diff options
| -rw-r--r-- | cmd/podman/system/service.go | 43 | ||||
| -rw-r--r-- | cmd/podman/system/service_abi.go | 61 | ||||
| -rw-r--r-- | go.mod | 2 | ||||
| -rw-r--r-- | go.sum | 6 | ||||
| -rw-r--r-- | libpod/kube.go | 2 | ||||
| -rw-r--r-- | libpod/oci_conmon_linux.go | 3 | ||||
| -rw-r--r-- | libpod/shutdown/handler.go | 4 | ||||
| -rw-r--r-- | pkg/api/handlers/libpod/images.go | 4 | ||||
| -rw-r--r-- | pkg/api/handlers/types.go | 6 | ||||
| -rw-r--r-- | pkg/api/server/server.go | 129 | ||||
| -rw-r--r-- | pkg/domain/entities/system.go | 11 | ||||
| -rw-r--r-- | pkg/domain/infra/abi/images.go | 4 | ||||
| -rw-r--r-- | pkg/specgen/generate/container.go | 6 | ||||
| -rw-r--r-- | pkg/specgen/generate/kube/kube.go | 2 | ||||
| -rw-r--r-- | pkg/specgen/generate/storage.go | 2 | ||||
| -rw-r--r-- | test/e2e/stop_test.go | 12 | ||||
| -rw-r--r-- | test/e2e/system_service_test.go | 142 | ||||
| -rw-r--r-- | test/system/050-stop.bats | 7 | ||||
| -rw-r--r-- | test/system/271-tcp-cors-server.bats | 2 | ||||
| -rw-r--r-- | vendor/github.com/containers/common/libimage/inspect.go | 45 | ||||
| -rw-r--r-- | vendor/github.com/containers/common/libimage/pull.go | 4 | ||||
| -rw-r--r-- | vendor/github.com/containers/common/libimage/search.go | 5 | ||||
| -rw-r--r-- | vendor/modules.txt | 2 |
23 files changed, 358 insertions, 146 deletions
diff --git a/cmd/podman/system/service.go b/cmd/podman/system/service.go index 99a6b1e1e..41d20d9fd 100644 --- a/cmd/podman/system/service.go +++ b/cmd/podman/system/service.go @@ -35,12 +35,14 @@ Enable a listening service for API access to Podman commands. Long: srvDescription, RunE: service, ValidArgsFunction: common.AutocompleteDefaultOneArg, - Example: `podman system service --time=0 unix:///tmp/podman.sock`, + Example: `podman system service --time=0 unix:///tmp/podman.sock + podman system service --time=0 tcp://localhost:8888`, } srvArgs = struct { - Timeout int64 CorsHeaders string + PProfAddr string + Timeout uint }{} ) @@ -51,15 +53,20 @@ func init() { }) flags := srvCmd.Flags() - cfg := registry.PodmanConfig() + timeFlagName := "time" - flags.Int64VarP(&srvArgs.Timeout, timeFlagName, "t", int64(cfg.Engine.ServiceTimeout), "Time until the service session expires in seconds. Use 0 to disable the timeout") + flags.UintVarP(&srvArgs.Timeout, timeFlagName, "t", cfg.Engine.ServiceTimeout, + "Time until the service session expires in seconds. Use 0 to disable the timeout") _ = srvCmd.RegisterFlagCompletionFunc(timeFlagName, completion.AutocompleteNone) + flags.SetNormalizeFunc(aliasTimeoutFlag) + flags.StringVarP(&srvArgs.CorsHeaders, "cors", "", "", "Set CORS Headers") _ = srvCmd.RegisterFlagCompletionFunc("cors", completion.AutocompleteNone) - flags.SetNormalizeFunc(aliasTimeoutFlag) + flags.StringVarP(&srvArgs.PProfAddr, "pprof-address", "", "", + "Binding network address for pprof profile endpoints, default: do not expose endpoints") + flags.MarkHidden("pprof-address") } func aliasTimeoutFlag(_ *pflag.FlagSet, name string) pflag.NormalizedName { @@ -74,7 +81,7 @@ func service(cmd *cobra.Command, args []string) error { if err != nil { return err } - logrus.Infof("Using API endpoint: '%s'", apiURI) + // Clean up any old existing unix domain socket if len(apiURI) > 0 { uri, err := url.Parse(apiURI) @@ -92,33 +99,31 @@ func service(cmd *cobra.Command, args []string) error { } } - opts := entities.ServiceOptions{ - URI: apiURI, - Command: cmd, + return restService(cmd.Flags(), registry.PodmanConfig(), entities.ServiceOptions{ CorsHeaders: srvArgs.CorsHeaders, - } - - opts.Timeout = time.Duration(srvArgs.Timeout) * time.Second - return restService(opts, cmd.Flags(), registry.PodmanConfig()) + PProfAddr: srvArgs.PProfAddr, + Timeout: time.Duration(srvArgs.Timeout) * time.Second, + URI: apiURI, + }) } -func resolveAPIURI(_url []string) (string, error) { +func resolveAPIURI(uri []string) (string, error) { // When determining _*THE*_ listening endpoint -- // 1) User input wins always // 2) systemd socket activation // 3) rootless honors XDG_RUNTIME_DIR // 4) lastly adapter.DefaultAPIAddress - if len(_url) == 0 { + if len(uri) == 0 { if v, found := os.LookupEnv("PODMAN_SOCKET"); found { - logrus.Debugf("PODMAN_SOCKET='%s' used to determine API endpoint", v) - _url = []string{v} + logrus.Debugf("PODMAN_SOCKET=%q used to determine API endpoint", v) + uri = []string{v} } } switch { - case len(_url) > 0 && _url[0] != "": - return _url[0], nil + case len(uri) > 0 && uri[0] != "": + return uri[0], nil case systemd.SocketActivated(): logrus.Info("Using systemd socket activation to determine API endpoint") return "", nil diff --git a/cmd/podman/system/service_abi.go b/cmd/podman/system/service_abi.go index e484db339..0a4be6aea 100644 --- a/cmd/podman/system/service_abi.go +++ b/cmd/podman/system/service_abi.go @@ -5,9 +5,9 @@ package system import ( "context" "net" + "net/url" "os" "path/filepath" - "strings" api "github.com/containers/podman/v3/pkg/api/server" "github.com/containers/podman/v3/pkg/domain/entities" @@ -20,41 +20,54 @@ import ( "golang.org/x/sys/unix" ) -func restService(opts entities.ServiceOptions, flags *pflag.FlagSet, cfg *entities.PodmanConfig) error { +func restService(flags *pflag.FlagSet, cfg *entities.PodmanConfig, opts entities.ServiceOptions) error { var ( listener *net.Listener err error ) if opts.URI != "" { - fields := strings.Split(opts.URI, ":") - if len(fields) == 1 { + uri, err := url.Parse(opts.URI) + if err != nil { return errors.Errorf("%s is an invalid socket destination", opts.URI) } - path := opts.URI - if fields[0] == "unix" { - if path, err = filepath.Abs(fields[1]); err != nil { - return err - } - } - util.SetSocketPath(path) - if os.Getenv("LISTEN_FDS") != "" { - // If it is activated by systemd, use the first LISTEN_FD (3) - // instead of opening the socket file. - f := os.NewFile(uintptr(3), "podman.sock") - l, err := net.FileListener(f) + + switch uri.Scheme { + case "unix": + path, err := filepath.Abs(uri.Path) if err != nil { return err } - listener = &l - } else { - network := fields[0] - address := strings.Join(fields[1:], ":") - l, err := net.Listen(network, address) + util.SetSocketPath(path) + if os.Getenv("LISTEN_FDS") != "" { + // If it is activated by systemd, use the first LISTEN_FD (3) + // instead of opening the socket file. + f := os.NewFile(uintptr(3), "podman.sock") + l, err := net.FileListener(f) + if err != nil { + return err + } + listener = &l + } else { + l, err := net.Listen(uri.Scheme, path) + if err != nil { + return errors.Wrapf(err, "unable to create socket") + } + listener = &l + } + case "tcp": + host := uri.Host + if host == "" { + // For backward compatibility, support "tcp:<host>:<port>" and "tcp://<host>:<port>" + host = uri.Opaque + } + l, err := net.Listen(uri.Scheme, host) if err != nil { - return errors.Wrapf(err, "unable to create socket") + return errors.Wrapf(err, "unable to create socket %v", host) } listener = &l + default: + logrus.Debugf("Attempting API Service endpoint scheme %q", uri.Scheme) } } @@ -75,12 +88,12 @@ func restService(opts entities.ServiceOptions, flags *pflag.FlagSet, cfg *entiti servicereaper.Start() infra.StartWatcher(rt) - server, err := api.NewServerWithSettings(rt, listener, api.Options{Timeout: opts.Timeout, CorsHeaders: opts.CorsHeaders}) + server, err := api.NewServerWithSettings(rt, listener, opts) if err != nil { return err } defer func() { - if err := server.Shutdown(); err != nil { + if err := server.Shutdown(false); err != nil { logrus.Warnf("Error when stopping API service: %s", err) } }() @@ -12,7 +12,7 @@ require ( github.com/containernetworking/cni v1.0.1 github.com/containernetworking/plugins v1.0.1 github.com/containers/buildah v1.23.1 - github.com/containers/common v0.46.1-0.20211001143714-161e078e4c7f + github.com/containers/common v0.46.1-0.20211008123044-d846f5aaec0e github.com/containers/conmon v2.0.20+incompatible github.com/containers/image/v5 v5.16.1 github.com/containers/ocicrypt v1.1.2 @@ -251,8 +251,8 @@ github.com/containernetworking/plugins v1.0.1/go.mod h1:QHCfGpaTwYTbbH+nZXKVTxNB github.com/containers/buildah v1.23.1 h1:Tpc9DsRuU+0Oofewpxb6OJVNQjCu7yloN/obUqzfDTY= github.com/containers/buildah v1.23.1/go.mod h1:4WnrN0yrA7ab0ppgunixu2WM1rlD2rG8QLJAKbEkZlQ= github.com/containers/common v0.44.2/go.mod h1:7sdP4vmI5Bm6FPFxb3lvAh1Iktb6tiO1MzjUzhxdoGo= -github.com/containers/common v0.46.1-0.20211001143714-161e078e4c7f h1:vVmx51AzWvB4/ao2zyR6s053a1leLTOh+zsOPVWQRgA= -github.com/containers/common v0.46.1-0.20211001143714-161e078e4c7f/go.mod h1:aml/OO4FmYfPbfT87rvWiCgkLzTdqO6PuZ/xXq6bPbk= +github.com/containers/common v0.46.1-0.20211008123044-d846f5aaec0e h1:lYazDued7KBcMq5IJzRIbX47SSLRg/yYxvM/P9LaVhE= +github.com/containers/common v0.46.1-0.20211008123044-d846f5aaec0e/go.mod h1:ggZks97KCmjBcHvNTCyLc17SqdjSYoeexW7rnRt9H9Y= github.com/containers/conmon v2.0.20+incompatible h1:YbCVSFSCqFjjVwHTPINGdMX1F6JXHGTUje2ZYobNrkg= github.com/containers/conmon v2.0.20+incompatible/go.mod h1:hgwZ2mtuDrppv78a/cOBNiCm6O0UMWGx1mu7P00nu5I= github.com/containers/image/v5 v5.16.0/go.mod h1:XgTpfAPLRGOd1XYyCU5cISFr777bLmOerCSpt/v7+Q4= @@ -921,7 +921,6 @@ github.com/vbatts/tar-split v0.11.2/go.mod h1:vV3ZuO2yWSVsz+pfFzDG/upWH1JhjOiEaW github.com/vbauerster/mpb/v6 v6.0.4 h1:h6J5zM/2wimP5Hj00unQuV8qbo5EPcj6wbkCqgj7KcY= github.com/vbauerster/mpb/v6 v6.0.4/go.mod h1:a/+JT57gqh6Du0Ay5jSR+uBMfXGdlR7VQlGP52fJxLM= github.com/vbauerster/mpb/v7 v7.1.3/go.mod h1:X5GlohZw2fIpypMXWaKart+HGSAjpz49skxkDk+ZL7c= -github.com/vbauerster/mpb/v7 