aboutsummaryrefslogtreecommitdiff
path: root/libpod
diff options
context:
space:
mode:
Diffstat (limited to 'libpod')
-rw-r--r--libpod/container.go113
-rw-r--r--libpod/images/image_data.go1
-rw-r--r--libpod/in_memory_state.go6
-rw-r--r--libpod/oci.go8
-rw-r--r--libpod/runc.go117
-rw-r--r--libpod/runtime.go60
-rw-r--r--libpod/runtime_img.go5
-rw-r--r--libpod/sql_state.go46
-rw-r--r--libpod/state.go3
9 files changed, 346 insertions, 13 deletions
diff --git a/libpod/container.go b/libpod/container.go
index f1dd34131..fce64b0dd 100644
--- a/libpod/container.go
+++ b/libpod/container.go
@@ -13,6 +13,7 @@ import (
"github.com/containers/storage"
"github.com/containers/storage/pkg/archive"
+ "github.com/docker/docker/daemon/caps"
"github.com/docker/docker/pkg/mount"
"github.com/docker/docker/pkg/namesgenerator"
"github.com/docker/docker/pkg/stringid"
@@ -49,6 +50,8 @@ const (
ContainerStateStopped ContainerState = iota
// ContainerStatePaused indicates that the container has been paused
ContainerStatePaused ContainerState = iota
+ // name of the directory holding the artifacts
+ artifactsDir = "artifacts"
)
// Container is a single OCI container
@@ -397,6 +400,11 @@ func (c *Container) setupStorage() error {
c.config.StaticDir = containerInfo.Dir
c.state.RunDir = containerInfo.RunDir
+ artifacts := filepath.Join(c.config.StaticDir, artifactsDir)
+ if err := os.MkdirAll(artifacts, 0755); err != nil {
+ return errors.Wrapf(err, "error creating artifacts directory %q", artifacts)
+ }
+
return nil
}
@@ -410,6 +418,11 @@ func (c *Container) teardownStorage() error {
return errors.Wrapf(ErrCtrStateInvalid, "cannot remove storage for container %s as it is running or paused", c.ID())
}
+ artifacts := filepath.Join(c.config.StaticDir, artifactsDir)
+ if err := os.RemoveAll(artifacts); err != nil {
+ return errors.Wrapf(err, "error removing artifacts %q", artifacts)
+ }
+
if err := c.cleanupStorage(); err != nil {
return errors.Wrapf(err, "failed to cleanup container %s storage", c.ID())
}
@@ -421,6 +434,30 @@ func (c *Container) teardownStorage() error {
return nil
}
+// Refresh refreshes the container's state after a restart
+func (c *Container) refresh() error {
+ c.lock.Lock()
+ defer c.lock.Unlock()
+
+ if !c.valid {
+ return errors.Wrapf(ErrCtrRemoved, "container %s is not valid - may have been removed", c.ID())
+ }
+
+ // We need to get the container's temporary directory from c/storage
+ // It was lost in the reboot and must be recreated
+ dir, err := c.runtime.storageService.GetRunDir(c.ID())
+ if err != nil {
+ return errors.Wrapf(err, "error retrieving temporary directory for container %s", c.ID())
+ }
+ c.state.RunDir = dir
+
+ if err := c.runtime.state.SaveContainer(c); err != nil {
+ return errors.Wrapf(err, "error refreshing state for container %s", c.ID())
+ }
+
+ return nil
+}
+
// Init creates a container in the OCI runtime
func (c *Container) Init() (err error) {
c.lock.Lock()
@@ -434,12 +471,27 @@ func (c *Container) Init() (err error) {
return errors.Wrapf(ErrCtrExists, "container %s has already been created in runtime", c.ID())
}
- // Mount storage for the container
if err := c.mountStorage(); err != nil {
return err
}
- // Make the OCI runtime spec we will use
+ // If the OCI spec already exists, we need to replace it
+ // Cannot guarantee some things, e.g. network namespaces, have the same
+ // paths
+ jsonPath := filepath.Join(c.bundlePath(), "config.json")
+ if _, err := os.Stat(jsonPath); err != nil {
