Add option to use file-based locking for libkpod state

Signed-off-by: Matthew Heon <mheon@redhat.com>
This commit is contained in:
Matthew Heon 2017-07-20 14:43:41 -04:00
parent fa6e2d81f9
commit 9529f565b2
5 changed files with 35 additions and 4 deletions

View file

@ -41,6 +41,10 @@ stream_address = "{{ .StreamAddress }}"
# stream_port is the port on which the stream server will listen # stream_port is the port on which the stream server will listen
stream_port = "{{ .StreamPort }}" stream_port = "{{ .StreamPort }}"
# file_locking is whether file-based locking will be used instead of
# in-memory locking
file_locking = {{ .FileLocking }}
# The "crio.runtime" table contains settings pertaining to the OCI # The "crio.runtime" table contains settings pertaining to the OCI
# runtime used and options for how to set up and manage the OCI runtime. # runtime used and options for how to set up and manage the OCI runtime.
[crio.runtime] [crio.runtime]

View file

@ -75,6 +75,9 @@ func mergeConfig(config *server.Config, ctx *cli.Context) error {
if ctx.GlobalIsSet("storage-opt") { if ctx.GlobalIsSet("storage-opt") {
config.StorageOptions = ctx.GlobalStringSlice("storage-opt") config.StorageOptions = ctx.GlobalStringSlice("storage-opt")
} }
if ctx.GlobalIsSet("file-locking") {
config.FileLocking = ctx.GlobalBool("file-locking")
}
if ctx.GlobalIsSet("insecure-registry") { if ctx.GlobalIsSet("insecure-registry") {
config.InsecureRegistries = ctx.GlobalStringSlice("insecure-registry") config.InsecureRegistries = ctx.GlobalStringSlice("insecure-registry")
} }
@ -216,6 +219,10 @@ func main() {
Name: "storage-opt", Name: "storage-opt",
Usage: "storage driver option", Usage: "storage driver option",
}, },
cli.BoolFlag{
Name: "file-locking",
Usage: "enable or disable file-based locking",
},
cli.StringSliceFlag{ cli.StringSliceFlag{
Name: "insecure-registry", Name: "insecure-registry",
Usage: "whether to disable TLS verification for the given registry", Usage: "whether to disable TLS verification for the given registry",

View file

@ -21,6 +21,7 @@ const (
cniConfigDir = "/etc/cni/net.d/" cniConfigDir = "/etc/cni/net.d/"
cniBinDir = "/opt/cni/bin/" cniBinDir = "/opt/cni/bin/"
cgroupManager = "cgroupfs" cgroupManager = "cgroupfs"
lockPath = "/run/crio.lock"
) )
// Config represents the entire set of configuration values that can be set for // Config represents the entire set of configuration values that can be set for
@ -74,6 +75,11 @@ type RootConfig struct {
// LogDir is the default log directory were all logs will go unless kubelet // LogDir is the default log directory were all logs will go unless kubelet
// tells us to put them somewhere else. // tells us to put them somewhere else.
LogDir string `toml:"log_dir"` LogDir string `toml:"log_dir"`
// FileLocking specifies whether to use file-based or in-memory locking
// File-based locking is required when multiple users of libkpod are
// present on the same system
FileLocking bool `toml:"file_locking"`
} }
// RuntimeConfig represents the "crio.runtime" TOML config table. // RuntimeConfig represents the "crio.runtime" TOML config table.
@ -236,6 +242,7 @@ func DefaultConfig() *Config {
Root: crioRoot, Root: crioRoot,
RunRoot: crioRunRoot, RunRoot: crioRunRoot,
LogDir: "/var/log/crio/pods", LogDir: "/var/log/crio/pods",
FileLocking: true,
}, },
RuntimeConfig: RuntimeConfig{ RuntimeConfig: RuntimeConfig{
Runtime: "/usr/bin/runc", Runtime: "/usr/bin/runc",

View file

@ -98,6 +98,18 @@ func New(config *Config) (*ContainerServer, error) {
if err != nil { if err != nil {
return nil, err return nil, err
} }
var lock sync.Locker
if config.FileLocking {
fileLock, err := cstorage.GetLockfile(lockPath)
if err != nil {
return nil, fmt.Errorf("error obtaining lockfile: %v", err)
}
lock = fileLock
} else {
lock = new(sync.Mutex)
}
return &ContainerServer{ return &ContainerServer{
runtime: runtime, runtime: runtime,
store: store, store: store,
@ -107,7 +119,7 @@ func New(config *Config) (*ContainerServer, error) {
podNameIndex: registrar.NewRegistrar(), podNameIndex: registrar.NewRegistrar(),
podIDIndex: truncindex.NewTruncIndex([]string{}), podIDIndex: truncindex.NewTruncIndex([]string{}),
imageContext: &types.SystemContext{SignaturePolicyPath: config.SignaturePolicyPath}, imageContext: &types.SystemContext{SignaturePolicyPath: config.SignaturePolicyPath},
stateLock: new(sync.Mutex), stateLock: lock,
state: &containerServerState{ state: &containerServerState{
containers: oci.NewMemoryStore(), containers: oci.NewMemoryStore(),
sandboxes: make(map[string]*sandbox.Sandbox), sandboxes: make(map[string]*sandbox.Sandbox),

View file

@ -502,6 +502,7 @@ func New(config *Config) (*Server, error) {
appArmorEnabled: apparmor.IsEnabled(), appArmorEnabled: apparmor.IsEnabled(),
appArmorProfile: config.ApparmorProfile, appArmorProfile: config.ApparmorProfile,
} }
if s.seccompEnabled { if s.seccompEnabled {
seccompProfile, fileErr := ioutil.ReadFile(config.SeccompProfile) seccompProfile, fileErr := ioutil.ReadFile(config.SeccompProfile)
if fileErr != nil { if fileErr != nil {