v7.1.4/go.mod h1:4zulrZfvshMOnd2APiHgWS9Yrw08AzZVRr9G11tkpcQ= github.com/vbauerster/mpb/v7 v7.1.5 h1:vtUEUfQHmNeJETyF4AcRCOV6RC4wqFwNORy52UMXPbQ= github.com/vbauerster/mpb/v7 v7.1.5/go.mod h1:4M8+qAoQqV60WDNktBM5k05i1iTrXE7rjKOHEVkVlec= github.com/vishvananda/netlink v0.0.0-20181108222139-023a6dafdcdf/go.mod h1:+SR5DhBJrl6ZM7CoCKvpw5BKroDKQ+PJqOg65H/2ktk= @@ -1211,7 +1210,6 @@ golang.org/x/sys v0.0.0-20210630005230-0f9fa26af87c/go.mod h1:oPkhp1MJrh7nUepCBc golang.org/x/sys v0.0.0-20210809222454-d867a43fc93e/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20210817190340-bfb29a6856f2/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20210820121016-41cdb8703e55/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.0.0-20210906170528-6f6e22806c34/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20210910150752-751e447fb3d0 h1:xrCZDmdtoloIiooiA9q0OQb9r8HejIHYoHGhGCe1pGg= golang.org/x/sys v0.0.0-20210910150752-751e447fb3d0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= diff --git a/libpod/kube.go b/libpod/kube.go index bf86a9d16..816fe9cc3 100644 --- a/libpod/kube.go +++ b/libpod/kube.go @@ -477,7 +477,7 @@ func containerToV1Container(ctx context.Context, c *Container) (v1.Container, [] if err != nil { return kubeContainer, kubeVolumes, nil, annotations, err } - imgData, err := img.Inspect(ctx, false) + imgData, err := img.Inspect(ctx, nil) if err != nil { return kubeContainer, kubeVolumes, nil, annotations, err } diff --git a/libpod/oci_conmon_linux.go b/libpod/oci_conmon_linux.go index 0369a9977..1719b2dfa 100644 --- a/libpod/oci_conmon_linux.go +++ b/libpod/oci_conmon_linux.go @@ -441,7 +441,8 @@ func (r *ConmonOCIRuntime) StopContainer(ctr *Container, timeout uint, all bool) } if err := waitContainerStop(ctr, time.Duration(timeout)*time.Second); err != nil { - logrus.Infof("Timed out stopping container %s, resorting to SIGKILL: %v", ctr.ID(), err) + logrus.Debugf("Timed out stopping container %s with %s, resorting to SIGKILL: %v", ctr.ID(), unix.SignalName(syscall.Signal(stopSignal)), err) + logrus.Warnf("StopSignal %s failed to stop container %s in %d seconds, resorting to SIGKILL", unix.SignalName(syscall.Signal(stopSignal)), ctr.Name(), timeout) } else { // No error, the container is dead return nil diff --git a/libpod/shutdown/handler.go b/libpod/shutdown/handler.go index cca74c3c4..b0feafa0b 100644 --- a/libpod/shutdown/handler.go +++ b/libpod/shutdown/handler.go @@ -87,12 +87,12 @@ func Stop() error { return nil } -// Temporarily inhibit signals from shutting down Libpod. +// Inhibit temporarily inhibit signals from shutting down Libpod. func Inhibit() { shutdownInhibit.RLock() } -// Stop inhibiting signals from shutting down Libpod. +// Uninhibit stop inhibiting signals from shutting down Libpod. func Uninhibit() { shutdownInhibit.RUnlock() } diff --git a/pkg/api/handlers/libpod/images.go b/pkg/api/handlers/libpod/images.go index 1c6cc917c..f2f93434a 100644 --- a/pkg/api/handlers/libpod/images.go +++ b/pkg/api/handlers/libpod/images.go @@ -11,6 +11,7 @@ import ( "strings" "github.com/containers/buildah" + "github.com/containers/common/libimage" "github.com/containers/common/pkg/filters" "github.com/containers/image/v5/manifest" "github.com/containers/image/v5/types" @@ -93,7 +94,8 @@ func GetImage(w http.ResponseWriter, r *http.Request) { utils.Error(w, "Something went wrong.", http.StatusNotFound, errors.Wrapf(err, "failed to find image %s", name)) return } - inspect, err := newImage.Inspect(r.Context(), true) + options := &libimage.InspectOptions{WithParent: true, WithSize: true} + inspect, err := newImage.Inspect(r.Context(), options) if err != nil { utils.Error(w, "Server error", http.StatusInternalServerError, errors.Wrapf(err, "failed in inspect image %s", inspect.ID)) return diff --git a/pkg/api/handlers/types.go b/pkg/api/handlers/types.go index fedab3bb3..b90154e30 100644 --- a/pkg/api/handlers/types.go +++ b/pkg/api/handlers/types.go @@ -166,7 +166,8 @@ type ExecStartConfig struct { } func ImageToImageSummary(l *libimage.Image) (*entities.ImageSummary, error) { - imageData, err := l.Inspect(context.TODO(), true) + options := &libimage.InspectOptions{WithParent: true, WithSize: true} + imageData, err := l.Inspect(context.TODO(), options) if err != nil { return nil, errors.Wrapf(err, "failed to obtain summary for image %s", l.ID()) } @@ -205,7 +206,8 @@ func ImageToImageSummary(l *libimage.Image) (*entities.ImageSummary, error) { } func ImageDataToImageInspect(ctx context.Context, l *libimage.Image) (*ImageInspect, error) { - info, err := l.Inspect(context.Background(), true) + options := &libimage.InspectOptions{WithParent: true, WithSize: true} + info, err := l.Inspect(context.Background(), options) if