+ if !os.IsNotExist(err) {
+ return errors.Wrapf(err, "error doing stat on container %s spec", c.ID())
+ }
+ // The spec does not exist, we're fine
+ } else {
+ // The spec exists, need to remove it
+ if err := os.Remove(jsonPath); err != nil {
+ return errors.Wrapf(err, "error replacing runtime spec for container %s", c.ID())
+ }
+ }
+
+ // Save OCI spec to disk
g := generate.NewFromSpec(c.config.Spec)
// Mount ShmDir from host into container
g.AddBindMount(c.config.ShmDir, "/dev/shm", []string{"rw"})
@@ -448,8 +500,6 @@ func (c *Container) Init() (err error) {
c.runningSpec.Annotations[crioAnnotations.Created] = c.config.CreatedTime.Format(time.RFC3339Nano)
c.runningSpec.Annotations["org.opencontainers.image.stopSignal"] = fmt.Sprintf("%d", c.config.StopSignal)
- // Save the OCI spec to disk
- jsonPath := filepath.Join(c.bundlePath(), "config.json")
fileJSON, err := json.Marshal(c.runningSpec)
if err != nil {
return errors.Wrapf(err, "error exporting runtime spec for container %s to JSON", c.ID())
@@ -457,10 +507,11 @@ func (c *Container) Init() (err error) {
if err := ioutil.WriteFile(jsonPath, fileJSON, 0644); err != nil {
return errors.Wrapf(err, "error writing runtime spec JSON to file for container %s", c.ID())
}
- c.state.ConfigPath = jsonPath
logrus.Debugf("Created OCI spec for container %s at %s", c.ID(), jsonPath)
+ c.state.ConfigPath = jsonPath
+
// With the spec complete, do an OCI create
// TODO set cgroup parent in a sane fashion
if err := c.runtime.ociRuntime.createContainer(c, "/libpod_parent"); err != nil {
@@ -554,9 +605,36 @@ func (c *Container) Kill(signal uint) error {
}
// Exec starts a new process inside the container
-// Returns fully qualified URL of streaming server for executed process
-func (c *Container) Exec(cmd []string, tty bool, stdin bool) (string, error) {
- return "", ErrNotImplemented
+func (c *Container) Exec(tty, privileged bool, env, cmd []string, user string) error {
+ var capList []string
+ c.lock.Lock()
+ defer c.lock.Unlock()
+
+ if err := c.syncContainer(); err != nil {
+ return err
+ }
+
+ conState := c.state.State
+
+ if conState != ContainerStateRunning {
+ return errors.Errorf("cannot attach to container that is not running")
+ }
+ if privileged {
+ capList = caps.GetAllCapabilities()
+ }
+ globalOpts := runcGlobalOptions{
+ log: c.LogPath(),
+ }
+ execOpts := runcExecOptions{
+ capAdd: capList,
+ pidFile: filepath.Join(c.state.RunDir, fmt.Sprintf("%s-execpid", stringid.GenerateNonCryptoID()[:12])),
+ env: env,
+ user: user,
+ cwd: c.config.Spec.Process.Cwd,
+ tty: tty,
+ }
+
+ return c.runtime.ociRuntime.execContainer(c, cmd, globalOpts, execOpts)
}
// Attach attaches to a container
@@ -732,6 +810,25 @@ func (c *Container) Export(path string) error {
return err
}
+// AddArtifact creates and writes to an artifact file for the container
+func (c *Container) AddArtifact(name string, data []byte) error {
+ return ioutil.WriteFile(c.getArtifactPath(name), data, 0740)
+}
+
+// GetArtifact reads the specified artifact file from the container
+func (c *Container) GetArtifact(name string) ([]byte, error) {
+ return ioutil.ReadFile(c.getArtifactPath(name))
+}
+
+// RemoveArtifact deletes the specified artifacts file
+func (c *Container) RemoveArtifact(name string) error {
+ return os.Remove(c.getArtifactPath(name))
+}
+
+func (c *Container) getArtifactPath(name string) string {
+ return filepath.Join(c.config.StaticDir, artifactsDir, name)
+}
+
