diff options
Diffstat (limited to 'libpod')
| -rw-r--r-- | libpod/boltdb_state_internal.go | 37 | ||||
| -rw-r--r-- | libpod/container_api.go | 2 | ||||
| -rw-r--r-- | libpod/container_internal_linux.go | 85 | ||||
| -rw-r--r-- | libpod/define/podstate.go | 7 | ||||
| -rw-r--r-- | libpod/diff.go | 20 | ||||
| -rw-r--r-- | libpod/events.go | 6 | ||||
| -rw-r--r-- | libpod/events/config.go | 12 | ||||
| -rw-r--r-- | libpod/events/events.go | 9 | ||||
| -rw-r--r-- | libpod/events/filters.go | 20 | ||||
| -rw-r--r-- | libpod/events/journal_linux.go | 71 | ||||
| -rw-r--r-- | libpod/image/filters.go | 4 | ||||
| -rw-r--r-- | libpod/image/image.go | 10 | ||||
| -rw-r--r-- | libpod/image/search.go | 2 | ||||
| -rw-r--r-- | libpod/network/create.go | 6 | ||||
| -rw-r--r-- | libpod/networking_linux.go | 20 | ||||
| -rw-r--r-- | libpod/pod_api.go | 2 | ||||
| -rw-r--r-- | libpod/pod_status.go | 8 | ||||
| -rw-r--r-- | libpod/runtime.go | 19 | ||||
| -rw-r--r-- | libpod/runtime_cstorage.go | 4 | ||||
| -rw-r--r-- | libpod/runtime_ctr.go | 5 | ||||
| -rw-r--r-- | libpod/shutdown/handler.go | 131 |
21 files changed, 398 insertions, 82 deletions
diff --git a/libpod/boltdb_state_internal.go b/libpod/boltdb_state_internal.go index 9be753d26..2f485318c 100644 --- a/libpod/boltdb_state_internal.go +++ b/libpod/boltdb_state_internal.go @@ -2,6 +2,7 @@ package libpod import ( "bytes" + "os" "path/filepath" "runtime" "strings" @@ -104,25 +105,25 @@ func checkRuntimeConfig(db *bolt.DB, rt *Runtime) error { }, { "libpod root directory (staticdir)", - rt.config.Engine.StaticDir, + filepath.Clean(rt.config.Engine.StaticDir), staticDirKey, "", }, { "libpod temporary files directory (tmpdir)", - rt.config.Engine.TmpDir, + filepath.Clean(rt.config.Engine.TmpDir), tmpDirKey, "", }, { "storage temporary directory (runroot)", - rt.StorageConfig().RunRoot, + filepath.Clean(rt.StorageConfig().RunRoot), runRootKey, storeOpts.RunRoot, }, { "storage graph root directory (graphroot)", - rt.StorageConfig().GraphRoot, + filepath.Clean(rt.StorageConfig().GraphRoot), graphRootKey, storeOpts.GraphRoot, }, @@ -400,14 +401,30 @@ func (s *BoltState) getContainerFromDB(id []byte, ctr *Container, ctrsBkt *bolt. // Handle legacy containers which might use a literal path for // their OCI runtime name. runtimeName := ctr.config.OCIRuntime - if strings.HasPrefix(runtimeName, "/") { - runtimeName = filepath.Base(runtimeName) - } - ociRuntime, ok := s.runtime.ociRuntimes[runtimeName] if !ok { - // Use a MissingRuntime implementation - ociRuntime = getMissingRuntime(runtimeName, s.runtime) + runtimeSet := false + + // If the path starts with a / and exists, make a new + // OCI runtime for it using the full path. + if strings.HasPrefix(runtimeName, "/") { + if stat, err := os.Stat(runtimeName); err == nil && !stat.IsDir() { + newOCIRuntime, err := newConmonOCIRuntime(runtimeName, []string{runtimeName}, s.runtime.conmonPath, s.runtime.runtimeFlags, s.runtime.config) + if err == nil { + // The runtime lock should + // protect against concurrent + // modification of the map. + ociRuntime = newOCIRuntime + s.runtime.ociRuntimes[runtimeName] = ociRuntime + runtimeSet = true + } + } + } + + if !runtimeSet { + // Use a MissingRuntime implementation + ociRuntime = getMissingRuntime(runtimeName, s.runtime) + } } ctr.ociRuntime = ociRuntime } diff --git a/libpod/container_api.go b/libpod/container_api.go index aef37dd59..a9808a30e 100644 --- a/libpod/container_api.go +++ b/libpod/container_api.go @@ -249,7 +249,7 @@ func (c *Container) Attach(streams *define.AttachStreams, keys string, resize <- // attaching, and I really do not want to do that right now. // Send a SIGWINCH after attach succeeds so that most programs will // redraw the screen for the new attach session. - attachRdy := make(chan bool) + attachRdy := make(chan bool, 1) if c.config.Spec.Process != nil && c.config.Spec.Process.Terminal { go func() { <-attachRdy