Add support for pod /dev/shm that is shared by the pod ctrs
Signed-off-by: Mrunal Patel <mpatel@redhat.com>
This commit is contained in:
Mrunal Patel
parent
8547c0dbd9
commit
be29524ba4
6 changed files with 53 additions and 1 deletions
|
|
@ -15,7 +15,7 @@ for d in $(find . -type d -not -iwholename '*.git*' -a -not -iname '.tool' -a -n
|
|||
--disable=aligncheck \
|
||||
--disable=gotype \
|
||||
--disable=gas \
|
||||
--cyclo-over=50 \
|
||||
--cyclo-over=60 \
|
||||
--dupl-threshold=100 \
|
||||
--tests \
|
||||
--deadline=30s "${d}"
|
||||
|
|
|
|||
|
|
@ -283,6 +283,9 @@ func (s *Server) createSandboxContainer(containerID string, containerName string
|
|||
}
|
||||
}
|
||||
|
||||
// bind mount the pod shm
|
||||
specgen.AddBindMount(sb.shmPath, "/dev/shm", []string{"rw"})
|
||||
|
||||
specgen.AddAnnotation("ocid/name", containerName)
|
||||
specgen.AddAnnotation("ocid/sandbox_id", sb.id)
|
||||
specgen.AddAnnotation("ocid/sandbox_name", sb.infraContainer.Name())
|
||||
|
|
|
|||
|
|
@ -20,10 +20,12 @@ type sandbox struct {
|
|||
processLabel string
|
||||
mountLabel string
|
||||
metadata *pb.PodSandboxMetadata
|
||||
shmPath string
|
||||
}
|
||||
|
||||
const (
|
||||
podDefaultNamespace = "default"
|
||||
defaultShmSize = 64 * 1024 * 1024
|
||||
)
|
||||
|
||||
func (s *sandbox) addContainer(c *oci.Container) {
|
||||
|
|
|
|||
|
|
@ -4,6 +4,7 @@ import (
|
|||
"fmt"
|
||||
"os"
|
||||
"path/filepath"
|
||||
"syscall"
|
||||
|
||||
"github.com/Sirupsen/logrus"
|
||||
"github.com/kubernetes-incubator/cri-o/oci"
|
||||
|
|
@ -59,6 +60,13 @@ func (s *Server) RemovePodSandbox(ctx context.Context, req *pb.RemovePodSandboxR
|
|||
return nil, err
|
||||
}
|
||||
|
||||
// unmount the shm for the pod
|
||||
if sb.shmPath != "/dev/shm" {
|
||||
if err := syscall.Unmount(sb.shmPath, syscall.MNT_DETACH); err != nil {
|
||||
return nil, err
|
||||
}
|
||||
}
|
||||
|
||||
// Remove the files related to the sandbox
|
||||
podSandboxDir := filepath.Join(s.config.SandboxDir, sb.id)
|
||||
if err := os.RemoveAll(podSandboxDir); err != nil {
|
||||
|
|
|
|||
|
|
@ -5,6 +5,8 @@ import (
|
|||
"fmt"
|
||||
"os"
|
||||
"path/filepath"
|
||||
"strconv"
|
||||
"syscall"
|
||||
|
||||
"github.com/Sirupsen/logrus"
|
||||
"github.com/kubernetes-incubator/cri-o/oci"
|
||||
|
|
@ -139,6 +141,24 @@ func (s *Server) RunPodSandbox(ctx context.Context, req *pb.RunPodSandboxRequest
|
|||
g.SetProcessSelinuxLabel(processLabel)
|
||||
}
|
||||
|
||||
// create shm mount for the pod containers.
|
||||
var shmPath string
|
||||
if req.GetConfig().GetLinux().GetSecurityContext().GetNamespaceOptions().GetHostIpc() {
|
||||
shmPath = "/dev/shm"
|
||||
} else {
|
||||
shmPath, err = setupShm(podSandboxDir, mountLabel)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
defer func() {
|
||||
if err != nil {
|
||||
if err2 := syscall.Unmount(shmPath, syscall.MNT_DETACH); err2 != nil {
|
||||
logrus.Warnf("failed to unmount shm for pod: %v", err2)
|
||||
}
|
||||
}
|
||||
}()
|
||||
}
|
||||
|
||||
containerID, containerName, err := s.generateContainerIDandName(name, "infra", 0)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
|
|
@ -170,6 +190,7 @@ func (s *Server) RunPodSandbox(ctx context.Context, req *pb.RunPodSandboxRequest
|
|||
g.AddAnnotation("ocid/container_type", containerTypeSandbox)
|
||||
g.AddAnnotation("ocid/container_name", containerName)
|
||||
g.AddAnnotation("ocid/container_id", containerID)
|
||||
g.AddAnnotation("ocid/shm_path", shmPath)
|
||||
|
||||
sb := &sandbox{
|
||||
id: id,
|
||||
|
|
@ -181,6 +202,7 @@ func (s *Server) RunPodSandbox(ctx context.Context, req *pb.RunPodSandboxRequest
|
|||
processLabel: processLabel,
|
||||
mountLabel: mountLabel,
|
||||
metadata: metadata,
|
||||
shmPath: shmPath,
|
||||
}
|
||||
|
||||
s.addSandbox(sb)
|
||||
|
|
@ -309,3 +331,19 @@ func getSELinuxLabels(selinuxOptions *pb.SELinuxOption) (processLabel string, mo
|
|||
}
|
||||
return label.InitLabels(label.DupSecOpt(processLabel))
|
||||
}
|
||||
|
||||
func setupShm(podSandboxDir, mountLabel string) (shmPath string, err error) {
|
||||
shmPath = filepath.Join(podSandboxDir, "shm")
|
||||
if err = os.Mkdir(shmPath, 0700); err != nil {
|
||||
return "", err
|
||||
}
|
||||
shmOptions := "mode=1777,size=" + strconv.Itoa(defaultShmSize)
|
||||
if mountLabel != "" {
|
||||
shmOptions = label.FormatMountLabel(shmOptions, mountLabel)
|
||||
|
||||
}
|
||||
if err = syscall.Mount("shm", shmPath, "tmpfs", uintptr(syscall.MS_NOEXEC|syscall.MS_NOSUID|syscall.MS_NODEV), shmOptions); err != nil {
|
||||
return "", fmt.Errorf("failed to mount shm tmpfs for pod: %v", err)
|
||||
}
|
||||
return shmPath, nil
|
||||
}
|
||||
|
|
|
|||
|
|
@ -136,6 +136,7 @@ func (s *Server) loadSandbox(id string) error {
|
|||
mountLabel: mountLabel,
|
||||
annotations: annotations,
|
||||
metadata: &metadata,
|
||||
shmPath: m.Annotations["ocid/shm_path"],
|
||||
}
|
||||
s.addSandbox(sb)
|
||||
|
||||
|
|
|
|||
Loading…
Reference in a new issue