// Commit commits the changes between a container and its image, creating a new
// image
func (c *Container) Commit() (*storage.Image, error) {
diff --git a/libpod/images/image_data.go b/libpod/images/image_data.go
index b64ac557f..1fa63f6cb 100644
--- a/libpod/images/image_data.go
+++ b/libpod/images/image_data.go
@@ -88,7 +88,6 @@ func GetData(store storage.Store, name string) (*Data, error) {
if err != nil {
return nil, errors.Wrapf(err, "error reading image %q", img.ID)
}
- defer imgRef.Close()
tags, digests, err := ParseImageNames(img.Names)
if err != nil {
diff --git a/libpod/in_memory_state.go b/libpod/in_memory_state.go
index 5d03e62e6..4e4cbb664 100644
--- a/libpod/in_memory_state.go
+++ b/libpod/in_memory_state.go
@@ -38,6 +38,12 @@ func (s *InMemoryState) Close() error {
return nil
}
+// Refresh clears container and pod stats after a reboot
+// In-memory state won't survive a reboot so this is a no-op
+func (s *InMemoryState) Refresh() error {
+ return nil
+}
+
// Container retrieves a container from its full ID
func (s *InMemoryState) Container(id string) (*Container, error) {
if id == "" {
diff --git a/libpod/oci.go b/libpod/oci.go
index 6ea6bb64f..49bf95bc5 100644
--- a/libpod/oci.go
+++ b/libpod/oci.go
@@ -302,7 +302,7 @@ func (r *OCIRuntime) createContainer(ctr *Container, cgroupParent string) (err e
func (r *OCIRuntime) updateContainerStatus(ctr *Container) error {
state := new(spec.State)
- out, err := exec.Command(r.path, "state", ctr.ID()).CombinedOutput()
+ out, err := exec.Command(r.path, "state", ctr.ID()).Output()
if err != nil {
return errors.Wrapf(err, "error getting container %s state. stderr/out: %s", ctr.ID(), out)
}
@@ -454,3 +454,9 @@ func (r *OCIRuntime) pauseContainer(ctr *Container) error {
func (r *OCIRuntime) unpauseContainer(ctr *Container) error {
return utils.ExecCmdWithStdStreams(os.Stdin, os.Stdout, os.Stderr, r.path, "resume", ctr.ID())
}
+
+//execContiner executes a command in a running container
+func (r *OCIRuntime) execContainer(c *Container, cmd []string, globalOpts runcGlobalOptions, commandOpts runcExecOptions) error {
+ r.RuncExec(c, cmd, globalOpts, commandOpts)
+ return nil
+}
diff --git a/libpod/runc.go b/libpod/runc.go
new file mode 100644
index 000000000..efbb51b24
--- /dev/null
+++ b/libpod/runc.go
@@ -0,0 +1,117 @@
+package libpod
+
+import (
+ "os"
+ "os/exec"
+ "strings"
+
+ "github.com/sirupsen/logrus"
+)
+
+type runcGlobalOptions struct {
+ log string
+ logFormat string
+ root string
+ criu string
+ systemdCgroup bool
+}
+type runcExecOptions struct {
+ consoleSocket string
+ cwd string
+ env []string
+ tty bool
+ user string
+ processPath string
+ detach bool
+ pidFile string
+ processLabel string
+ apparmor string
+ noNewPrivs bool
+ capAdd []string
+}
+
+func parseGlobalOptionsToArgs(opts runcGlobalOptions) []string {
+ args := []string{}
+ if opts.log != "" {
+ args = append(args, "--log", opts.log)
+ }
+ if opts.logFormat != "" {
+ args = append(args, "--log-format", opts.logFormat)
+ }
+ if opts.root != "" {
+ args = append(args, "--root", opts.root)
+ }
+ if opts.criu != "" {
+ args = append(args, "--criu", opts.criu)
+ }
+ if opts.systemdCgroup {
+ args = append(args, "--systemd-cgroup")
+ }
+ return args
+}
+
+// RuncExec executes 'runc --options exec --options cmd'
+func (r *OCIRuntime) RuncExec(container *Container, command []string, globalOpts runcGlobalOptions, execOpts runcExecOptions) error {
+ args := []string{}
+ args = append(args, parseGlobalOptionsToArgs(globalOpts)...)