diff --git a/libpod/container_internal_linux.go b/libpod/container_internal_linux.go index 3a71c6601..a1b4334fb 100644 --- a/libpod/container_internal_linux.go +++ b/libpod/container_internal_linux.go @@ -1024,13 +1024,15 @@ func (c *Container) restore(ctx context.Context, options ContainerCheckpointOpti if !options.IgnoreStaticMAC { // Take the first device with a defined sandbox. var MAC net.HardwareAddr - for _, n := range networkStatus[0].Interfaces { - if n.Sandbox != "" { - MAC, err = net.ParseMAC(n.Mac) - if err != nil { - return errors.Wrapf(err, "failed to parse MAC %v", n.Mac) + if len(networkStatus) > 0 { + for _, n := range networkStatus[0].Interfaces { + if n.Sandbox != "" { + MAC, err = net.ParseMAC(n.Mac) + if err != nil { + return errors.Wrapf(err, "failed to parse MAC %v", n.Mac) + } + break } - break } } if MAC != nil { @@ -1410,7 +1412,8 @@ func (c *Container) generateResolvConf() (string, error) { // Determine the endpoint for resolv.conf in case it is a symlink resolvPath, err := filepath.EvalSymlinks(resolvConf) - if err != nil { + // resolv.conf doesn't have to exists + if err != nil && !os.IsNotExist(err) { return "", err } @@ -1420,7 +1423,8 @@ func (c *Container) generateResolvConf() (string, error) { } contents, err := ioutil.ReadFile(resolvPath) - if err != nil { + // resolv.conf doesn't have to exists + if err != nil && !os.IsNotExist(err) { return "", errors.Wrapf(err, "unable to read %s", resolvPath) } @@ -1539,11 +1543,38 @@ func (c *Container) getHosts() string { } } - if c.config.NetMode.IsSlirp4netns() { - // When using slirp4netns, the interface gets a static IP - hosts += fmt.Sprintf("# used by slirp4netns\n%s\t%s %s\n", "10.0.2.100", c.Hostname(), c.Config().Name) - } hosts += c.cniHosts() + + // If not making a network namespace, add our own hostname. + if c.Hostname() != "" { + if c.config.NetMode.IsSlirp4netns() { + // When using slirp4netns, the interface gets a static IP + hosts += fmt.Sprintf("# used by slirp4netns\n%s\t%s %s\n", "10.0.2.100", c.Hostname(), c.config.Name) + } else { + hasNetNS := false + netNone := false + for _, ns := range c.config.Spec.Linux.Namespaces { + if ns.Type == spec.NetworkNamespace { + hasNetNS = true + if ns.Path == "" && !c.config.CreateNetNS { + netNone = true + } + break + } + } + if !hasNetNS { + // 127.0.1.1 and host's hostname to match Docker + osHostname, err := os.Hostname() + if err != nil { + osHostname = c.Hostname() + } + hosts += fmt.Sprintf("127.0.1.1 %s\n", osHostname) + } + if netNone { + hosts += fmt.Sprintf("127.0.1.1 %s\n", c.Hostname()) + } + } + } return hosts } @@ -1717,11 +1748,35 @@ func (c *Container) generateCurrentUserPasswdEntry() (string, int, int, error) { // If the user's actual home directory exists, or was mounted in - use // that. homeDir := c.WorkingDir() - if MountExists(c.config.Spec.Mounts, u.HomeDir) { - homeDir = u.HomeDir + hDir := u.HomeDir + for hDir != "/" { + if MountExists(c.config.Spec.Mounts, hDir) { + homeDir = u.HomeDir + break + } + hDir = filepath.Dir(hDir) + } + if homeDir != u.HomeDir { + for _, hDir := range c.UserVolumes() { + if hDir == u.HomeDir { + homeDir = u.HomeDir + break + } + } + } + // Set HOME environment if not already set + hasHomeSet := false + for _, s := range c.config.Spec.Process.Env { + if strings.HasPrefix(s, "HOME=") { + hasHomeSet = true + break + } + } + if !hasHomeSet { + c.config.Spec.Process.Env = append(c.config.Spec.Process.Env, fmt.Sprintf("HOME=%s", homeDir)) } - return fmt.Sprintf("%s:*:%s:%s:%s:%s:/bin/sh\n", u.Username, u.Uid, u.Gid, u.Username, homeDir), uid, rootless.GetRootlessGID(), nil + return fmt.Sprintf("%s:*:%s:%s:%s:%s:/bin/sh\n", u.Username, u.Uid, u.Gid, u.Name, homeDir), uid, rootless.GetRootlessGID(), nil } // generateUserPasswdEntry generates an /etc/passwd entry for the container user diff --git a/libpod/define/podstate.go b/libpod/define/podstate.go index 2b59aabfb..e02671972 100644 --- a/libpod/define/podstate.go +++ b/libpod/define/podstate.go @@ -10,9 +10,12 @@ const ( PodStateExited = "Exited" // PodStatePaused indicates the pod has been paused PodStatePaused = "Paused" - // PodStateRunning indicates that one or more of the containers in - // the pod is running + // PodStateRunning indicates that all of the containers in the pod are + // running. PodStateRunning = "Running" + // PodStateDegraded indicates that at least one, but not all, of the + // containers in the pod are running. + PodStateDegraded = "Degraded" // PodStateStopped indicates all of the containers belonging to the pod // are stopped. PodStateStopped = "Stopped" diff --git a/libpod/diff.go b/libpod/diff.go index 5335d701c..43f4d2e96 100644 --- a/libpod/diff.go +++ b/libpod/diff.go @@ -62,18 +62,22 @@ func (r *Runtime) ApplyDiffTarStream(to string, diff io.Reader) error { func (r *Runtime) getLayerID(id string) (string, error) { var toLayer string toImage, err := r.imageRuntime.NewFromLocal(id) + if err == nil { + return toImage.TopLayer(), nil + } + + targetID, err := r.store.Lookup(id) if err != nil { - toCtr, err := r.store.Container(id) + targetID = id + } + toCtr, err := r.store.Container(targetID) + if err != nil { + toLayer, err = layers.FullID(r.store, targetID) if err != nil { - toLayer, err = layers.FullID(r.store, id) - if err != nil { - return "", errors.Errorf("layer, image, or container %s does not exist", id) - } - } else { - toLayer = toCtr.LayerID + return "", errors.Errorf("layer, image, or container %s does not exist", id) } } else { - toLayer = toImage.TopLayer() + toLayer = toCtr.LayerID } return toLayer, nil } diff --git a/libpod/events.go b/libpod/events.go index b519fe324..95317eb01 100644 --- a/libpod/events.go +++ b/libpod/events.go @@ -26,6 +26,12 @@ func (c *Container) newContainerEvent(status events.Status) { e.Name = c.Name() e.Image = c.config.RootfsImageName e.Type = events.Container + + e.Details = events.Details{ + ID: e.ID, + Attributes: c.Labels(), + } + if err := c.runtime.eventer.Write(e); err != nil { logrus.Errorf("unable to write pod event: %q", err) } diff --git a/libpod/events/config.go b/libpod/events/config.go index bb35c03c0..2ec3111fe 100644 --- a/libpod/events/config.go +++ b/libpod/events/config.go @@ -36,6 +36,18 @@ type Event struct { Time time.Time // Type of event that occurred Type Type + + Details +} + +// Details describes specifics about certain events, specifically around +// container events +type Details struct { + // ID is the event ID + ID string + // Attributes can be used to describe specifics about the event + // in the case of a container event, labels for example + Attributes map[string]string } // EventerOptions describe options that need to be passed to create diff --git a/libpod/events/events.go b/libpod/events/events.go index 722c9595e..42939d64c 100644 --- a/libpod/events/events.go +++ b/libpod/events/events.go @@ -69,7 +69,14 @@ func (e *Event) ToHumanReadable() string { var humanFormat string switch e.Type { case Container, Pod: - humanFormat = fmt.Sprintf("%s %s %s %s (image=%s, name=%s)", e.Time, e.Type, e.Status, e.ID, e.Image, e.Name) + humanFormat = fmt.Sprintf("%s %s %s %s (image=%s, name=%s", e.Time, e.Type, e.Status, e.ID, e.Image, e.Name) + // check if the container has labels and add it to the output + if len(e.Attributes) > 0 { + for k, v := range e.Attributes { + humanFormat += fmt.Sprintf(", %s=%s", k, v) + } + } + humanFormat += ")" case Image: humanFormat = fmt.Sprintf("%s %s %s %s %s", e.Time, e.Type, e.Status, e.ID, e.Name) case System: diff --git a/libpod/events/filters.go b/libpod/events/filters.go index c50474007..62891d32c 100644 --- a/libpod/events/filters.go +++ b/libpod/events/filters.go @@ -55,6 +55,24 @@ func generateEventFilter(filter, filterValue string) (func(e *Event) bool, error return func(e *Event) bool { return string(e.Type) == filterValue }, nil + + case "LABEL": + return func(e *Event) bool { + var found bool + // iterate labels and see if we match a key and value + for eventKey, eventValue := range e.Attributes { + filterValueSplit := strings.SplitN(filterValue, "=", 2) + // if the filter isn't right, just return false + if len(filterValueSplit) < 2 { + return false + } + if eventKey == filterValueSplit[0] && eventValue == filterValueSplit[1] { + found = true + break + } + } + return found + }, nil } return nil, errors.Errorf("%s is an invalid filter", filter) } @@ -73,7 +91,7 @@ func generateEventUntilOption(timeUntil time.Time) func(e *Event) bool { } func parseFilter(filter string) (string, string, error) { - filterSplit := strings.Split(filter, "=") + filterSplit := strings.SplitN(filter, "=", 2) if len(filterSplit) != 2 { return "", "", errors.Errorf("%s is an invalid filter", filter) } diff --git a/libpod/events/journal_linux.go b/libpod/events/journal_linux.go index dc55dbc77..5e3be8009 100644 --- a/libpod/events/journal_linux.go +++ b/libpod/events/journal_linux.go @@ -4,6 +4,7 @@ package events import ( "context" + "encoding/json" "strconv" "time" @@ -46,6 +47,15 @@ func (e EventJournalD) Write(ee Event) error { if ee.ContainerExitCode != 0 { m["PODMAN_EXIT_CODE"] = strconv.Itoa(ee.ContainerExitCode) } + // If we have container labels, we need to convert them to a string so they + // can be recorded with the event + if len(ee.Details.Attributes) > 0 { + b, err := json.Marshal(ee.Details.Attributes) + if err != nil { + return err + } + m["PODMAN_LABELS"] = string(b) + } case Volume: m["PODMAN_NAME"] = ee.Name } @@ -59,35 +69,39 @@ func (e EventJournalD) Read(ctx context.Context, options ReadOptions) error { if err != nil { return errors.Wrapf(err, "failed to generate event options") } - j, err := sdjournal.NewJournal() //nolint + j, err := sdjournal.NewJournal() if err != nil { return err } - // TODO AddMatch and Seek seem to conflict - // Issue filed upstream -> https://github.com/coreos/go-systemd/issues/315 - // Leaving commented code in case upstream fixes things - //podmanJournal := sdjournal.Match{Field: "SYSLOG_IDENTIFIER", Value: "podman"} //nolint - //if err := j.AddMatch(podmanJournal.String()); err != nil { - // return errors.Wrap(err, "failed to add filter for event log") - //} + + // match only podman journal entries + podmanJournal := sdjournal.Match{Field: "SYSLOG_IDENTIFIER", Value: "podman"} + if err := j.AddMatch(podmanJournal.String()); err != nil { + return errors.Wrap(err, "failed to add journal filter for event log") + } + if len(options.Since) == 0 && len(options.Until) == 0 && options.Stream { if err := j.SeekTail(); err != nil { return errors.Wrap(err, "failed to seek end of journal") } - } else { - podmanJournal := sdjournal.Match{Field: "SYSLOG_IDENTIFIER", Value: "podman"} //nolint - if err := j.AddMatch(podmanJournal.String()); err != nil { - return errors.Wrap(err, "failed to add filter for event log") + // After SeekTail calling Next moves to a random entry. + // To prevent this we have to call Previous first. + // see: https://bugs.freedesktop.org/show_bug.cgi?id=64614 + if _, err := j.Previous(); err != nil { + return errors.Wrap(err, "failed to move journal cursor to previous entry") } } + // the api requires a next|prev before getting a cursor if _, err := j.Next(); err != nil { - return err + return errors.Wrap(err, "failed to move journal cursor to next entry") } + prevCursor, err := j.GetCursor() if err != nil { - return err + return errors.Wrap(err, "failed to get journal cursor") } + for { select { case <-ctx.Done(): @@ -96,30 +110,26 @@ func (e EventJournalD) Read(ctx context.Context, options ReadOptions) error { default: // fallthrough } + if _, err := j.Next(); err != nil { - return err + return errors.Wrap(err, "failed to move journal cursor to next entry") } newCursor, err := j.GetCursor() if err != nil { - return err + return errors.Wrap(err, "failed to get journal