0df8200e12
In order to workaround a bug introduced with runc commit bc84f833, we create a symbolic link to our permanent networking namespace so that runC realizes that this is not the host namespace. Although this bug is now fixed upstream (See commit f33de5ab4), this patch works with pre rc3 runC versions. We may want to revert that patch once runC 1.0.0 is released. Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
95 lines
2.8 KiB
Go
95 lines
2.8 KiB
Go
package server
|
|
|
|
import (
|
|
"fmt"
|
|
"os"
|
|
"path/filepath"
|
|
"syscall"
|
|
|
|
"github.com/Sirupsen/logrus"
|
|
"github.com/kubernetes-incubator/cri-o/oci"
|
|
"github.com/opencontainers/runc/libcontainer/label"
|
|
"golang.org/x/net/context"
|
|
pb "k8s.io/kubernetes/pkg/kubelet/api/v1alpha1/runtime"
|
|
)
|
|
|
|
// RemovePodSandbox deletes the sandbox. If there are any running containers in the
|
|
// sandbox, they should be force deleted.
|
|
func (s *Server) RemovePodSandbox(ctx context.Context, req *pb.RemovePodSandboxRequest) (*pb.RemovePodSandboxResponse, error) {
|
|
logrus.Debugf("RemovePodSandboxRequest %+v", req)
|
|
sb, err := s.getPodSandboxFromRequest(req)
|
|
if err != nil {
|
|
if err == errSandboxIDEmpty {
|
|
return nil, err
|
|
}
|
|
|
|
resp := &pb.RemovePodSandboxResponse{}
|
|
logrus.Warnf("could not get sandbox %s, it's probably been removed already: %v", req.GetPodSandboxId(), err)
|
|
return resp, nil
|
|
}
|
|
|
|
podInfraContainer := sb.infraContainer
|
|
containers := sb.containers.List()
|
|
containers = append(containers, podInfraContainer)
|
|
|
|
// Delete all the containers in the sandbox
|
|
for _, c := range containers {
|
|
if err := s.runtime.UpdateStatus(c); err != nil {
|
|
return nil, fmt.Errorf("failed to update container state: %v", err)
|
|
}
|
|
|
|
cState := s.runtime.ContainerStatus(c)
|
|
if cState.Status == oci.ContainerStateCreated || cState.Status == oci.ContainerStateRunning {
|
|
if err := s.runtime.StopContainer(c); err != nil {
|
|
return nil, fmt.Errorf("failed to stop container %s: %v", c.Name(), err)
|
|
}
|
|
}
|
|
|
|
if err := s.runtime.DeleteContainer(c); err != nil {
|
|
return nil, fmt.Errorf("failed to delete container %s in sandbox %s: %v", c.Name(), sb.id, err)
|
|
}
|
|
|
|
if c == podInfraContainer {
|
|
continue
|
|
}
|
|
|
|
containerDir := filepath.Join(s.runtime.ContainerDir(), c.ID())
|
|
if err := os.RemoveAll(containerDir); err != nil {
|
|
return nil, fmt.Errorf("failed to remove container %s directory: %v", c.Name(), err)
|
|
}
|
|
|
|
s.releaseContainerName(c.Name())
|
|
s.removeContainer(c)
|
|
}
|
|
|
|
if err := label.UnreserveLabel(sb.processLabel); err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
// unmount the shm for the pod
|
|
if sb.shmPath != "/dev/shm" {
|
|
if err := syscall.Unmount(sb.shmPath, syscall.MNT_DETACH); err != nil {
|
|
return nil, err
|
|
}
|
|
}
|
|
|
|
if err := sb.netNsRemove(); err != nil {
|
|
return nil, fmt.Errorf("failed to remove networking namespace for sandbox %s: %v", sb.id, err)
|
|
}
|
|
|
|
// Remove the files related to the sandbox
|
|
podSandboxDir := filepath.Join(s.config.SandboxDir, sb.id)
|
|
if err := os.RemoveAll(podSandboxDir); err != nil {
|
|
return nil, fmt.Errorf("failed to remove sandbox %s directory: %v", sb.id, err)
|
|
}
|
|
s.releaseContainerName(podInfraContainer.Name())
|
|
s.removeContainer(podInfraContainer)
|
|
sb.infraContainer = nil
|
|
|
|
s.releasePodName(sb.name)
|
|
s.removeSandbox(sb.id)
|
|
|
|
resp := &pb.RemovePodSandboxResponse{}
|
|
logrus.Debugf("RemovePodSandboxResponse %+v", resp)
|
|
return resp, nil
|
|
}
|