+ // Add subcommand
+ args = append(args, "exec")
+ // Now add subcommand args
+
+ if execOpts.consoleSocket != "" {
+ args = append(args, "--console-socket", execOpts.consoleSocket)
+ }
+ if execOpts.cwd != "" {
+ args = append(args, "--cwd", execOpts.cwd)
+ }
+
+ if len(execOpts.env) > 0 {
+ for _, envInput := range execOpts.env {
+ args = append(args, "--env", envInput)
+ }
+ }
+ if execOpts.tty {
+ args = append(args, "--tty")
+ }
+ if execOpts.user != "" {
+ args = append(args, "--user", execOpts.user)
+
+ }
+ if execOpts.processPath != "" {
+ args = append(args, "--process", execOpts.processPath)
+ }
+ if execOpts.detach {
+ args = append(args, "--detach")
+ }
+ if execOpts.pidFile != "" {
+ args = append(args, "--pid-file", execOpts.pidFile)
+ }
+ if execOpts.processLabel != "" {
+ args = append(args, "--process-label", execOpts.processLabel)
+ }
+ if execOpts.apparmor != "" {
+ args = append(args, "--apparmor", execOpts.apparmor)
+ }
+ if execOpts.noNewPrivs {
+ args = append(args, "--no-new-privs")
+ }
+ if len(execOpts.capAdd) > 0 {
+ for _, capAddValue := range execOpts.capAdd {
+ args = append(args, "--cap", capAddValue)
+ }
+ }
+
+ // Append Cid
+ args = append(args, container.ID())
+ // Append Cmd
+ args = append(args, command...)
+
+ logrus.Debug("Executing runc command: %s %s", r.path, strings.Join(args, " "))
+ cmd := exec.Command(r.path, args...)
+ cmd.Stdout = os.Stdout
+ cmd.Stderr = os.Stderr
+ cmd.Stdin = os.Stdin
+ cmd.Start()
+ err := cmd.Wait()
+ return err
+}
diff --git a/libpod/runtime.go b/libpod/runtime.go
index ac7db51ca..d54e90722 100644
--- a/libpod/runtime.go
+++ b/libpod/runtime.go
@@ -184,6 +184,36 @@ func NewRuntime(options ...RuntimeOption) (runtime *Runtime, err error) {
runtime.state = state
}
+ // We now need to see if the system has restarted
+ // We check for the presence of a file in our tmp directory to verify this
+ // This check must be locked to prevent races
+ runtimeAliveLock := filepath.Join(runtime.config.TmpDir, "alive.lck")
+ runtimeAliveFile := filepath.Join(runtime.config.TmpDir, "alive")
+ aliveLock, err := storage.GetLockfile(runtimeAliveLock)
+ if err != nil {
+ return nil, errors.Wrapf(err, "error acquiring runtime init lock")
+ }
+ // Acquire the lock and hold it until we return
+ // This ensures that no two processes will be in runtime.refresh at once
+ // TODO: we can't close the FD in this lock, so we should keep it around
+ // and use it to lock important operations
+ aliveLock.Lock()
+ defer aliveLock.Unlock()
+ _, err = os.Stat(runtimeAliveFile)
+ if err != nil {
+ // If the file doesn't exist, we need to refresh the state
+ // This will trigger on first use as well, but refreshing an
+ // empty state only creates a single file
+ // As such, it's not really a performance concern
+ if os.IsNotExist(err) {
+ if err2 := runtime.refresh(runtimeAliveFile); err2 != nil {
+ return nil, err2
+ }
+ } else {
+ return nil, errors.Wrapf(err, "error reading runtime status file %s", runtimeAliveFile)
+ }
+ }
+
// Mark the runtime as valid - ready to be used, cannot be modified
// further
runtime.valid = true
@@ -249,3 +279,33 @@ func (r *Runtime) Shutdown(force bool) error {
return lastError
}
+
+// Reconfigures the runtime after a reboot
+// Refreshes the state, recreating temporary files
+// Does not check validity as the runtime is not valid until after this has run
+func (r *Runtime) refresh(alivePath string) error {
