diff options
Diffstat (limited to 'pkg')
34 files changed, 596 insertions, 330 deletions
diff --git a/pkg/api/handlers/libpod/generate.go b/pkg/api/handlers/libpod/generate.go index 48c4c59e1..431927ac5 100644 --- a/pkg/api/handlers/libpod/generate.go +++ b/pkg/api/handlers/libpod/generate.go @@ -17,20 +17,21 @@ func GenerateSystemd(w http.ResponseWriter, r *http.Request) { runtime := r.Context().Value(api.RuntimeKey).(*libpod.Runtime) decoder := r.Context().Value(api.DecoderKey).(*schema.Decoder) query := struct { - Name bool `schema:"useName"` - New bool `schema:"new"` - NoHeader bool `schema:"noHeader"` - TemplateUnitFile bool `schema:"templateUnitFile"` - RestartPolicy *string `schema:"restartPolicy"` - RestartSec uint `schema:"restartSec"` - StopTimeout uint `schema:"stopTimeout"` - StartTimeout uint `schema:"startTimeout"` - ContainerPrefix *string `schema:"containerPrefix"` - PodPrefix *string `schema:"podPrefix"` - Separator *string `schema:"separator"` - Wants []string `schema:"wants"` - After []string `schema:"after"` - Requires []string `schema:"requires"` + Name bool `schema:"useName"` + New bool `schema:"new"` + NoHeader bool `schema:"noHeader"` + TemplateUnitFile bool `schema:"templateUnitFile"` + RestartPolicy *string `schema:"restartPolicy"` + RestartSec uint `schema:"restartSec"` + StopTimeout uint `schema:"stopTimeout"` + StartTimeout uint `schema:"startTimeout"` + ContainerPrefix *string `schema:"containerPrefix"` + PodPrefix *string `schema:"podPrefix"` + Separator *string `schema:"separator"` + Wants []string `schema:"wants"` + After []string `schema:"after"` + Requires []string `schema:"requires"` + AdditionalEnvVariables []string `schema:"additionalEnvVariables"` }{ StartTimeout: 0, StopTimeout: util.DefaultContainerConfig().Engine.StopTimeout, @@ -58,20 +59,21 @@ func GenerateSystemd(w http.ResponseWriter, r *http.Request) { containerEngine := abi.ContainerEngine{Libpod: runtime} options := entities.GenerateSystemdOptions{ - Name: query.Name, - New: query.New, - NoHeader: query.NoHeader, - TemplateUnitFile: query.TemplateUnitFile, - RestartPolicy: query.RestartPolicy, - StartTimeout: &query.StartTimeout, - StopTimeout: &query.StopTimeout, - ContainerPrefix: ContainerPrefix, - PodPrefix: PodPrefix, - Separator: Separator, - RestartSec: &query.RestartSec, - Wants: query.Wants, - After: query.After, - Requires: query.Requires, + Name: query.Name, + New: query.New, + NoHeader: query.NoHeader, + TemplateUnitFile: query.TemplateUnitFile, + RestartPolicy: query.RestartPolicy, + StartTimeout: &query.StartTimeout, + StopTimeout: &query.StopTimeout, + ContainerPrefix: ContainerPrefix, + PodPrefix: PodPrefix, + Separator: Separator, + RestartSec: &query.RestartSec, + Wants: query.Wants, + After: query.After, + Requires: query.Requires, + AdditionalEnvVariables: query.AdditionalEnvVariables, } report, err := containerEngine.GenerateSystemd(r.Context(), utils.GetName(r), options) diff --git a/pkg/api/server/register_containers.go b/pkg/api/server/register_containers.go index 41baf5418..7e9c02816 100644 --- a/pkg/api/server/register_containers.go +++ b/pkg/api/server/register_containers.go @@ -212,7 +212,6 @@ func (s *APIServer) registerContainersHandlers(r *mux.Router) error { // - in: query // name: signal // type: string - // default: TERM // description: signal to be sent to container // default: SIGKILL // produces: @@ -723,6 +722,7 @@ func (s *APIServer) registerContainersHandlers(r *mux.Router) error { // type: boolean // description: Include namespace information // default: false + // - in: query // name: pod // type: boolean // default: false diff --git a/pkg/api/server/register_generate.go b/pkg/api/server/register_generate.go index 82fbe3d09..ac2818db0 100644 --- a/pkg/api/server/register_generate.go +++ b/pkg/api/server/register_generate.go @@ -93,6 +93,13 @@ func (s *APIServer) registerGenerateHandlers(r *mux.Router) error { // type: string // default: [] // description: Systemd Requires list for the container or pods. + // - in: query + // name: additionalEnvVariables + // type: array + // items: + // type: string + // default: [] + // description: Set environment variables to the systemd unit files. // produces: // - application/json // responses: diff --git a/pkg/api/server/register_secrets.go b/pkg/api/server/register_secrets.go index f4608baa6..8918ad238 100644 --- a/pkg/api/server/register_secrets.go +++ b/pkg/api/server/register_secrets.go @@ -54,7 +54,6 @@ func (s *APIServer) registerSecretHandlers(r *mux.Router) error { // - `id=[id]` Matches for full or partial ID. // produces: // - application/json - // parameters: // responses: // '200': // "$ref": "#/responses/SecretListResponse" @@ -128,7 +127,6 @@ func (s *APIServer) registerSecretHandlers(r *mux.Router) error { // - `id=[id]` Matches for full or partial ID. // produces: // - application/json - // parameters: // responses: // '200': // "$ref": "#/responses/SecretListCompatResponse" diff --git a/pkg/autoupdate/autoupdate.go b/pkg/autoupdate/autoupdate.go index 297d6640e..9cf77d135 100644 --- a/pkg/autoupdate/autoupdate.go +++ b/pkg/autoupdate/autoupdate.go @@ -153,18 +153,19 @@ func AutoUpdate(ctx context.Context, runtime *libpod.Runtime, options entities.A } // Find auto-update tasks and assemble them by unit. - errors := auto.assembleTasks(ctx) + allErrors := auto.assembleTasks(ctx) // Nothing to do. if len(auto.unitToTasks) == 0 { - return nil, errors + return nil, allErrors } // Connect to DBUS. conn, err := systemd.ConnectToDBUS() if err != nil { logrus.Errorf(err.Error()) - return nil, []error{err} + allErrors = append(allErrors, err) + return nil, allErrors } defer conn.Close() auto.conn = conn @@ -174,72 +175,94 @@ func AutoUpdate(ctx context.Context, runtime *libpod.Runtime, options entities.A // Update all images/container according to their auto-update policy. var allReports []*entities.AutoUpdateReport for unit, tasks := range auto.unitToTasks { - // Sanity check: we'll support that in the future. - if len(tasks) != 1 { - errors = append(errors, fmt.Errorf("only 1 task per unit supported but unit %s has %d", unit, len(tasks))) - return nil, errors + unitErrors := auto.updateUnit(ctx, unit, tasks) + allErrors = append(allErrors, unitErrors...) + for _, task := range tasks { + allReports = append(allReports, task.report()) } + } - for _, task := range tasks { - err := func() error { - // Transition from state to state. Will be - // split into multiple loops in the future to - // support more than one container/task per - // unit. - updateAvailable, err := task.updateAvailable(ctx) - if err != nil { - task.status = statusFailed - return fmt.Errorf("checking image updates for container %s: %w", task.container.ID(), err) - } - - if !updateAvailable { - task.status = statusNotUpdated - return nil - } - - if options.DryRun { - task.status = statusPending - return nil - } - - if err := task.update(ctx); err != nil { - task.status = statusFailed - return fmt.Errorf("updating image for container %s: %w", task.container.ID(), err) - } - - updateError := auto.restartSystemdUnit(ctx, unit) - if updateError == nil { - task.status = statusUpdated - return nil - } - - if !options.Rollback { - task.status = statusFailed - return fmt.Errorf("restarting unit %s for container %s: %w", task.unit, task.container.ID(), err) - } - - if err := task.rollbackImage(); err != nil { - task.status = statusFailed - return fmt.Errorf("rolling back image for container %s: %w", task.container.ID(), err) - } - - if err := auto.restartSystemdUnit(ctx, unit); err != nil { - task.status = statusFailed - return fmt.Errorf("restarting unit %s for container %s during rollback: %w", task.unit, task.container.ID(), err) - } - - task.status = statusRolledBack - return nil - }() + return allReports, allErrors +} + +// updateUnit auto updates the tasks in the specified systemd unit. +func (u *updater) updateUnit(ctx context.Context, unit string, tasks []*task) []error { + var errors []error + tasksUpdated := false + for _, task := range tasks { + err := func() error { // Use an anonymous function to avoid spaghetti continue's + updateAvailable, err := task.updateAvailable(ctx) if err != nil { - errors = append(errors, err) + task.status = statusFailed + return fmt.Errorf("checking image updates for container %s: %w", task.container.ID(), err) } - allReports = append(allReports, task.report()) + + if !updateAvailable { + task.status = statusNotUpdated + return nil + } + + if u.options.DryRun { + task.status = statusPending + return nil + } + + if err := task.update(ctx); err != nil { + task.status = statusFailed + return fmt.Errorf("updating image for container %s: %w", task.container.ID(), err) + } + + tasksUpdated = true + return nil + }() + + if err != nil { + errors = append(errors, err) } } - return allReports, errors + // If no task has been updated, we can jump directly to the next unit. + if !tasksUpdated { + return errors + } + + updateError := u.restartSystemdUnit(ctx, unit) + for _, task := range tasks { + if updateError == nil { + task.status = statusUpdated + } else { + task.status = statusFailed + } + } + + // Jump to the next unit on successful update or if rollbacks are disabled. + if updateError == nil || !u.options.Rollback { + return errors + } + + // The update has failed and rollbacks are enabled. + for _, task := range tasks { + if err := task.rollbackImage(); err != nil { + err = fmt.Errorf("rolling back image for container %s in unit %s: %w", task.container.ID(), unit, err) + errors = append(errors, err) + } + } + + if err := u.restartSystemdUnit(ctx, unit); err != nil { + for _, task := range tasks { + task.status = statusFailed + } + err = fmt.Errorf("restarting unit %s during rollback: %w", unit, err) + errors = append(errors, err) + return errors + } + + for _, task := range tasks { + task.status = statusRolledBack + } + + return errors } // report creates an auto-update report for the task. @@ -258,7 +281,16 @@ func (t *task) report() *entities.AutoUpdateReport { func (t *task) updateAvailable(ctx context.Context) (bool, error) { switch t.policy { case PolicyRegistryImage: - return t.registryUpdateAvailable(ctx) + // Errors checking for updates only should not be fatal. + // Especially on Edge systems, connection may be limited or + // there may just be a temporary downtime of the registry. + // But make sure to leave some breadcrumbs in the debug logs + // such that potential issues _can_ be analyzed if needed. + available, err := t.registryUpdateAvailable(ctx) + if err != nil { + logrus.Debugf("Error checking updates for image %s: %v (ignoring error)", t.rawImageName, err) + } + return available, nil case PolicyLocalImage: return t.localUpdateAvailable() default: diff --git a/pkg/bindings/generate/types.go b/pkg/bindings/generate/types.go index 25c398c8b..31b43897c 100644 --- a/pkg/bindings/generate/types.go +++ b/pkg/bindings/generate/types.go @@ -38,4 +38,6 @@ type SystemdOptions struct { After *[]string // Requires - systemd requires list for the container or pods Requires *[]string + // AdditionalEnvVariables - Sets environment variables to a systemd unit file + AdditionalEnvVariables *[]string } diff --git a/pkg/bindings/generate/types_systemd_options.go b/pkg/bindings/generate/types_systemd_options.go index 4d436945b..3aec33a54 100644 --- a/pkg/bindings/generate/types_systemd_options.go +++ b/pkg/bindings/generate/types_systemd_options.go @@ -226,3 +226,18 @@ func (o *SystemdOptions) GetRequires() []string { } return *o.Requires } + +// WithAdditionalEnvVariables