diff options
Diffstat (limited to 'libpod')
-rw-r--r-- | libpod/container.go | 113 | ||||
-rw-r--r-- | libpod/images/image_data.go | 1 | ||||
-rw-r--r-- | libpod/in_memory_state.go | 6 | ||||
-rw-r--r-- | libpod/oci.go | 8 | ||||
-rw-r--r-- | libpod/runc.go | 117 | ||||
-rw-r--r-- | libpod/runtime.go | 60 | ||||
-rw-r--r-- | libpod/runtime_img.go | 5 | ||||
-rw-r--r-- | libpod/sql_state.go | 46 | ||||
-rw-r--r-- | libpod/state.go | 3 |
9 files changed, 346 insertions, 13 deletions
diff --git a/libpod/container.go b/libpod/container.go index f1dd34131..fce64b0dd 100644 --- a/libpod/container.go +++ b/libpod/container.go @@ -13,6 +13,7 @@ import ( "github.com/containers/storage" "github.com/containers/storage/pkg/archive" + "github.com/docker/docker/daemon/caps" "github.com/docker/docker/pkg/mount" "github.com/docker/docker/pkg/namesgenerator" "github.com/docker/docker/pkg/stringid" @@ -49,6 +50,8 @@ const ( ContainerStateStopped ContainerState = iota // ContainerStatePaused indicates that the container has been paused ContainerStatePaused ContainerState = iota + // name of the directory holding the artifacts + artifactsDir = "artifacts" ) // Container is a single OCI container @@ -397,6 +400,11 @@ func (c *Container) setupStorage() error { c.config.StaticDir = containerInfo.Dir c.state.RunDir = containerInfo.RunDir + artifacts := filepath.Join(c.config.StaticDir, artifactsDir) + if err := os.MkdirAll(artifacts, 0755); err != nil { + return errors.Wrapf(err, "error creating artifacts directory %q", artifacts) + } + return nil } @@ -410,6 +418,11 @@ func (c *Container) teardownStorage() error { return errors.Wrapf(ErrCtrStateInvalid, "cannot remove storage for container %s as it is running or paused", c.ID()) } + artifacts := filepath.Join(c.config.StaticDir, artifactsDir) + if err := os.RemoveAll(artifacts); err != nil { + return errors.Wrapf(err, "error removing artifacts %q", artifacts) + } + if err := c.cleanupStorage(); err != nil { return errors.Wrapf(err, "failed to cleanup container %s storage", c.ID()) } @@ -421,6 +434,30 @@ func (c *Container) teardownStorage() error { return nil } +// Refresh refreshes the container's state after a restart +func (c *Container) refresh() error { + c.lock.Lock() + defer c.lock.Unlock() + + if !c.valid { + return errors.Wrapf(ErrCtrRemoved, "container %s is not valid - may have been removed", c.ID()) + } + + // We need to get the container's temporary directory from c/storage + // It was lost in the reboot and must be recreated + dir, err := c.runtime.storageService.GetRunDir(c.ID()) + if err != nil { + return errors.Wrapf(err, "error retrieving temporary directory for container %s", c.ID()) + } + c.state.RunDir = dir + + if err := c.runtime.state.SaveContainer(c); err != nil { + return errors.Wrapf(err, "error refreshing state for container %s", c.ID()) + } + + return nil +} + // Init creates a container in the OCI runtime func (c *Container) Init() (err error) { c.lock.Lock() @@ -434,12 +471,27 @@ func (c *Container) Init() (err error) { return errors.Wrapf(ErrCtrExists, "container %s has already been created in runtime", c.ID()) } - // Mount storage for the container if err := c.mountStorage(); err != nil { return err } - // Make the OCI runtime spec we will use + // If the OCI spec already exists, we need to replace it + // Cannot guarantee some things, e.g. network namespaces, have the same + // paths + jsonPath := filepath.Join(c.bundlePath(), "config.json") + if _, err := os.Stat(jsonPath); err != nil { + if !os.IsNotExist(err) { + return errors.Wrapf(err, "error doing stat on container %s spec", c.ID()) + } + // The spec does not exist, we're fine + } else { + // The spec exists, need to remove it + if err := os.Remove(jsonPath); err != nil { + return errors.Wrapf(err, "error replacing runtime spec for container %s", c.ID()) + } + } + + // Save OCI spec to disk g := generate.NewFromSpec(c.config.Spec) // Mount ShmDir from host into container g.AddBindMount(c.config.ShmDir, "/dev/shm", []string{"rw"}) @@ -448,8 +500,6 @@ func (c *Container) Init() (err error) { c.runningSpec.Annotations[crioAnnotations.Created] = c.config.CreatedTime.Format(time.RFC3339Nano) c.runningSpec.Annotations["org.opencontainers.image.stopSignal"] = fmt.Sprintf("%d", c.config.StopSignal) - // Save the OCI spec to disk - jsonPath := filepath.Join(c.bundlePath(), "config.json") fileJSON, err := json.Marshal(c.runningSpec) if err != nil { return errors.Wrapf(err, "error exporting runtime spec for container %s to JSON", c.ID()) @@ -457,10 +507,11 @@ func (c *Container) Init() (err error) { if err := ioutil.WriteFile(jsonPath, fileJSON, 0644); err != nil { return errors.Wrapf(err, "error writing runtime spec JSON to file for container %s", c.ID()) } - c.state.ConfigPath = jsonPath logrus.Debugf("Created OCI spec for container %s at %s", c.ID(), jsonPath) + c.state.ConfigPath = jsonPath + // With the spec complete, do an OCI create // TODO set cgroup parent in a sane fashion if err := c.runtime.ociRuntime.createContainer(c, "/libpod_parent"); err != nil { @@ -554,9 +605,36 @@ func (c *Container) Kill(signal uint) error { } // Exec starts a new process inside the container -// Returns fully qualified URL of streaming server for executed process -func (c *Container) Exec(cmd []string, tty bool, stdin bool) (string, error) { - return "", ErrNotImplemented +func (c *Container) Exec(tty, privileged bool, env, cmd []string, user string) error { + var capList []string + c.lock.Lock() + defer c.lock.Unlock() + + if err := c.syncContainer(); err != nil { + return err + } + + conState := c.state.State + + if conState != ContainerStateRunning { + return errors.Errorf("cannot attach to container that is not running") + } + if privileged { + capList = caps.GetAllCapabilities() + } + globalOpts := runcGlobalOptions{ + log: c.LogPath(), + } + execOpts := runcExecOptions{ + capAdd: capList, + pidFile: filepath.Join(c.state.RunDir, fmt.Sprintf("%s-execpid", stringid.GenerateNonCryptoID()[:12])), + env: env, + user: user, + cwd: c.config.Spec.Process.Cwd, + tty: tty, + } + + return c.runtime.ociRuntime.execContainer(c, cmd, globalOpts, execOpts) } // Attach attaches to a container @@ -732,6 +810,25 @@ func (c *Container) Export(path string) error { return err } +// AddArtifact creates and writes to an artifact file for the container +func (c *Container) AddArtifact(name string, data []byte) error { + return ioutil.WriteFile(c.getArtifactPath(name), data, 0740) +} + +// GetArtifact reads the specified artifact file from the container +func (c *Container) GetArtifact(name string) ([]byte, error) { + return ioutil.ReadFile(c.getArtifactPath(name)) +} + +// RemoveArtifact deletes the specified artifacts file +func (c *Container) RemoveArtifact(name string) error { + return os.Remove(c.getArtifactPath(name)) +} + +func (c *Container) getArtifactPath(name string) string { + return filepath.Join(c.config.StaticDir, artifactsDir, name) +} + // Commit commits the changes between a container and its image, creating a new // image func (c *Container) Commit() (*storage.Image, error) { diff --git a/libpod/images/image_data.go b/libpod/images/image_data.go index b64ac557f..1fa63f6cb 100644 --- a/libpod/images/image_data.go +++ b/libpod/images/image_data.go @@ -88,7 +88,6 @@ func GetData(store storage.Store, name string) (*Data, error) { if err != nil { return nil, errors.Wrapf(err, "error reading image %q", img.ID) } - defer imgRef.Close() tags, digests, err := ParseImageNames(img.Names) if err != nil { diff --git a/libpod/in_memory_state.go b/libpod/in_memory_state.go index 5d03e62e6..4e4cbb664 100644 --- a/libpod/in_memory_state.go +++ b/libpod/in_memory_state.go @@ -38,6 +38,12 @@ func (s *InMemoryState) Close() error { return nil } +// Refresh clears container and pod stats after a reboot +// In-memory state won't survive a reboot so this is a no-op +func (s *InMemoryState) Refresh() error { + return nil +} + // Container retrieves a container from its full ID func (s *InMemoryState) Container(id string) (*Container, error) { if id == "" { diff --git a/libpod/oci.go b/libpod/oci.go index 6ea6bb64f..49bf95bc5 100644 --- a/libpod/oci.go +++ b/libpod/oci.go @@ -302,7 +302,7 @@ func (r *OCIRuntime) createContainer(ctr *Container, cgroupParent string) (err e func (r *OCIRuntime) updateContainerStatus(ctr *Container) error { state := new(spec.State) - out, err := exec.Command(r.path, "state", ctr.ID()).CombinedOutput() + out, err := exec.Command(r.path, "state", ctr.ID()).Output() if err != nil { return errors.Wrapf(err, "error getting container %s state. stderr/out: %s", ctr.ID(), out) } @@ -454,3 +454,9 @@ func (r *OCIRuntime) pauseContainer(ctr *Container) error { func (r *OCIRuntime) unpauseContainer(ctr *Container) error { return utils.ExecCmdWithStdStreams(os.Stdin, os.Stdout, os.Stderr, r.path, "resume", ctr.ID()) } + +//execContiner executes a command in a running container +func (r *OCIRuntime) execContainer(c *Container, cmd []string, globalOpts runcGlobalOptions, commandOpts runcExecOptions) error { + r.RuncExec(c, cmd, globalOpts, commandOpts) + return nil +} diff --git a/libpod/runc.go b/libpod/runc.go new file mode 100644 index 000000000..efbb51b24 --- /dev/null +++ b/libpod/runc.go @@ -0,0 +1,117 @@ +package libpod + +import ( + "os" + "os/exec" + "strings" + + "github.com/sirupsen/logrus" +) + +type runcGlobalOptions struct { + log string + logFormat string + root string + criu string + systemdCgroup bool +} +type runcExecOptions struct { + consoleSocket string + cwd string + env []string + tty bool + user string + processPath string + detach bool + pidFile string + processLabel string + apparmor string + noNewPrivs bool + capAdd []string +} + +func parseGlobalOptionsToArgs(opts runcGlobalOptions) []string { + args := []string{} + if opts.log != "" { + args = append(args, "--log", opts.log) + } + if opts.logFormat != "" { + args = append(args, "--log-format", opts.logFormat) + } + if opts.root != "" { + args = append(args, "--root", opts.root) + } + if opts.criu != "" { + args = append(args, "--criu", opts.criu) + } + if opts.systemdCgroup { + args = append(args, "--systemd-cgroup") + } + return args +} + +// RuncExec executes 'runc --options exec --options cmd' +func (r *OCIRuntime) RuncExec(container *Container, command []string, globalOpts runcGlobalOptions, execOpts runcExecOptions) error { + args := []string{} + args = append(args, parseGlobalOptionsToArgs(globalOpts)...) + // Add subcommand + args = append(args, "exec") + // Now add subcommand args + + if execOpts.consoleSocket != "" { + args = append(args, "--console-socket", execOpts.consoleSocket) + } + if execOpts.cwd != "" { + args = append(args, "--cwd", execOpts.cwd) + } + + if len(execOpts.env) > 0 { + for _, envInput := range execOpts.env { + args = append(args, "--env", envInput) + } + } + if execOpts.tty { + args = append(args, "--tty") + } + if execOpts.user != "" { + args = append(args, "--user", execOpts.user) + + } + if execOpts.processPath != "" { + args = append(args, "--process", execOpts.processPath) + } + if execOpts.detach { + args = append(args, "--detach") + } + if execOpts.pidFile != "" { + args = append(args, "--pid-file", execOpts.pidFile) + } + if execOpts.processLabel != "" { + args = append(args, "--process-label", execOpts.processLabel) + } + if execOpts.apparmor != "" { + args = append(args, "--apparmor", execOpts.apparmor) + } + if execOpts.noNewPrivs { + args = append(args, "--no-new-privs") + } + if len(execOpts.capAdd) > 0 { + for _, capAddValue := range execOpts.capAdd { + args = append(args, "--cap", capAddValue) + } + } + + // Append Cid + args = append(args, container.ID()) + // Append Cmd + args = append(args, command...) + + logrus.Debug("Executing runc command: %s %s", r.path, strings.Join(args, " ")) + cmd := exec.Command(r.path, args...) + cmd.Stdout = os.Stdout + cmd.Stderr = os.Stderr + cmd.Stdin = os.Stdin + cmd.Start() + err := cmd.Wait() + return err +} diff --git a/libpod/runtime.go b/libpod/runtime.go index ac7db51ca..d54e90722 100644 --- a/libpod/runtime.go +++ b/libpod/runtime.go @@ -184,6 +184,36 @@ func NewRuntime(options ...RuntimeOption) (runtime *Runtime, err error) { runtime.state = state } + // We now need to see if the system has restarted + // We check for the presence of a file in our tmp directory to verify this + // This check must be locked to prevent races + runtimeAliveLock := filepath.Join(runtime.config.TmpDir, "alive.lck") + runtimeAliveFile := filepath.Join(runtime.config.TmpDir, "alive") + aliveLock, err := storage.GetLockfile(runtimeAliveLock) + if err != nil { + return nil, errors.Wrapf(err, "error acquiring runtime init lock") + } + // Acquire the lock and hold it until we return + // This ensures that no two processes will be in runtime.refresh at once + // TODO: we can't close the FD in this lock, so we should keep it around + // and use it to lock important operations + aliveLock.Lock() + defer