cursor") } if prevCursor == newCursor { if len(options.Until) > 0 || !options.Stream { break } - _ = j.Wait(sdjournal.IndefiniteWait) //nolint + _ = j.Wait(sdjournal.IndefiniteWait) continue } prevCursor = newCursor + entry, err := j.GetEntry() if err != nil { - return err - } - // TODO this keeps us from feeding the podman event parser with - // with regular journal content; it can be removed if the above - // problem with AddMatch is resolved. - if entry.Fields["PODMAN_EVENT"] == "" { - continue + return errors.Wrap(err, "failed to read journal entry") } newEvent, err := newEventFromJournalEntry(entry) if err != nil { @@ -174,6 +184,19 @@ func newEventFromJournalEntry(entry *sdjournal.JournalEntry) (*Event, error) { / newEvent.ContainerExitCode = intCode } } + + // we need to check for the presence of labels recorded to a container event + if stringLabels, ok := entry.Fields["PODMAN_LABELS"]; ok && len(stringLabels) > 0 { + labels := make(map[string]string, 0) + if err := json.Unmarshal([]byte(stringLabels), &labels); err != nil { + return nil, err + } + + // if we have labels, add them to the event + if len(labels) > 0 { + newEvent.Details = Details{Attributes: labels} + } + } case Image: newEvent.ID = entry.Fields["PODMAN_ID"] } diff --git a/libpod/image/filters.go b/libpod/image/filters.go index db647954f..4aff0a7b5 100644 --- a/libpod/image/filters.go +++ b/libpod/image/filters.go @@ -82,7 +82,7 @@ func LabelFilter(ctx context.Context, labelfilter string) ResultFilter { // We need to handle both label=key and label=key=value return func(i *Image) bool { var value string - splitFilter := strings.Split(labelfilter, "=") + splitFilter := strings.SplitN(labelfilter, "=", 2) key := splitFilter[0] if len(splitFilter) > 1 { value = splitFilter[1] @@ -157,7 +157,7 @@ func (ir *Runtime) createFilterFuncs(filters []string, img *Image) ([]ResultFilt var filterFuncs []ResultFilter ctx := context.Background() for _, filter := range filters { - splitFilter := strings.Split(filter, "=") + splitFilter := strings.SplitN(filter, "=", 2) if len(splitFilter) < 2 { return nil, errors.Errorf("invalid filter syntax %s", filter) } diff --git a/libpod/image/image.go b/libpod/image/image.go index 0900944eb..301954703 100644 --- a/libpod/image/image.go +++ b/libpod/image/image.go @@ -177,7 +177,7 @@ func (ir *Runtime) New(ctx context.Context, name, signaturePolicyPath, authfile // SaveImages stores one more images in a multi-image archive. // Note that only `docker-archive` supports storing multiple // image. -func (ir *Runtime) SaveImages(ctx context.Context, namesOrIDs []string, format string, outputFile string, quiet bool) (finalErr error) { +func (ir *Runtime) SaveImages(ctx context.Context, namesOrIDs []string, format string, outputFile string, quiet, removeSignatures bool) (finalErr error) { if format != DockerArchive { return errors.Errorf("multi-image archives are only supported in in the %q format", DockerArchive) } @@ -264,7 +264,7 @@ func (ir *Runtime) SaveImages(ctx context.Context, namesOrIDs []string, format s } img := imageMap[id] - copyOptions := getCopyOptions(sys, writer, nil, nil, SigningOptions{}, "", img.tags) + copyOptions := getCopyOptions(sys, writer, nil, nil, SigningOptions{RemoveSignatures: removeSignatures}, "", img.tags) copyOptions.DestinationCtx.SystemRegistriesConfPath = registries.SystemRegistriesConfPath() // For copying, we need a source reference that we can create @@ -469,7 +469,7 @@ func (ir *Runtime) getLocalImage(inputName string) (string, *storage.Image, erro if err != nil { return "", nil, err } - img, err := ir.store.Image(ref.String()) + img, err := ir.store.Image(reference.TagNameOnly(ref).String()) if err == nil { return ref.String(), img, nil } @@ -1584,7 +1584,7 @@ func (i *Image) Comment(ctx context.Context, manifestType string) (string, error } // Save writes a container image to the filesystem -func (i *Image) Save(ctx