+ // First clear the state in the database
+ if err := r.state.Refresh(); err != nil {
+ return err
+ }
+
+ // Next refresh the state of all containers to recreate dirs and
+ // namespaces
+ ctrs, err := r.state.AllContainers()
+ if err != nil {
+ return errors.Wrapf(err, "error retrieving all containers from state")
+ }
+ for _, ctr := range ctrs {
+ if err := ctr.refresh(); err != nil {
+ return err
+ }
+ }
+
+ file, err := os.OpenFile(alivePath, os.O_RDONLY|os.O_CREATE, 0644)
+ if err != nil {
+ return errors.Wrapf(err, "error creating runtime status file %s", alivePath)
+ }
+ defer file.Close()
+
+ return nil
+}
diff --git a/libpod/runtime_img.go b/libpod/runtime_img.go
index ba1cec96f..598bfaf0f 100644
--- a/libpod/runtime_img.go
+++ b/libpod/runtime_img.go
@@ -228,7 +228,7 @@ func (k *Image) GetManifest() error {
if err != nil {
return errors.Wrapf(err, "unable to create new image source")
}
- _, _, err = imageSource.GetManifest()
+ _, _, err = imageSource.GetManifest(nil)
if err == nil {
return nil
}
@@ -383,7 +383,7 @@ func (k *Image) HasLatest() (bool, error) {
if err != nil {
return false, err
}
- _, _, err = pullRef.(types.ImageSource).GetManifest()
+ _, _, err = pullRef.(types.ImageSource).GetManifest(nil)
return false, err
}
@@ -1124,7 +1124,6 @@ func (r *Runtime) InfoAndDigestAndSize(img storage.Image) (*types.ImageInspectIn
if err != nil {
return nil, "", -1, errors.Wrapf(err, "error reading image %q", img.ID)
}
- defer imgRef.Close()
return infoAndDigestAndSize(imgRef)
}
diff --git a/libpod/sql_state.go b/libpod/sql_state.go
index cdf8dd707..36114e9cc 100644
--- a/libpod/sql_state.go
+++ b/libpod/sql_state.go
@@ -97,6 +97,52 @@ func (s *SQLState) Close() error {
return nil
}
+// Refresh clears the state after a reboot
+// Resets mountpoint, PID, state for all containers
+func (s *SQLState) Refresh() (err error) {
+ const refresh = `UPDATE containerState SET
+ State=?,
+ Mountpoint=?,
+ Pid=?;`
+
+ s.lock.Lock()
+ defer s.lock.Unlock()
+
+ if !s.valid {
+ return ErrDBClosed
+ }
+
+ tx, err := s.db.Begin()
+ if err != nil {
+ return errors.Wrapf(err, "error beginning database transaction")
+ }
+ defer func() {
+ if err != nil {
+ if err2 := tx.Rollback(); err2 != nil {
+ logrus.Errorf("Error rolling back transaction to refresh state: %v", err2)
+ }
+ }
+ }()
+
+ // Refresh container state
+ // The constants could be moved into the SQL, but keeping them here
+ // will keep us in sync in case ContainerStateConfigured ever changes in
+ // the container state
+ _, err = tx.Exec(refresh,
+ ContainerStateConfigured,
+ "",
+ 0)
+ if err != nil {
+ return errors.Wrapf(err, "error refreshing database state")
+ }
+
+ if err := tx.Commit(); err != nil {
+ return errors.Wrapf(err, "error committing transaction to refresh database")
+ }
+
+ return nil
+}
+
// Container retrieves a container from its full ID
func (s *SQLState) Container(id string) (*Container, error) {
const query = `SELECT containers.*,
diff --git a/libpod/state.go b/libpod/state.go
index 4093f14f1..4a79b8d2d 100644
--- a/libpod/state.go
+++ b/libpod/state.go
@@ -6,6 +6,9 @@ type State interface {
// connections) that may be required
Close() error
+ // Refresh clears container and pod states after a reboot
+ Refresh() error
+
// Accepts full ID of container
Container(id string) (*Container, error)
// Accepts full or partial IDs (as long as they are unique) and names