err != nil { return nil, err } diff --git a/pkg/api/server/server.go b/pkg/api/server/server.go index c7174775e..6e9578cd1 100644 --- a/pkg/api/server/server.go +++ b/pkg/api/server/server.go @@ -6,6 +6,7 @@ import ( "log" "net" "net/http" + "net/http/pprof" "os" "runtime" "strings" @@ -18,6 +19,7 @@ import ( "github.com/containers/podman/v3/pkg/api/handlers" "github.com/containers/podman/v3/pkg/api/server/idle" "github.com/containers/podman/v3/pkg/api/types" + "github.com/containers/podman/v3/pkg/domain/entities" "github.com/coreos/go-systemd/v22/activation" "github.com/coreos/go-systemd/v22/daemon" "github.com/gorilla/mux" @@ -27,14 +29,14 @@ import ( type APIServer struct { http.Server // The HTTP work happens here - *schema.Decoder // Decoder for Query parameters to structs - context.Context // Context to carry objects to handlers - *libpod.Runtime // Where the real work happens net.Listener // mux for routing HTTP API calls to libpod routines + *libpod.Runtime // Where the real work happens + *schema.Decoder // Decoder for Query parameters to structs context.CancelFunc // Stop APIServer + context.Context // Context to carry objects to handlers + CorsHeaders string // Inject Cross-Origin Resource Sharing (CORS) headers + PProfAddr string // Binding network address for pprof profiles idleTracker *idle.Tracker // Track connections to support idle shutdown - pprof *http.Server // Sidecar http server for providing performance data - CorsHeaders string // Inject CORS headers to each request } // Number of seconds to wait for next request, if exceeded shutdown server @@ -49,22 +51,20 @@ var ( shutdownOnce sync.Once ) -type Options struct { - Timeout time.Duration - CorsHeaders string -} - // NewServer will create and configure a new API server with all defaults func NewServer(runtime *libpod.Runtime) (*APIServer, error) { - return newServer(runtime, DefaultServiceDuration, nil, DefaultCorsHeaders) + return newServer(runtime, nil, entities.ServiceOptions{ + CorsHeaders: DefaultCorsHeaders, + Timeout: DefaultServiceDuration, + }) } // NewServerWithSettings will create and configure a new API server using provided settings -func NewServerWithSettings(runtime *libpod.Runtime, listener *net.Listener, opts Options) (*APIServer, error) { - return newServer(runtime, opts.Timeout, listener, opts.CorsHeaders) +func NewServerWithSettings(runtime *libpod.Runtime, listener *net.Listener, opts entities.ServiceOptions) (*APIServer, error) { + return newServer(runtime, listener, opts) } -func newServer(runtime *libpod.Runtime, duration time.Duration, listener *net.Listener, corsHeaders string) (*APIServer, error) { +func newServer(runtime *libpod.Runtime, listener *net.Listener, opts entities.ServiceOptions) (*APIServer, error) { // If listener not provided try socket activation protocol if listener == nil { if _, found := os.LookupEnv("LISTEN_PID"); !found { @@ -80,15 +80,15 @@ func newServer(runtime *libpod.Runtime, duration time.Duration, listener *net.Li } listener = &listeners[0] } - if corsHeaders == "" { + if opts.CorsHeaders == "" { logrus.Debug("CORS Headers were not set") } else { - logrus.Debugf("CORS Headers were set to %s", corsHeaders) + logrus.Debugf("CORS Headers were set to %q", opts.CorsHeaders) } logrus.Infof("API service listening on %q", (*listener).Addr()) router := mux.NewRouter().UseEncodedPath() - tracker := idle.NewTracker(duration) + tracker := idle.NewTracker(opts.Timeout) server := APIServer{ Server: http.Server{ @@ -98,10 +98,11 @@ func newServer(runtime *libpod.Runtime, duration time.Duration, listener *net.Li ConnState: tracker.ConnState, ErrorLog: log.New(logrus.StandardLogger().Out, "", 0), Handler: router, - IdleTimeout: duration * 2, + IdleTimeout: opts.Timeout * 2, }, - CorsHeaders: corsHeaders, + CorsHeaders: opts.CorsHeaders, Listener: *listener, + PProfAddr: opts.PProfAddr, idleTracker: tracker, } @@ -181,18 +182,18 @@ func newServer(runtime *libpod.Runtime, duration time.Duration, listener *net.Li return &server, nil } -// If the NOTIFY_SOCKET is set, communicate the PID and readiness, and -// further unset NOTIFY_SOCKET to prevent containers from sending -// messages and unset INVOCATION_ID so conmon and containers are in -// the correct cgroup. -func setupSystemd() { - if len(os.Getenv("NOTIFY_SOCKET")) == 0 { +// setupSystemd notifies systemd API service is ready +// If the NOTIFY_SOCKET is set, communicate the PID and readiness, and unset INVOCATION_ID +// so conmon and containers are in the correct cgroup. +func (s *APIServer) setupSystemd() { + if _, found := os.LookupEnv("NOTIFY_SOCKET"); !found { return } + payload := fmt.Sprintf("MAINPID=%d\n", os.Getpid()) payload += daemon.SdNotifyReady if sent, err := daemon.SdNotify(true, payload); err != nil { - logrus.Error("API service error notifying systemd of Conmon PID: " + err.Error()) + logrus.Error("API service failed to notify systemd of Conmon PID: " + err.Error()) } else if !sent { logrus.Warn("API service unable to successfully send SDNotify") } @@ -204,10 +205,10 @@ func setupSystemd() { // Serve starts responding to HTTP requests. func (s *APIServer) Serve() error { - setupSystemd() + s.setupPprof() if err := shutdown.Register("server", func(sig os.Signal) error { - return s.Shutdown() + return s.Shutdown(true) }); err != nil { return err } @@ -216,32 +217,17 @@ func (s *APIServer) Serve() error { return err } - errChan := make(chan error, 1) - go func() { <-s.idleTracker.Done() - logrus.Debug("API service shutting down, idle for " + s.idleTracker.Duration.Round(time.Second).String()) - _ = s.Shutdown() + logrus.Debugf("API service(s) shutting down, idle for %ds", int(s.idleTracker.Duration.Seconds())) + _ = s.Shutdown(false) }() - if logrus.IsLevelEnabled(logrus.DebugLevel) { - go func() { - pprofMux := mux.NewRouter() - pprofMux.PathPrefix("/debug/pprof").Handler(http.DefaultServeMux) - runtime.SetMutexProfileFraction(1) - runtime.SetBlockProfileRate(1) - s.pprof = &http.Server{Addr: "localhost:8888", Handler: pprofMux} - err := s.pprof.ListenAndServe() - if err != nil && err != http.ErrServerClosed { - logrus.Warnf("API profiler service failed: %v", err) - } - }() - } - - // Before we start serving, ensure umask is properly set for container - // creation. + // Before we start serving, ensure umask is properly set for container creation. _ = syscall.Umask(0022) + errChan := make(chan error, 1) + s.setupSystemd() go func() { err := s.Server.Serve(s.Listener) if err != nil && err != http.ErrServerClosed { @@ -254,10 +240,40 @@ func (s *APIServer) Serve() error { return <-errChan } +// setupPprof enables pprof default endpoints +// Note: These endpoints and the podman flag --cpu-profile are mutually exclusive +// +// Examples: +// #1 go tool pprof -http localhost:8889 localhost:8888/debug/pprof/heap?seconds=120 +// Note: web page will only render after a sample has been recorded +// #2 curl http://localhost:8888/debug/pprof/heap > heap.pprof && go tool pprof heap.pprof +func (s *APIServer) setupPprof() { + if s.PProfAddr == "" { + return + } + + logrus.Infof("pprof service listening on %q", s.PProfAddr) + go func() { + old := runtime.SetMutexProfileFraction(1) + defer runtime.SetMutexProfileFraction(old) + + runtime.SetBlockProfileRate(1) + defer runtime.SetBlockProfileRate(0) + + router := mux.NewRouter() + router.PathPrefix("/debug/pprof/").HandlerFunc(pprof.Index) + + err := http.ListenAndServe(s.PProfAddr, router) + if err != nil && err != http.ErrServerClosed { + logrus.Warnf("pprof service failed: %v", err) + } + }() +} + // Shutdown is a clean shutdown waiting on existing clients -func (s *APIServer) Shutdown() error { - if s.idleTracker.Duration == UnlimitedServiceDuration { - logrus.Debug("API service shutdown ignored as Duration is UnlimitedService") +func (s *APIServer) Shutdown(halt bool) error { + if s.idleTracker.Duration == UnlimitedServiceDuration && !halt { + logrus.Debug("API service shutdown request ignored as Duration is UnlimitedService") return nil } @@ -266,17 +282,6 @@ func (s *APIServer) Shutdown() error { _, file, line, _ := runtime.Caller(1) logrus.Debugf("API service shutdown by %s:%d, %d/%d connection(s)", file, line, s.idleTracker.ActiveConnections(), s.idleTracker.TotalConnections()) - - go func() { - ctx, cancel := context.WithTimeout(context.Background(), s.idleTracker.Duration) - go func() { - defer cancel() - if err := s.pprof.Shutdown(ctx); err != nil { - logrus.Warnf("Failed to cleanly shutdown API pprof service: %v", err) - } - }() - <-ctx.Done() - }() } // Gracefully shutdown server(s), duration of wait same as idle window diff --git a/pkg/domain/entities/system.go b/pkg/domain/entities/system.go index cca4bf44e..fe041dec8 100644 --- a/pkg/domain/entities/system.go +++ b/pkg/domain/entities/system.go @@ -6,15 +6,14 @@ import ( "github.com/containers/podman/v3/libpod/define" "github.com/containers/podman/v3/pkg/domain/entities/reports" "github.com/containers/podman/v3/pkg/domain/entities/types" - "github.com/spf13/cobra" ) -// ServiceOptions provides the input for starting an API Service +// ServiceOptions provides the input for starting an API and sidecar pprof services type ServiceOptions struct { - URI string // Path to unix domain socket service should listen on - Timeout time.Duration // duration of inactivity the service should wait before shutting down - Command *cobra.Command // CLI command provided. Used in V1 code - CorsHeaders string // CORS headers + CorsHeaders string // Cross-Origin