set field AdditionalEnvVariables to given value +func (o *SystemdOptions) WithAdditionalEnvVariables(value []string) *SystemdOptions { + o.AdditionalEnvVariables = &value + return o +} + +// GetAdditionalEnvVariables returns value of field AdditionalEnvVariables +func (o *SystemdOptions) GetAdditionalEnvVariables() []string { + if o.AdditionalEnvVariables == nil { + var z []string + return z + } + return *o.AdditionalEnvVariables +} diff --git a/pkg/bindings/system/system.go b/pkg/bindings/system/system.go index dae80384b..733b2cb5c 100644 --- a/pkg/bindings/system/system.go +++ b/pkg/bindings/system/system.go @@ -36,8 +36,9 @@ func Events(ctx context.Context, eventChan chan entities.Event, cancelChan chan if cancelChan != nil { go func() { <-cancelChan - err = response.Body.Close() - logrus.Errorf("Unable to close event response body: %v", err) + if err := response.Body.Close(); err != nil { + logrus.Errorf("Unable to close event response body: %v", err) + } }() } diff --git a/pkg/domain/entities/engine_container.go b/pkg/domain/entities/engine_container.go index 69adc9732..19b666f8e 100644 --- a/pkg/domain/entities/engine_container.go +++ b/pkg/domain/entities/engine_container.go @@ -75,7 +75,7 @@ type ContainerEngine interface { PodCreate(ctx context.Context, specg PodSpec) (*PodCreateReport, error) PodClone(ctx context.Context, podClone PodCloneOptions) (*PodCloneReport, error) PodExists(ctx context.Context, nameOrID string) (*BoolReport, error) - PodInspect(ctx context.Context, options PodInspectOptions) (*PodInspectReport, error) + PodInspect(ctx context.Context, namesOrID []string, options InspectOptions) ([]*PodInspectReport, []error, error) PodKill(ctx context.Context, namesOrIds []string, options PodKillOptions) ([]*PodKillReport, error) PodLogs(ctx context.Context, pod string, options PodLogsOptions) error PodPause(ctx context.Context, namesOrIds []string, options PodPauseOptions) ([]*PodPauseReport, error) diff --git a/pkg/domain/entities/generate.go b/pkg/domain/entities/generate.go index f18e79b47..314996497 100644 --- a/pkg/domain/entities/generate.go +++ b/pkg/domain/entities/generate.go @@ -4,34 +4,21 @@ import "io" // GenerateSystemdOptions control the generation of systemd unit files. type GenerateSystemdOptions struct { - // Name - use container/pod name instead of its ID. - Name bool - // New - create a new container instead of starting a new one. - New bool - // RestartPolicy - systemd restart policy. - RestartPolicy *string - // RestartSec - systemd service restartsec. Configures the time to sleep before restarting a service. - RestartSec *uint - // StartTimeout - time when starting the container. - StartTimeout *uint - // StopTimeout - time when stopping the container. - StopTimeout *uint - // ContainerPrefix - systemd unit name prefix for containers - ContainerPrefix string - // PodPrefix - systemd unit name prefix for pods - PodPrefix string - // Separator - systemd unit name separator between name/id and prefix - Separator string - // NoHeader - skip header generation - NoHeader bool - // TemplateUnitFile - make use of %i and %I to differentiate between the different instances of the unit - TemplateUnitFile bool - // Wants - systemd wants list for the container or pods - Wants []string - // After - systemd after list for the container or pods - After []string - // Requires - systemd requires list for the container or pods - Requires []string + Name bool + New bool + RestartPolicy *string + RestartSec *uint + StartTimeout *uint + StopTimeout *uint + ContainerPrefix string + PodPrefix string + Separator string + NoHeader bool + TemplateUnitFile bool + Wants []string + After []string + Requires []string + AdditionalEnvVariables []string } // GenerateSystemdReport diff --git a/pkg/domain/entities/pods.go b/pkg/domain/entities/pods.go index b672434d8..55e2fd574 