false, false, false, false, false, "/root/for/container", created, "SIGKILL")
if err != nil { if err != nil {
t.Fatal(err) t.Fatal(err)
} }
@ -215,7 +215,7 @@ func TestGetContainerInfoSandboxNotFound(t *testing.T) {
labels := map[string]string{} labels := map[string]string{}
annotations := map[string]string{} annotations := map[string]string{}
getContainerFunc := func(id string) *oci.Container { getContainerFunc := func(id string) *oci.Container {
container, err := oci.NewContainer("testid", "testname", "", "/container/logs", mockNetNS{}, labels, annotations, annotations, "imageName", "imageName", "imageRef", &runtime.ContainerMetadata{}, "testsandboxid", false, false, false, false, false, "/root/for/container", created, "SIGKILL") container, err := oci.NewContainer("testid", "testname", "", "/container/logs", mockNetNS{}, labels, annotations, annotations, "imageName", "imageName", "imageRef", &runtime.ContainerMetadata{}, "testsandboxid", false, false, false, false, false, false, "/root/for/container", created, "SIGKILL")
if err != nil { if err != nil {
t.Fatal(err) t.Fatal(err)
} }

2
server/sandbox_run.go
View file

@ -495,7 +495,7 @@ func (s *Server) RunPodSandbox(ctx context.Context, req *pb.RunPodSandboxRequest
g.AddAnnotation(annotations.HostnamePath, hostnamePath) g.AddAnnotation(annotations.HostnamePath, hostnamePath)
sb.AddHostnamePath(hostnamePath) sb.AddHostnamePath(hostnamePath)
container, err := oci.NewContainer(id, containerName, podContainer.RunDir, logPath, sb.NetNs(), labels, g.Spec().Annotations, kubeAnnotations, "", "", "", nil, id, false, false, false, sb.Privileged(), sb.Trusted(), podContainer.Dir, created, podContainer.Config.Config.StopSignal) container, err := oci.NewContainer(id, containerName, podContainer.RunDir, logPath, sb.NetNs(), labels, g.Spec().Annotations, kubeAnnotations, "", "", "", nil, id, false, false, false, sb.Privileged(), sb.Trusted(), s.config.Config.AllowStrace, podContainer.Dir, created, podContainer.Config.Config.StopSignal)
if err != nil { if err != nil {
return nil, err return nil, err
} }