Resource Sharing (CORS) headers + PProfAddr string // Network address to bind pprof profiles service + Timeout time.Duration // Duration of inactivity the service should wait before shutting down + URI string // Path to unix domain socket service should listen on } // SystemPruneOptions provides options to prune system. diff --git a/pkg/domain/infra/abi/images.go b/pkg/domain/infra/abi/images.go index c06059205..8a0b87cab 100644 --- a/pkg/domain/infra/abi/images.go +++ b/pkg/domain/infra/abi/images.go @@ -252,6 +252,8 @@ func (ir *ImageEngine) Pull(ctx context.Context, rawImage string, options entiti func (ir *ImageEngine) Inspect(ctx context.Context, namesOrIDs []string, opts entities.InspectOptions) ([]*entities.ImageInspectReport, []error, error) { reports := []*entities.ImageInspectReport{} errs := []error{} + + inspectOptions := &libimage.InspectOptions{WithParent: true, WithSize: true} for _, i := range namesOrIDs { img, _, err := ir.Libpod.LibimageRuntime().LookupImage(i, nil) if err != nil { @@ -259,7 +261,7 @@ func (ir *ImageEngine) Inspect(ctx context.Context, namesOrIDs []string, opts en errs = append(errs, err) continue } - result, err := img.Inspect(ctx, true) + result, err := img.Inspect(ctx, inspectOptions) if err != nil { // This is more likely to be fatal. return nil, nil, err diff --git a/pkg/specgen/generate/container.go b/pkg/specgen/generate/container.go index f126aa018..002b4ace3 100644 --- a/pkg/specgen/generate/container.go +++ b/pkg/specgen/generate/container.go @@ -26,7 +26,7 @@ func getImageFromSpec(ctx context.Context, r *libpod.Runtime, s *specgen.SpecGen // Image may already have been set in the generator. image, resolvedName := s.GetImage() if image != nil { - inspectData, err := image.Inspect(ctx, false) + inspectData, err := image.Inspect(ctx, nil) if err != nil { return nil, "", nil, err } @@ -39,7 +39,7 @@ func getImageFromSpec(ctx context.Context, r *libpod.Runtime, s *specgen.SpecGen return nil, "", nil, err } s.SetImage(image, resolvedName) - inspectData, err := image.Inspect(ctx, false) + inspectData, err := image.Inspect(ctx, nil) if err != nil { return nil, "", nil, err } @@ -55,7 +55,7 @@ func CompleteSpec(ctx context.Context, r *libpod.Runtime, s *specgen.SpecGenerat return nil, err } if inspectData != nil { - inspectData, err = newImage.Inspect(ctx, false) + inspectData, err = newImage.Inspect(ctx, nil) if err != nil { return nil, err } diff --git a/pkg/specgen/generate/kube/kube.go b/pkg/specgen/generate/kube/kube.go index 194c8dce5..e93462008 100644 --- a/pkg/specgen/generate/kube/kube.go +++ b/pkg/specgen/generate/kube/kube.go @@ -194,7 +194,7 @@ func ToSpecGen(ctx context.Context, opts *CtrSpecGenOptions) (*specgen.SpecGener // TODO: We don't understand why specgen does not take of this, but // integration tests clearly pointed out that it was required. - imageData, err := opts.Image.Inspect(ctx, false) + imageData, err := opts.Image.Inspect(ctx, nil) if err != nil { return nil, err } diff --git a/pkg/specgen/generate/storage.go b/pkg/specgen/generate/storage.go index de655ad7d..3fde1a1b4 100644 --- a/pkg/specgen/generate/storage.go +++ b/pkg/specgen/generate/storage.go @@ -208,7 +208,7 @@ func getImageVolumes(ctx context.Context, img *libimage.Image, s *specgen.SpecGe return mounts, volumes, nil } - inspect, err := img.Inspect(ctx, false) + inspect, err := img.Inspect(ctx, nil) if err != nil { return nil, nil, errors.Wrapf(err, "error inspecting image to get image volumes") } diff --git a/test/e2e/stop_test.go b/test/e2e/stop_test.go index 7f178d719..fb8f92e0f 100644 --- a/test/e2e/stop_test.go +++ b/test/e2e/stop_test.go @@ -181,6 +181,18 @@ var _ = Describe("Podman stop", func() { Expect(strings.TrimSpace(finalCtrs.OutputToString())).To(Equal("")) }) + It("podman stop container --timeout Warning", func() { + SkipIfRemote("warning will happen only on server side") + session := podmanTest.Podman([]string{"run", "-d", "--name", "test5", ALPINE, "sleep", "100"}) + session.WaitWithDefaultTimeout() + Expect(session).Should(Exit(0)) + session = podmanTest.Podman([]string{"stop", "--timeout", "1", "test5"}) + session.WaitWithDefaultTimeout() + Expect(session).Should(Exit(0)) + warning := session.ErrorToString() + Expect(warning).To(ContainSubstring("StopSignal SIGTERM failed to stop container test5 in 1 seconds, resorting to SIGKILL")) + }) + It("podman stop latest containers", func() { SkipIfRemote("--latest flag n/a") session := podmanTest.RunTopContainer("test1") diff --git a/test/e2e/system_service_test.go b/test/e2e/system_service_test.go new file mode 100644 index 000000000..684ac56b4 --- /dev/null +++ b/test/e2e/system_service_test.go @@ -0,0 +1,142 @@ +package integration + +import ( + "io/ioutil" + "net" + "net/http" + "net/url" + "strconv" + "time" + + . "github.com/containers/podman/v3/test/utils" + "github.com/containers/podman/v3/utils" + . "github.com/onsi/ginkgo" + . "github.com/onsi/gomega" + . "github.com/onsi/gomega/gexec" +) + +var _ = Describe("podman system service", func() { + var podmanTest *PodmanTestIntegration + + BeforeEach(func() { + tempdir, err := CreateTempDirInTempDir() + Expect(err).ShouldNot(HaveOccurred()) + + podmanTest = PodmanTestCreate(tempdir) + podmanTest.Setup() + }) + + AfterEach(func() { + podmanTest.Cleanup() + processTestResult(CurrentGinkgoTestDescription()) + }) + + Describe("verify timeout", func() { + It("of 2 seconds", func() { + SkipIfRemote("service subcommand not supported remotely") + + address := url.URL{ + Scheme: "tcp", + Host: net.JoinHostPort("localhost", randomPort()), + } + session := podmanTest.Podman([]string{ + "system", "service", "--time=2", address.String(), + }) + defer session.Kill() + + WaitForService(address) + + session.Wait(5 * time.Second) + Eventually(session, 5).Should(Exit(0)) + }) + }) + + Describe("verify pprof endpoints", func() { + // Depends on pkg/api/server/server.go:255 + const magicComment = "pprof service listening on" + + It("are available", func() { + SkipIfRemote("service subcommand not supported remotely") + + address := url.URL{ + Scheme: "tcp", + Host: net.JoinHostPort("localhost", randomPort()), + } + + pprofPort := randomPort() + session := podmanTest.Podman([]string{ + "system", "service", "--log-level=info", "--time=0", + "--pprof-address=localhost:" + pprofPort, address.String(), + }) + defer session.Kill() + + WaitForService(address) + + // Combined with test below we have positive/negative test for pprof + Expect(session.Err.Contents()).Should(ContainSubstring(magicComment)) + + heap := url.URL{ + Scheme: "http", + Host: net.JoinHostPort("localhost", pprofPort), + Path: "/debug/pprof/heap", + RawQuery: "seconds=2", + } + resp, err := http.Get(heap.String()) + Expect(err).ShouldNot(HaveOccurred()) + defer resp.Body.Close() + Expect(resp).To(HaveHTTPStatus(http.StatusOK)) + + body, err := ioutil.ReadAll(resp.Body) + Expect(err).ShouldNot(HaveOccurred()) + Expect(body).ShouldNot(BeEmpty()) + + session.Interrupt().Wait(2 * time.Second) + Eventually(session, 2).Should(Exit(1)) + }) + + It("are not available", func() { + SkipIfRemote("service subcommand not supported remotely") + + address := url.URL{ + Scheme: "tcp", + Host: net.JoinHostPort("localhost", randomPort()), + } + + session := podmanTest.Podman([]string{ + "system", "service", "--log-level=info", "--time=0", address.String(), + }) + defer session.Kill() + + WaitForService(address) + + // Combined with test above we have positive/negative test for pprof + Expect(session.Err.Contents()).ShouldNot(ContainSubstring(magicComment)) + + session.Interrupt().Wait(2 * time.Second) + Eventually(session, 2).Should(Exit(1)) + }) + }) +}) + +// WaitForService blocks, waiting for some service listening on given host:port +func WaitForService(address url.URL) { + // Wait for podman to be ready + var conn net.Conn + var err error + for i := 1; i <= 5; i++ { + conn, err = net.Dial("tcp", address.Host) + if err != nil { + // Podman not available yet... + time.Sleep(time.Duration(i) * time.Second) + } + } + Expect(err).ShouldNot(HaveOccurred()) + conn.Close() +} + +// randomPort leans on the go net library to find an available port... +func randomPort() string { + port, err := utils.GetRandomPort() + Expect(err).ShouldNot(HaveOccurred()) + return strconv.Itoa(port) +} diff --git a/test/system/050-stop.bats b/test/system/050-stop.bats index d809507a5..e049da518 100644 --- a/test/system/050-stop.bats +++ b/test/system/050-stop.bats @@ -166,4 +166,11 @@ load helpers is "$output" "137" "Exit code of killed container" } +@test "podman stop -t 1 Generate warning" { + skip_if_remote "warning only happens on server side" + run_podman run --rm --name stopme -d $IMAGE sleep 100 + run_podman stop -t 1 stopme + is "$output" ".*StopSignal SIGTERM failed to stop container stopme in 1 seconds, resorting to SIGKILL" "stopping container should print warning" +} + # vim: filetype=sh diff --git a/test/system/271-tcp-cors-server.bats b/test/system/271-tcp-cors-server.bats index d8e4eb3df..be77afd40 100644 --- a/test/system/271-tcp-cors-server.bats +++ b/test/system/271-tcp-cors-server.bats @@ -38,7 +38,7 @@ SOCKET_FILE="$UNIT_DIR/$SERVICE_NAME.socket" @test "podman system service - CORS enabled in logs" { skip_if_remote "system service tests are meaningless over remote" run_podman system service --log-level="debug" --cors="*" -t 1 - is "$output" ".*CORS Headers were set to \*.*" "debug log confirms CORS headers set" + is "$output" ".*CORS Headers were set to ..