context.Context, source, format, output string, moreTags []string, quiet, compress bool) error { +func (i *Image) Save(ctx context.Context, source, format, output string, moreTags []string, quiet, compress, removeSignatures bool) error { var ( writer io.Writer destRef types.ImageReference @@ -1636,7 +1636,7 @@ func (i *Image) Save(ctx context.Context, source, format, output string, moreTag return err } } - if err := i.PushImageToReference(ctx, destRef, manifestType, "", "", "", writer, compress, SigningOptions{}, &DockerRegistryOptions{}, additionaltags); err != nil { + if err := i.PushImageToReference(ctx, destRef, manifestType, "", "", "", writer, compress, SigningOptions{RemoveSignatures: removeSignatures}, &DockerRegistryOptions{}, additionaltags); err != nil { return errors.Wrapf(err, "unable to save %q", source) } i.newImageEvent(events.Save) diff --git a/libpod/image/search.go b/libpod/image/search.go index 5f5845989..b9acf4a20 100644 --- a/libpod/image/search.go +++ b/libpod/image/search.go @@ -263,7 +263,7 @@ func searchRepositoryTags(registry, term string, sc *types.SystemContext, option func ParseSearchFilter(filter []string) (*SearchFilter, error) { sFilter := new(SearchFilter) for _, f := range filter { - arr := strings.Split(f, "=") + arr := strings.SplitN(f, "=", 2) switch arr[0] { case "stars": if len(arr) < 2 { diff --git a/libpod/network/create.go b/libpod/network/create.go index a9ed4c4ef..bf11631bf 100644 --- a/libpod/network/create.go +++ b/libpod/network/create.go @@ -10,6 +10,7 @@ import ( "github.com/containernetworking/cni/pkg/version" "github.com/containers/podman/v2/libpod" "github.com/containers/podman/v2/pkg/domain/entities" + "github.com/containers/podman/v2/pkg/rootless" "github.com/containers/podman/v2/pkg/util" "github.com/pkg/errors" ) @@ -131,8 +132,9 @@ func createBridge(r *libpod.Runtime, name string, options entities.NetworkCreate plugins = append(plugins, bridge) plugins = append(plugins, NewPortMapPlugin()) plugins = append(plugins, NewFirewallPlugin()) - // if we find the dnsname plugin, we add configuration for it - if HasDNSNamePlugin(runtimeConfig.Network.CNIPluginDirs) && !options.DisableDNS { + // if we find the dnsname plugin or are rootless, we add configuration for it + // the rootless-cni-infra container has the dnsname plugin always installed + if (HasDNSNamePlugin(runtimeConfig.Network.CNIPluginDirs) || rootless.IsRootless()) && !options.DisableDNS { // Note: in the future we might like to allow for dynamic domain names plugins = append(plugins, NewDNSNamePlugin(DefaultPodmanDomainName)) } diff --git a/libpod/networking_linux.go b/libpod/networking_linux.go index f87c311ce..9ff6e40b7 100644 --- a/libpod/networking_linux.go +++ b/libpod/networking_linux.go @@ -254,9 +254,11 @@ func (r *Runtime) setupSlirp4netns(ctr *Container) error { if ctr.config.NetworkOptions != nil { slirpOptions := ctr.config.NetworkOptions["slirp4netns"] for _, o := range slirpOptions { - parts := strings.Split(o, "=") + parts := strings.SplitN(o, "=", 2) + if len(parts) < 2 { + return errors.Errorf("unknown option for slirp4netns: %q", o) + } option, value := parts[0], parts[1] - switch option { case "cidr": ipv4, _, err := net.ParseCIDR(value) @@ -823,6 +825,20 @@ func getContainerNetIO(ctr *Container) (*netlink.LinkStatistics, error) { // Produce an InspectNetworkSettings containing information on the container // network. func (c *Container) getContainerNetworkInfo() (*define.InspectNetworkSettings, error) { + if c.config.NetNsCtr != "" { + netNsCtr, err := c.runtime.GetContainer(c.config.NetNsCtr) + if err != nil { + return nil, err + } + // Have to sync to ensure that state is populated + if err := netNsCtr.syncContainer(); err != nil { + return nil, err + } + logrus.Debugf("Container %s shares network namespace, retrieving network info of container %s", c.ID(), c.config.NetNsCtr) + + return netNsCtr.getContainerNetworkInfo() + } + settings := new(define.InspectNetworkSettings) settings.Ports = makeInspectPortBindings(c.config.PortMappings) diff --git a/libpod/pod_api.go b/libpod/pod_api.go index f2ddba9c9..87ac5c07a 100644 --- a/libpod/pod_api.go +++ b/libpod/pod_api.go @@ -506,7 +506,7 @@ func (p *Pod) Inspect() (*define.InspectPodData, error) { }) ctrStatuses[c.ID()] = c.state.State } - podState, err := CreatePodStatusResults(ctrStatuses) + podState, err := createPodStatusResults(ctrStatuses) if err != nil { return nil, err } diff --git a/libpod/pod_status.go b/libpod/pod_status.go index f4ccf308a..668d45ec7 100644 --- a/libpod/pod_status.go +++ b/libpod/pod_status.go @@ -10,10 +10,10 @@ func (p *Pod) GetPodStatus() (string, error) { if err != nil { return define.PodStateErrored, err } - return CreatePodStatusResults(ctrStatuses) + return createPodStatusResults(ctrStatuses) } -func CreatePodStatusResults(ctrStatuses map[string]define.ContainerStatus) (string, error) { +func createPodStatusResults(ctrStatuses map[string]define.ContainerStatus) (string, error) { ctrNum := len(ctrStatuses) if ctrNum == 0 { return define.PodStateCreated, nil @@ -43,8 +43,10 @@ func CreatePodStatusResults(ctrStatuses map[string]define.ContainerStatus) (stri } switch { - case statuses[define.PodStateRunning] > 0: + case statuses[define.PodStateRunning] == ctrNum: return define.PodStateRunning, nil + case statuses[define.PodStateRunning] > 0: + return define.PodStateDegraded, nil case statuses[define.PodStatePaused] == ctrNum: return define.PodStatePaused, nil case statuses[define.PodStateStopped] == ctrNum: diff --git a/libpod/runtime.go b/libpod/runtime.go index 7da8b181f..792492db6 100644 --- a/libpod/runtime.go +++ b/libpod/runtime.go @@ -17,6 +17,7 @@ import ( "github.com/containers/podman/v2/libpod/events" "github.com/containers/podman/v2/libpod/image" "github.com/containers/podman/v2/libpod/lock" + "github.com/containers/podman/v2/libpod/shutdown" "github.com/containers/podman/v2/pkg/cgroups" "github.com/containers/podman/v2/pkg/registries" "github.com/containers/podman/v2/pkg/rootless" @@ -174,9 +175,21 @@ func newRuntimeFromConfig(ctx context.Context, conf *config.Config, options ...R } } + if err := shutdown.Start(); err != nil { + return nil, errors.Wrapf(err, "error starting shutdown signal handler") + } + if err := makeRuntime(ctx, runtime); err != nil { return nil, err } + + if err := shutdown.Register("libpod", func(sig os.Signal) error { + os.Exit(1) + return nil + }); err != nil { + logrus.Errorf("Error registering shutdown handler for libpod: %v", err) + } + return runtime, nil } @@ -383,14 +396,12 @@ func makeRuntime(ctx context.Context, runtime *Runtime) (retErr error) { // If the string starts with / it's a path to a runtime // executable. if strings.HasPrefix(runtime.config.Engine.OCIRuntime, "/") { - name := filepath.Base(runtime.config.Engine.OCIRuntime) - - ociRuntime, err := newConmonOCIRuntime(name, []string{runtime.config.Engine.OCIRuntime}, runtime.conmonPath, runtime.runtimeFlags, runtime.config) + ociRuntime, err := newConmonOCIRuntime(runtime.config.Engine.OCIRuntime, []string{runtime.config.Engine.OCIRuntime}, runtime.conmonPath, runtime.runtimeFlags, runtime.config) if err != nil { return err } - runtime.ociRuntimes[name] = ociRuntime + runtime.ociRuntimes[runtime.config.Engine.OCIRuntime] = ociRuntime runtime.defaultOCIRuntime = ociRuntime } else { ociRuntime, ok := runtime.ociRuntimes[runtime.config.Engine.OCIRuntime] diff --git a/libpod/runtime_cstorage.go b/libpod/runtime_cstorage.go index 03eebeefc..61fdd42d3 100644 --- a/libpod/runtime_cstorage.go +++ b/libpod/runtime_cstorage.go @@ -52,6 +52,10 @@ func (r *Runtime) ListStorageContainers() ([]*StorageContainer, error) { return finalCtrs, nil } +func (r *Runtime) StorageContainer(idOrName string) (*storage.Container, error) { + return r.store.Container(idOrName) +} + // RemoveStorageContainer removes a container from c/storage. // The