100644 --- a/pkg/domain/entities/pods.go +++ b/pkg/domain/entities/pods.go @@ -438,15 +438,6 @@ type PodPSOptions struct { Sort string } -type PodInspectOptions struct { - Latest bool - - // Options for the API. - NameOrID string - - Format string -} - type PodInspectReport struct { *define.InspectPodData } diff --git a/pkg/domain/infra/abi/play.go b/pkg/domain/infra/abi/play.go index 6ea20a4f2..12786afcd 100644 --- a/pkg/domain/infra/abi/play.go +++ b/pkg/domain/infra/abi/play.go @@ -661,9 +661,10 @@ func (ic *ContainerEngine) playKubePod(ctx context.Context, podName string, podY opts = append(opts, libpod.WithSdNotifyMode(sdNotifyMode)) + var proxy *notifyproxy.NotifyProxy // Create a notify proxy for the container. if sdNotifyMode != "" && sdNotifyMode != define.SdNotifyModeIgnore { - proxy, err := notifyproxy.New("") + proxy, err = notifyproxy.New("") if err != nil { return nil, err } @@ -675,6 +676,9 @@ func (ic *ContainerEngine) playKubePod(ctx context.Context, podName string, podY if err != nil { return nil, err } + if proxy != nil { + proxy.AddContainer(ctr) + } containers = append(containers, ctr) } @@ -774,21 +778,26 @@ func (ic *ContainerEngine) getImageAndLabelInfo(ctx context.Context, cwd string, } // Handle kube annotations - for k, v := range annotations { - switch k { - // Auto update annotation without container name will apply to - // all containers within the pod - case autoupdate.Label, autoupdate.AuthfileLabel: - labels[k] = v - // Auto update annotation with container name will apply only - // to the specified container - case fmt.Sprintf("%s/%s", autoupdate.Label, container.Name), - fmt.Sprintf("%s/%s", autoupdate.AuthfileLabel, container.Name): - prefixAndCtr := strings.Split(k, "/") - labels[prefixAndCtr[0]] = v + setLabel := func(label string) { + var result string + ctrSpecific := fmt.Sprintf("%s/%s", label, container.Name) + for k, v := range annotations { + switch k { + case label: + result = v + case ctrSpecific: + labels[label] = v + return + } + } + if result != "" { + labels[label] = result } } + setLabel(autoupdate.Label) + setLabel(autoupdate.AuthfileLabel) + return pulledImage, labels, nil } diff --git a/pkg/domain/infra/abi/pods.go b/pkg/domain/infra/abi/pods.go index 03c8082c4..68f2fa125 100644 --- a/pkg/domain/infra/abi/pods.go +++ b/pkg/domain/infra/abi/pods.go @@ -505,23 +505,49 @@ func (ic *ContainerEngine) PodPs(ctx context.Context, options entities.PodPSOpti return reports, nil } -func (ic *ContainerEngine) PodInspect(ctx context.Context, options entities.PodInspectOptions) (*entities.PodInspectReport, error) { - var ( - pod *libpod.Pod - err error - ) - // Look up the pod. +func (ic *ContainerEngine) PodInspect(ctx context.Context, nameOrIDs []string, options entities.InspectOptions) ([]*entities.PodInspectReport, []error, error) { if options.Latest { - pod, err = ic.Libpod.GetLatestPod() - } else { - pod, err = ic.Libpod.LookupPod(options.NameOrID) - } - if err != nil { - return nil, fmt.Errorf("unable to look up requested container: %w", err) + pod, err := ic.Libpod.GetLatestPod() + if err != nil { + return nil, nil, err + } + inspect, err := pod.Inspect() + if err != nil { + return nil, nil, err + } + + return []*entities.PodInspectReport{ + { + InspectPodData: inspect, + }, + }, nil, nil } - inspect, err := pod.Inspect() - if err != nil { - return nil, err + + var errs []error + podReport := make([]*entities.PodInspectReport, 0, len(nameOrIDs)) + for _, name := range nameOrIDs { + pod, err := ic.Libpod.LookupPod(name) + if err != nil { + // ErrNoSuchPod is non-fatal, other errors will be + // treated as fatal. + if errors.Is(err, define.ErrNoSuchPod) { + errs = append(errs, fmt.Errorf("no such pod %s", name)) + continue + } + return nil, nil, err + } + + inspect, err := pod.Inspect() + if err != nil { + // ErrNoSuchPod is