Add option to use file-based locking for libkpod state
Signed-off-by: Matthew Heon <mheon@redhat.com>
This commit is contained in:
parent
fa6e2d81f9
commit
9529f565b2
5 changed files with 35 additions and 4 deletions
|
@ -41,6 +41,10 @@ stream_address = "{{ .StreamAddress }}"
|
||||||
# stream_port is the port on which the stream server will listen
|
# stream_port is the port on which the stream server will listen
|
||||||
stream_port = "{{ .StreamPort }}"
|
stream_port = "{{ .StreamPort }}"
|
||||||
|
|
||||||
|
# file_locking is whether file-based locking will be used instead of
|
||||||
|
# in-memory locking
|
||||||
|
file_locking = {{ .FileLocking }}
|
||||||
|
|
||||||
# The "crio.runtime" table contains settings pertaining to the OCI
|
# The "crio.runtime" table contains settings pertaining to the OCI
|
||||||
# runtime used and options for how to set up and manage the OCI runtime.
|
# runtime used and options for how to set up and manage the OCI runtime.
|
||||||
[crio.runtime]
|
[crio.runtime]
|
||||||
|
|
|
@ -75,6 +75,9 @@ func mergeConfig(config *server.Config, ctx *cli.Context) error {
|
||||||
if ctx.GlobalIsSet("storage-opt") {
|
if ctx.GlobalIsSet("storage-opt") {
|
||||||
config.StorageOptions = ctx.GlobalStringSlice("storage-opt")
|
config.StorageOptions = ctx.GlobalStringSlice("storage-opt")
|
||||||
}
|
}
|
||||||
|
if ctx.GlobalIsSet("file-locking") {
|
||||||
|
config.FileLocking = ctx.GlobalBool("file-locking")
|
||||||
|
}
|
||||||
if ctx.GlobalIsSet("insecure-registry") {
|
if ctx.GlobalIsSet("insecure-registry") {
|
||||||
config.InsecureRegistries = ctx.GlobalStringSlice("insecure-registry")
|
config.InsecureRegistries = ctx.GlobalStringSlice("insecure-registry")
|
||||||
}
|
}
|
||||||
|
@ -216,6 +219,10 @@ func main() {
|
||||||
Name: "storage-opt",
|
Name: "storage-opt",
|
||||||
Usage: "storage driver option",
|
Usage: "storage driver option",
|
||||||
},
|
},
|
||||||
|
cli.BoolFlag{
|
||||||
|
Name: "file-locking",
|
||||||
|
Usage: "enable or disable file-based locking",
|
||||||
|
},
|
||||||
cli.StringSliceFlag{
|
cli.StringSliceFlag{
|
||||||
Name: "insecure-registry",
|
Name: "insecure-registry",
|
||||||
Usage: "whether to disable TLS verification for the given registry",
|
Usage: "whether to disable TLS verification for the given registry",
|
||||||
|
|
|
@ -21,6 +21,7 @@ const (
|
||||||
cniConfigDir = "/etc/cni/net.d/"
|
cniConfigDir = "/etc/cni/net.d/"
|
||||||
cniBinDir = "/opt/cni/bin/"
|
cniBinDir = "/opt/cni/bin/"
|
||||||
cgroupManager = "cgroupfs"
|
cgroupManager = "cgroupfs"
|
||||||
|
lockPath = "/run/crio.lock"
|
||||||
)
|
)
|
||||||
|
|
||||||
// Config represents the entire set of configuration values that can be set for
|
// Config represents the entire set of configuration values that can be set for
|
||||||
|
@ -74,6 +75,11 @@ type RootConfig struct {
|
||||||
// LogDir is the default log directory were all logs will go unless kubelet
|
// LogDir is the default log directory were all logs will go unless kubelet
|
||||||
// tells us to put them somewhere else.
|
// tells us to put them somewhere else.