aliveLock.Unlock() + _, err = os.Stat(runtimeAliveFile) + if err != nil { + // If the file doesn't exist, we need to refresh the state + // This will trigger on first use as well, but refreshing an + // empty state only creates a single file + // As such, it's not really a performance concern + if os.IsNotExist(err) { + if err2 := runtime.refresh(runtimeAliveFile); err2 != nil { + return nil, err2 + } + } else { + return nil, errors.Wrapf(err, "error reading runtime status file %s", runtimeAliveFile) + } + } + // Mark the runtime as valid - ready to be used, cannot be modified // further runtime.valid = true @@ -249,3 +279,33 @@ func (r *Runtime) Shutdown(force bool) error { return lastError } + +// Reconfigures the runtime after a reboot +// Refreshes the state, recreating temporary files +// Does not check validity as the runtime is not valid until after this has run +func (r *Runtime) refresh(alivePath string) error { + // First clear the state in the database + if err := r.state.Refresh(); err != nil { + return err + } + + // Next refresh the state of all containers to recreate dirs and + // namespaces + ctrs, err := r.state.AllContainers() + if err != nil { + return errors.Wrapf(err, "error retrieving all containers from state") + } + for _, ctr := range ctrs { + if err := ctr.refresh(); err != nil { + return err + } + } + + file, err := os.OpenFile(alivePath, os.O_RDONLY|os.O_CREATE, 0644) + if err != nil { + return errors.Wrapf(err, "error creating runtime status file %s", alivePath) + } + defer file.Close() + + return nil +} diff --git a/libpod/runtime_img.go b/libpod/runtime_img.go index ba1cec96f..598bfaf0f 100644 --- a/libpod/runtime_img.go +++ b/libpod/runtime_img.go @@ -228,7 +228,7 @@ func (k *Image) GetManifest() error { if err != nil { return errors.Wrapf(err, "unable to create new image source") } - _, _, err = imageSource.GetManifest() + _, _, err = imageSource.GetManifest(nil) if err == nil { return nil } @@ -383,7 +383,7 @@ func (k *Image) HasLatest() (bool, error) { if err != nil { return false, err } - _, _, err = pullRef.(types.ImageSource).GetManifest() + _, _, err = pullRef.(types.ImageSource).GetManifest(nil) return false, err } @@ -1124,7 +1124,6 @@ func (r *Runtime) InfoAndDigestAndSize(img storage.Image) (*types.ImageInspectIn if err != nil { return nil, "", -1, errors.Wrapf(err, "error reading image %q", img.ID) } - defer imgRef.Close() return infoAndDigestAndSize(imgRef) } diff --git a/libpod/sql_state.go b/libpod/sql_state.go index cdf8dd707..36114e9cc 100644 --- a/libpod/sql_state.go +++ b/libpod/sql_state.go @@ -97,6 +97,52 @@ func (s *SQLState) Close() error { return nil } +// Refresh clears the state after a reboot +// Resets mountpoint, PID, state for all containers +func (s *SQLState) Refresh() (err error) { + const refresh = `UPDATE containerState SET + State=?, + Mountpoint=?, + Pid=?;` + + s.lock.Lock() + defer s.lock.Unlock() + + if !s.valid { + return ErrDBClosed + } + + tx, err := s.db.Begin() + if err != nil { + return errors.Wrapf(err, "error beginning database transaction") + } + defer func() { + if err != nil { + if err2 := tx.Rollback(); err2 != nil { + logrus.Errorf("Error rolling back transaction to refresh state: %v", err2) + } + } + }() + + // Refresh container state + // The constants could be moved into the SQL, but keeping them here + // will keep us in sync in case ContainerStateConfigured ever changes in + // the container state + _, err = tx.Exec(refresh, + ContainerStateConfigured, + "", + 0) + if err != nil { + return errors.Wrapf(err, "error refreshing database state") + } + + if err := tx.Commit(); err != nil { + return errors.Wrapf(err, "error committing transaction to refresh database") + } + + return nil +} + // Container retrieves a container from its full ID func (s *SQLState) Container(id string) (*Container, error) { const query = `SELECT containers.*, diff --git a/libpod/state.go b/libpod/state.go index 4093f14f1..4a79b8d2d 100644 --- a/libpod/state.go +++ b/libpod/state.go @@ -6,6 +6,9 @@ type State interface { // connections) that may be required Close() error + // Refresh clears container and pod states after a reboot + Refresh() error + // Accepts full ID of container Container(id string) (*Container, error) // Accepts full or partial IDs (as long as they are unique) and names |