container WILL NOT be removed if it exists in libpod. // Accepts ID or full name of container. diff --git a/libpod/runtime_ctr.go b/libpod/runtime_ctr.go index 51b4c5f03..de73a9ff3 100644 --- a/libpod/runtime_ctr.go +++ b/libpod/runtime_ctr.go @@ -12,6 +12,7 @@ import ( "github.com/containers/common/pkg/config" "github.com/containers/podman/v2/libpod/define" "github.com/containers/podman/v2/libpod/events" + "github.com/containers/podman/v2/libpod/shutdown" "github.com/containers/podman/v2/pkg/cgroups" "github.com/containers/podman/v2/pkg/rootless" "github.com/containers/storage" @@ -149,6 +150,10 @@ func (r *Runtime) setupContainer(ctx context.Context, ctr *Container) (_ *Contai return nil, err } + // Inhibit shutdown until creation succeeds + shutdown.Inhibit() + defer shutdown.Uninhibit() + // Allocate a lock for the container lock, err := r.lockManager.AllocateLock() if err != nil { diff --git a/libpod/shutdown/handler.go b/libpod/shutdown/handler.go new file mode 100644 index 000000000..87538dec9 --- /dev/null +++ b/libpod/shutdown/handler.go @@ -0,0 +1,131 @@ +package shutdown + +import ( + "os" + "os/signal" + "sync" + "syscall" + + "github.com/pkg/errors" + "github.com/sirupsen/logrus" +) + +var ( + stopped bool + sigChan chan os.Signal + cancelChan chan bool + // Definitions of all on-shutdown handlers + handlers map[string]func(os.Signal) error + // Ordering that on-shutdown handlers will be invoked. + handlerOrder []string + shutdownInhibit sync.RWMutex +) + +// Start begins handling SIGTERM and SIGINT and will run the given on-signal +// handlers when one is called. This can be cancelled by calling Stop(). +func Start() error { + if sigChan != nil { + // Already running, do nothing. + return nil + } + + sigChan = make(chan os.Signal, 1) + cancelChan = make(chan bool, 1) + stopped = false + + signal.Notify(sigChan, syscall.SIGINT, syscall.SIGTERM) + + go func() { + select { + case <-cancelChan: + signal.Stop(sigChan) + close(sigChan) + close(cancelChan) + stopped = true + return + case sig := <-sigChan: + logrus.Infof("Received shutdown signal %v, terminating!", sig) + shutdownInhibit.Lock() + for _, name := range handlerOrder { + handler, ok := handlers[name] + if !ok { + logrus.Errorf("Shutdown handler %s definition not found!", name) + continue + } + logrus.Infof("Invoking shutdown handler %s", name) + if err := handler(sig); err != nil { + logrus.Errorf("Error running shutdown handler %s: %v", name, err) + } + } + shutdownInhibit.Unlock() + return + } + }() + + return nil +} + +// Stop the shutdown signal handler. +func Stop() error { + if cancelChan == nil { + return errors.New("shutdown signal handler has not yet been started") + } + if stopped { + return nil + } + + cancelChan <- true + + return nil +} + +// Temporarily inhibit signals from shutting down Libpod. +func Inhibit() { + shutdownInhibit.RLock() +} + +// Stop inhibiting signals from shutting down Libpod. +func Uninhibit() { + shutdownInhibit.RUnlock() +} + +// Register registers a function that will be executed when Podman is terminated +// by a signal. Handlers are invoked LIFO - the last handler registered is the +// first run. +func Register(name string, handler func(os.Signal) error) error { + if handlers == nil { + handlers = make(map[string]func(os.Signal) error) + } + + if _, ok := handlers[name]; ok { + return errors.Errorf("handler with name %s already exists", name) + } + + handlers[name] = handler + handlerOrder = append([]string{name}, handlerOrder...) + + return nil +} + +// Unregister un-registers a given shutdown handler. +func Unregister(name string) error { + if handlers == nil { + return nil + } + + if _, ok := handlers[name]; !ok { + return nil + } + + delete(handlers, name) + + newOrder := []string{} + for _, checkName := range handlerOrder { + if checkName != name { + newOrder = append(newOrder, checkName) + } + } + handlerOrder = newOrder + + return nil +} |