From d02828e8a6a885c39703c564fdb6495b77e4027f Mon Sep 17 00:00:00 2001 From: Mrunal Patel Date: Fri, 14 Jul 2017 15:32:25 -0700 Subject: [PATCH] Support ImageVolumesBind when container is created Signed-off-by: Mrunal Patel --- server/container_create.go | 60 +++++++++++++++++++++++++------------- 1 file changed, 40 insertions(+), 20 deletions(-) diff --git a/server/container_create.go b/server/container_create.go index 28b75acc..9e48aa45 100644 --- a/server/container_create.go +++ b/server/container_create.go @@ -12,9 +12,11 @@ import ( "time" "github.com/Sirupsen/logrus" + "github.com/docker/docker/pkg/stringid" "github.com/docker/docker/pkg/symlink" "github.com/kubernetes-incubator/cri-o/oci" "github.com/kubernetes-incubator/cri-o/pkg/annotations" + "github.com/kubernetes-incubator/cri-o/pkg/storage" "github.com/kubernetes-incubator/cri-o/server/apparmor" "github.com/kubernetes-incubator/cri-o/server/seccomp" "github.com/opencontainers/image-spec/specs-go/v1" @@ -72,6 +74,41 @@ func addOCIBindMounts(sb *sandbox, containerConfig *pb.ContainerConfig, specgen return nil } +func addImageVolumes(rootfs string, s *Server, containerInfo *storage.ContainerInfo, specgen *generate.Generator, mountLabel string) error { + for dest := range containerInfo.Config.Config.Volumes { + fp, err := symlink.FollowSymlinkInScope(filepath.Join(rootfs, dest), rootfs) + if err != nil { + return err + } + switch s.config.ImageVolumes { + case ImageVolumesMkdir: + if err1 := os.MkdirAll(fp, 0644); err1 != nil { + return err1 + } + case ImageVolumesBind: + volumeDirName := stringid.GenerateNonCryptoID() + src := filepath.Join(containerInfo.RunDir, "mounts", volumeDirName) + if err1 := os.MkdirAll(src, 0644); err1 != nil { + return err1 + } + // Label the source with the sandbox selinux mount label + if mountLabel != "" { + if err1 := label.Relabel(src, mountLabel, true); err1 != nil && err1 != unix.ENOTSUP { + return fmt.Errorf("relabel failed %s: %v", src, err1) + } + } + + logrus.Debugf("Adding bind mounted volume: %s to %s", src, dest) + specgen.AddBindMount(src, dest, []string{"rw"}) + case ImageVolumesIgnore: + logrus.Debugf("Ignoring volume %v", dest) + default: + logrus.Fatalf("Unrecognized image volumes setting") + } + } + return nil +} + func addDevices(sb *sandbox, containerConfig *pb.ContainerConfig, specgen *generate.Generator) error { sp := specgen.Spec() for _, device := range containerConfig.GetDevices() { @@ -601,26 +638,9 @@ func (s *Server) createSandboxContainer(ctx context.Context, containerID string, specgen.AddAnnotation("org.opencontainers.image.stopSignal", containerImageConfig.Config.StopSignal) } - // TODO: volume handling in CRI-O - // right now, we do just an mkdir in the container rootfs because we - // know kube manages volumes its own way and we don't need to behave - // like docker. - // For instance gcr.io/k8s-testimages/redis:e2e now work with CRI-O - for dest := range containerImageConfig.Config.Volumes { - fp, err := symlink.FollowSymlinkInScope(filepath.Join(mountPoint, dest), mountPoint) - if err != nil { - return nil, err - } - switch s.config.ImageVolumes { - case ImageVolumesMkdir: - if err1 := os.MkdirAll(fp, 0644); err1 != nil { - return nil, err1 - } - case ImageVolumesIgnore: - logrus.Debugf("Ignoring volume %v", dest) - default: - logrus.Fatalf("Unrecognized image volumes setting") - } + // Add image volumes + if err := addImageVolumes(mountPoint, s, &containerInfo, &specgen, sb.mountLabel); err != nil { + return nil, err } processArgs, err := buildOCIProcessArgs(containerConfig, containerImageConfig)