From 2d8691cb0a9df934f99ddfd6a08cab007d51557c Mon Sep 17 00:00:00 2001 From: Antonio Murdaca Date: Sat, 17 Sep 2016 11:37:20 +0200 Subject: [PATCH 1/3] server: remove podsandbox on failure Signed-off-by: Antonio Murdaca --- server/runtime.go | 29 +++++++++++++++++++---------- 1 file changed, 19 insertions(+), 10 deletions(-) diff --git a/server/runtime.go b/server/runtime.go index a18d99a7..bec2f041 100644 --- a/server/runtime.go +++ b/server/runtime.go @@ -61,6 +61,12 @@ func (s *Server) CreatePodSandbox(ctx context.Context, req *pb.CreatePodSandboxR return nil, err } + defer func() { + if err != nil { + os.RemoveAll(podSandboxDir) + } + }() + // creates a spec Generator with the default spec. g := generate.New() @@ -84,8 +90,11 @@ func (s *Server) CreatePodSandbox(ctx context.Context, req *pb.CreatePodSandboxR dnsServers := req.GetConfig().GetDnsOptions().GetServers() dnsSearches := req.GetConfig().GetDnsOptions().GetSearches() resolvPath := fmt.Sprintf("%s/resolv.conf", podSandboxDir) - if err := parseDNSOptions(dnsServers, dnsSearches, resolvPath); err != nil { - if err1 := removeFile(resolvPath); err1 != nil { + err = parseDNSOptions(dnsServers, dnsSearches, resolvPath) + if err != nil { + err1 := removeFile(resolvPath) + if err1 != nil { + err = err1 return nil, fmt.Errorf("%v; failed to remove %s: %v", err, resolvPath, err1) } return nil, err @@ -113,21 +122,21 @@ func (s *Server) CreatePodSandbox(ctx context.Context, req *pb.CreatePodSandboxR // set up namespaces if req.GetConfig().GetLinux().GetNamespaceOptions().GetHostNetwork() { - err := g.RemoveLinuxNamespace("network") + err = g.RemoveLinuxNamespace("network") if err != nil { return nil, err } } if req.GetConfig().GetLinux().GetNamespaceOptions().GetHostPid() { - err := g.RemoveLinuxNamespace("pid") + err = g.RemoveLinuxNamespace("pid") if err != nil { return nil, err } } if req.GetConfig().GetLinux().GetNamespaceOptions().GetHostIpc() { - err := g.RemoveLinuxNamespace("ipc") + err = g.RemoveLinuxNamespace("ipc") if err != nil { return nil, err } @@ -144,11 +153,11 @@ func (s *Server) CreatePodSandbox(ctx context.Context, req *pb.CreatePodSandboxR return nil, err } - if err := s.runtime.CreateContainer(container); err != nil { + if err = s.runtime.CreateContainer(container); err != nil { return nil, err } - if err := s.runtime.UpdateStatus(container); err != nil { + if err = s.runtime.UpdateStatus(container); err != nil { return nil, err } @@ -158,17 +167,17 @@ func (s *Server) CreatePodSandbox(ctx context.Context, req *pb.CreatePodSandboxR if err != nil { return nil, err } - if err := s.netPlugin.SetUpPod(netnsPath, podNamespace, name, containerName); err != nil { + if err = s.netPlugin.SetUpPod(netnsPath, podNamespace, name, containerName); err != nil { return nil, fmt.Errorf("failed to create network for container %s in sandbox %s: %v", containerName, name, err) } - if err := s.runtime.StartContainer(container); err != nil { + if err = s.runtime.StartContainer(container); err != nil { return nil, err } s.addContainer(container) - if err := s.runtime.UpdateStatus(container); err != nil { + if err = s.runtime.UpdateStatus(container); err != nil { return nil, err } From 4a4897bbfe6d8a6150d9950e7b3aebb7e3f3605c Mon Sep 17 00:00:00 2001 From: Antonio Murdaca Date: Sat, 17 Sep 2016 11:37:45 +0200 Subject: [PATCH 2/3] conmon: use runtime path from ocid Signed-off-by: Antonio Murdaca --- Makefile | 7 ++-- conmon/conmon.c | 90 +++++++++++++++++++++++++++++++++---------------- oci/oci.go | 1 + 3 files changed, 67 insertions(+), 31 deletions(-) diff --git a/Makefile b/Makefile index d0981096..b8200a3e 100644 --- a/Makefile +++ b/Makefile @@ -1,6 +1,9 @@ -.PHONY: all clean ocid ocic +.PHONY: all clean conmon ocid ocic -all: ocid ocic +all: conmon ocid ocic + +conmon: + make -C $@ ocid: go build -o ocid ./cmd/server/main.go diff --git a/conmon/conmon.c b/conmon/conmon.c index 02210b0f..0dcf864c 100644 --- a/conmon/conmon.c +++ b/conmon/conmon.c @@ -33,9 +33,13 @@ #define _cleanup_(x) __attribute__((cleanup(x))) -static inline void freep(void *p) { free(*(void **)p); } +static inline void freep(void *p) +{ + free(*(void **)p); +} -static inline void closep(int *fd) { +static inline void closep(int *fd) +{ if (*fd >= 0) close(*fd); *fd = -1; @@ -62,6 +66,7 @@ int main(int argc, char *argv[]) int opt; bool terminal = FALSE; const char *cid = NULL; + const char *runtime_path = NULL; char cmd[CMD_SIZE]; GError *err = NULL; _cleanup_free_ char *contents; @@ -80,29 +85,38 @@ int main(int argc, char *argv[]) char *sync_pipe, *endptr; int len; - while ((opt = getopt(argc, argv, "tc:")) != -1) { - switch(opt) { + while ((opt = getopt(argc, argv, "tc:r:")) != -1) { + switch (opt) { case 't': terminal = TRUE; break; case 'c': cid = optarg; break; + case 'r': + runtime_path = optarg; + break; case '?': - if (optopt == 'c') - nexit("Option -%c requires an argument.", optopt); - else if (isprint (optopt)) + if (optopt == 'c' || optopt == 'r') + nexit("Option -%c requires an argument.", + optopt); + else if (isprint(optopt)) nexit("Unknown option `-%c'.", optopt); else - nexit("Unknown option character `\\x%x'.\n", optopt); + nexit("Unknown option character `\\x%x'.\n", + optopt); default: - nexit("Usage: %s [-c container_id] [-t]", argv[0]); + nexit + ("Usage: %s -r runtime_path [-c container_id] [-t]", + argv[0]); } } - if (cid == NULL) { - nexit("Container ID not passed"); - } + if (cid == NULL) + nexit("Container ID not provided"); + + if (runtime_path == NULL) + nexit("Runtime path not provided"); sync_pipe = getenv("_OCI_SYNCPIPE"); if (sync_pipe) { @@ -132,7 +146,7 @@ int main(int argc, char *argv[]) pexit("Failed to grant access to slave pty"); /* Unlock the slave pty */ - if (unlockpt(mfd) == -1) { /* Unlock slave pty */ + if (unlockpt(mfd) == -1) { /* Unlock slave pty */ pexit("Failed to unlock the slave pty"); } @@ -146,9 +160,12 @@ int main(int argc, char *argv[]) /* Create the container */ if (terminal) { - snprintf(cmd, CMD_SIZE, "runc create %s --pid-file pidfile --console %s", cid, slname); + snprintf(cmd, CMD_SIZE, + "%s create %s --pid-file pidfile --console %s", + runtime_path, cid, slname); } else { - snprintf(cmd, CMD_SIZE, "runc create %s --pid-file pidfile", cid); + snprintf(cmd, CMD_SIZE, "%s create %s --pid-file pidfile", + runtime_path, cid); } ret = system(cmd); if (ret != 0) { @@ -180,9 +197,11 @@ int main(int argc, char *argv[]) pexit("tcegetattr"); /* Settings for raw mode */ - t.c_lflag &= ~(ISIG | ICANON | ECHO | ECHOE | ECHOK | ECHONL | IEXTEN); - t.c_iflag &= ~(BRKINT | ICRNL | IGNBRK | IGNCR | INLCR | INPCK | - ISTRIP | IXON | IXOFF | IGNPAR | PARMRK); + t.c_lflag &= + ~(ISIG | ICANON | ECHO | ECHOE | ECHOK | ECHONL | IEXTEN); + t.c_iflag &= + ~(BRKINT | ICRNL | IGNBRK | IGNCR | INLCR | INPCK | ISTRIP | + IXON | IXOFF | IGNPAR | PARMRK); t.c_oflag &= ~OPOST; t.c_cc[VMIN] = 1; t.c_cc[VTIME] = 0; @@ -214,33 +233,43 @@ int main(int argc, char *argv[]) for (int i = 0; i < ready; i++) { if (evlist[i].events & EPOLLIN) { if (evlist[i].data.fd == STDIN_FILENO) { - num_read = read(STDIN_FILENO, buf, BUF_SIZE); + num_read = + read(STDIN_FILENO, buf, + BUF_SIZE); if (num_read <= 0) goto out; - if (write(mfd, buf, num_read) != num_read) { - nwarn("partial/failed write (masterFd)"); + if (write(mfd, buf, num_read) != + num_read) { + nwarn + ("partial/failed write (masterFd)"); goto out; } } else if (evlist[i].data.fd == mfd) { - num_read = read(mfd, buf, BUF_SIZE); + num_read = + read(mfd, buf, BUF_SIZE); if (num_read <= 0) goto out; - if (write(STDOUT_FILENO, buf, num_read) != num_read) { - nwarn("partial/failed write (STDOUT_FILENO)"); + if (write + (STDOUT_FILENO, buf, + num_read) != num_read) { + nwarn + ("partial/failed write (STDOUT_FILENO)"); goto out; } } - } else if (evlist[i].events & (EPOLLHUP | EPOLLERR)) { - printf("closing fd %d\n", evlist[i].data.fd); + } else if (evlist[i].events & + (EPOLLHUP | EPOLLERR)) { + printf("closing fd %d\n", + evlist[i].data.fd); if (close(evlist[i].data.fd) < 0) pexit("close"); goto out; } } } -out: + out: tty_restore(); } @@ -253,9 +282,12 @@ out: if (ret < 0) { pexit("Failed to allocate memory for status"); } - g_file_set_contents("exit", status_str, strlen(status_str), &err); + g_file_set_contents("exit", status_str, + strlen(status_str), &err); if (err) { - fprintf(stderr, "Failed to write %s to exit file: %s\n", status_str, err->message); + fprintf(stderr, + "Failed to write %s to exit file: %s\n", + status_str, err->message); g_error_free(err); exit(1); } diff --git a/oci/oci.go b/oci/oci.go index e6033865..1f5c0816 100644 --- a/oci/oci.go +++ b/oci/oci.go @@ -85,6 +85,7 @@ func (r *Runtime) CreateContainer(c *Container) error { defer parentPipe.Close() args := []string{"-c", c.name} + args = append(args, "-r", r.path) if c.terminal { args = append(args, "-t") } From d1510cb85470054e8eb309ca094c86ee41781fcb Mon Sep 17 00:00:00 2001 From: Antonio Murdaca Date: Sat, 17 Sep 2016 11:56:51 +0200 Subject: [PATCH 3/3] .gitignore: add conmon objs Signed-off-by: Antonio Murdaca --- .gitignore | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.gitignore b/.gitignore index 20e85a86..8d9d1c42 100644 --- a/.gitignore +++ b/.gitignore @@ -1,2 +1,4 @@ ocid ocic +conmon/conmon +conmon/conmon.o