|
||||||
LogDir string `toml:"log_dir"`
|
LogDir string `toml:"log_dir"`
|
||||||
|
|
||||||
|
// FileLocking specifies whether to use file-based or in-memory locking
|
||||||
|
// File-based locking is required when multiple users of libkpod are
|
||||||
|
// present on the same system
|
||||||
|
FileLocking bool `toml:"file_locking"`
|
||||||
}
|
}
|
||||||
|
|
||||||
// RuntimeConfig represents the "crio.runtime" TOML config table.
|
// RuntimeConfig represents the "crio.runtime" TOML config table.
|
||||||
|
@ -236,6 +242,7 @@ func DefaultConfig() *Config {
|
||||||
Root: crioRoot,
|
Root: crioRoot,
|
||||||
RunRoot: crioRunRoot,
|
RunRoot: crioRunRoot,
|
||||||
LogDir: "/var/log/crio/pods",
|
LogDir: "/var/log/crio/pods",
|
||||||
|
FileLocking: true,
|
||||||
},
|
},
|
||||||
RuntimeConfig: RuntimeConfig{
|
RuntimeConfig: RuntimeConfig{
|
||||||
Runtime: "/usr/bin/runc",
|
Runtime: "/usr/bin/runc",
|
||||||
|
|
|
@ -98,6 +98,18 @@ func New(config *Config) (*ContainerServer, error) {
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, err
|
return nil, err
|
||||||
}
|
}
|
||||||
|
|
||||||
|
var lock sync.Locker
|
||||||
|
if config.FileLocking {
|
||||||
|
fileLock, err := cstorage.GetLockfile(lockPath)
|
||||||
|
if err != nil {
|
||||||
|
return nil, fmt.Errorf("error obtaining lockfile: %v", err)
|
||||||
|
}
|
||||||
|
lock = fileLock
|
||||||
|
} else {
|
||||||
|
lock = new(sync.Mutex)
|
||||||
|
}
|
||||||
|
|
||||||
return &ContainerServer{
|
return &ContainerServer{
|
||||||
runtime: runtime,
|
runtime: runtime,
|
||||||
store: store,
|
store: store,
|
||||||
|
@ -107,7 +119,7 @@ func New(config *Config) (*ContainerServer, error) {
|
||||||
podNameIndex: registrar.NewRegistrar(),
|
podNameIndex: registrar.NewRegistrar(),
|
||||||
podIDIndex: truncindex.NewTruncIndex([]string{}),
|
podIDIndex: truncindex.NewTruncIndex([]string{}),
|
||||||
imageContext: &types.SystemContext{SignaturePolicyPath: config.SignaturePolicyPath},
|
imageContext: &types.SystemContext{SignaturePolicyPath: config.SignaturePolicyPath},
|
||||||
stateLock: new(sync.Mutex),
|
stateLock: lock,
|
||||||
state: &containerServerState{
|
state: &containerServerState{
|
||||||
containers: oci.NewMemoryStore(),
|
containers: oci.NewMemoryStore(),
|
||||||
sandboxes: make(map[string]*sandbox.Sandbox),
|
sandboxes: make(map[string]*sandbox.Sandbox),
|
||||||
|
|
|
@ -502,6 +502,7 @@ func New(config *Config) (*Server, error) {
|
||||||
appArmorEnabled: apparmor.IsEnabled(),
|
appArmorEnabled: apparmor.IsEnabled(),
|
||||||
appArmorProfile: config.ApparmorProfile,
|
appArmorProfile: config.ApparmorProfile,
|
||||||
}
|
}
|
||||||
|
|
||||||
if s.seccompEnabled {
|
if s.seccompEnabled {
|
||||||
seccompProfile, fileErr := ioutil.ReadFile(config.SeccompProfile)
|
seccompProfile, fileErr := ioutil.ReadFile(config.SeccompProfile)
|
||||||
if fileErr != nil {
|
if fileErr != nil {
|
||||||
|
|
Loading…
Reference in a new issue