\*...*" "debug log confirms CORS headers set" } # vim: filetype=sh diff --git a/vendor/github.com/containers/common/libimage/inspect.go b/vendor/github.com/containers/common/libimage/inspect.go index a872e5cf9..007cbdd89 100644 --- a/vendor/github.com/containers/common/libimage/inspect.go +++ b/vendor/github.com/containers/common/libimage/inspect.go @@ -50,19 +50,39 @@ type RootFS struct { Layers []digest.Digest `json:"Layers"` } -// Inspect inspects the image. Use `withSize` to also perform the -// comparatively expensive size computation of the image. -func (i *Image) Inspect(ctx context.Context, withSize bool) (*ImageData, error) { +// InspectOptions allow for customizing inspecting images. +type InspectOptions struct { + // Compute the size of the image (expensive). + WithSize bool + // Compute the parent of the image (expensive). + WithParent bool +} + +// Inspect inspects the image. +func (i *Image) Inspect(ctx context.Context, options *InspectOptions) (*ImageData, error) { logrus.Debugf("Inspecting image %s", i.ID()) + if options == nil { + options = &InspectOptions{} + } + if i.cached.completeInspectData != nil { - if withSize && i.cached.completeInspectData.Size == int64(-1) { + if options.WithSize && i.cached.completeInspectData.Size == int64(-1) { size, err := i.Size() if err != nil { return nil, err } i.cached.completeInspectData.Size = size } + if options.WithParent && i.cached.completeInspectData.Parent == "" { + parentImage, err := i.Parent(ctx) + if err != nil { + return nil, err + } + if parentImage != nil { + i.cached.completeInspectData.Parent = parentImage.ID() + } + } return i.cached.completeInspectData, nil } @@ -75,10 +95,7 @@ func (i *Image) Inspect(ctx context.Context, withSize bool) (*ImageData, error) if err != nil { return nil, err } - parentImage, err := i.Parent(ctx) - if err != nil { - return nil, err - } + repoTags, err := i.RepoTags() if err != nil { return nil, err @@ -93,7 +110,7 @@ func (i *Image) Inspect(ctx context.Context, withSize bool) (*ImageData, error) } size := int64(-1) - if withSize { + if options.WithSize { size, err = i.Size() if err != nil { return nil, err @@ -124,8 +141,14 @@ func (i *Image) Inspect(ctx context.Context, withSize bool) (*ImageData, error) NamesHistory: i.NamesHistory(), } - if parentImage != nil { - data.Parent = parentImage.ID() + if options.WithParent { + parentImage, err := i.Parent(ctx) + if err != nil { + return nil, err + } + if parentImage != nil { + data.Parent = parentImage.ID() + } } // Determine the format of the image. How we determine certain data diff --git a/vendor/github.com/containers/common/libimage/pull.go b/vendor/github.com/containers/common/libimage/pull.go index 1c322c37e..1d1bc201b 100644 --- a/vendor/github.com/containers/common/libimage/pull.go +++ b/vendor/github.com/containers/common/libimage/pull.go @@ -477,10 +477,10 @@ func (r *Runtime) copySingleImageFromRegistry(ctx context.Context, imageName str if pullPolicy == config.PullPolicyNever { if localImage != nil { - logrus.Debugf("Pull policy %q but no local image has been found for %s", pullPolicy, imageName) + logrus.Debugf("Pull policy %q and %s resolved to local image %s", pullPolicy, imageName, resolvedImageName) return []string{resolvedImageName}, nil } - logrus.Debugf("Pull policy %q and %s resolved to local image %s", pullPolicy, imageName, resolvedImageName) + logrus.Debugf("Pull policy %q but no local image has been found for %s", pullPolicy, imageName) return nil, errors.Wrap(storage.ErrImageUnknown, imageName) } diff --git a/vendor/github.com/containers/common/libimage/search.go b/vendor/github.com/containers/common/libimage/search.go index df29bc7da..7e20e4331 100644 --- a/vendor/github.com/containers/common/libimage/search.go +++ b/vendor/github.com/containers/common/libimage/search.go @@ -284,8 +284,9 @@ func searchRepositoryTags(ctx context.Context, sys *types.SystemContext, registr paramsArr := []SearchResult{} for i := 0; i < limit; i++ { params := SearchResult{ - Name: imageRef.DockerReference().Name(), - Tag: tags[i], + Name: imageRef.DockerReference().Name(), + Tag: tags[i], + Index: registry, } paramsArr = append(paramsArr, params) } diff --git a/vendor/modules.txt b/vendor/modules.txt index 224926b88..ae28bf9ee 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -95,7 +95,7 @@ github.com/containers/buildah/pkg/rusage github.com/containers/buildah/pkg/sshagent github.com/containers/buildah/pkg/util github.com/containers/buildah/util -# github.com/containers/common v0.46.1-0.20211001143714-161e078e4c7f +# github.com/containers/common v0.46.1-0.20211008123044-d846f5aaec0e github.com/containers/common/libimage github.com/containers/common/libimage/manifests github.com/containers/common/pkg/apparmor |