non-fatal, other errors will be + // treated as fatal. + if errors.Is(err, define.ErrNoSuchPod) { + errs = append(errs, fmt.Errorf("no such pod %s", name)) + continue + } + return nil, nil, err + } + podReport = append(podReport, &entities.PodInspectReport{InspectPodData: inspect}) } - return &entities.PodInspectReport{InspectPodData: inspect}, nil + return podReport, errs, nil } diff --git a/pkg/domain/infra/tunnel/generate.go b/pkg/domain/infra/tunnel/generate.go index ed63d363a..d3c3638cb 100644 --- a/pkg/domain/infra/tunnel/generate.go +++ b/pkg/domain/infra/tunnel/generate.go @@ -19,7 +19,8 @@ func (ic *ContainerEngine) GenerateSystemd(ctx context.Context, nameOrID string, WithSeparator(opts.Separator). WithWants(opts.Wants). WithAfter(opts.After). - WithRequires(opts.Requires) + WithRequires(opts.Requires). + WithAdditionalEnvVariables(opts.AdditionalEnvVariables) if opts.StartTimeout != nil { options.WithStartTimeout(*opts.StartTimeout) diff --git a/pkg/domain/infra/tunnel/pods.go b/pkg/domain/infra/tunnel/pods.go index bcbd32d1b..f9314dcfe 100644 --- a/pkg/domain/infra/tunnel/pods.go +++ b/pkg/domain/infra/tunnel/pods.go @@ -3,10 +3,12 @@ package tunnel import ( "context" "errors" + "fmt" "github.com/containers/podman/v4/libpod/define" "github.com/containers/podman/v4/pkg/bindings/pods" "github.com/containers/podman/v4/pkg/domain/entities" + "github.com/containers/podman/v4/pkg/errorhandling" "github.com/containers/podman/v4/pkg/util" ) @@ -223,14 +225,25 @@ func (ic *ContainerEngine) PodPs(ctx context.Context, opts entities.PodPSOptions return pods.List(ic.ClientCtx, options) } -func (ic *ContainerEngine) PodInspect(ctx context.Context, options entities.PodInspectOptions) (*entities.PodInspectReport, error) { - switch { - case options.Latest: - return nil, errors.New("latest is not supported") - case options.NameOrID == "": - return nil, errors.New("NameOrID must be specified") +func (ic *ContainerEngine) PodInspect(ctx context.Context, namesOrIDs []string, options entities.InspectOptions) ([]*entities.PodInspectReport, []error, error) { + var errs []error + podReport := make([]*entities.PodInspectReport, 0, len(namesOrIDs)) + for _, name := range namesOrIDs { + inspect, err := pods.Inspect(ic.ClientCtx, name, nil) + if err != nil { + errModel, ok := err.(*errorhandling.ErrorModel) + if !ok { + return nil, nil, err + } + if errModel.ResponseCode == 404 { + errs = append(errs, fmt.Errorf("no such pod %q", name)) + continue + } + return nil, nil, err + } + podReport = append(podReport, inspect) } - return pods.Inspect(ic.ClientCtx, options.NameOrID, nil) + return podReport, errs, nil } func (ic *ContainerEngine) PodStats(ctx context.Context, namesOrIds []string, opts entities.PodStatsOptions) ([]*entities.PodStatsReport, error) { diff --git a/pkg/machine/machine_windows.go b/pkg/machine/machine_windows.go new file mode 100644 index 000000000..c414986cf --- /dev/null +++ b/pkg/machine/machine_windows.go @@ -0,0 +1,20 @@ +//go:build windows +// +build windows + +package machine + +import ( + "syscall" +) + +func GetProcessState(pid int) (active bool, exitCode int) { + const da = syscall.STANDARD_RIGHTS_READ | syscall.PROCESS_QUERY_INFORMATION | syscall.SYNCHRONIZE + handle, err := syscall.OpenProcess(da, false, uint32(pid)) + if err != nil { + return false, int(syscall.ERROR_PROC_NOT_FOUND) + } + + var code uint32 + syscall.GetExitCodeProcess(handle, &code) + return code == 259, int(code) +} diff --git a/pkg/machine/qemu/machine.go b/pkg/machine/qemu/machine.go index e97b68e31..b59f07876 100644 --- a/pkg/machine/qemu/machine.go +++ b/pkg/machine/qemu/machine.go @@ -1,5 +1,5 @@ -//go:build (amd64 && !windows) || (arm64 && !windows) -// +build amd64,!windows arm64,!windows +//go:build amd64 || arm64 +// +build amd64 arm64 package qemu @@ -33,7 +33,6 @@ import ( "github.com/digitalocean/go-qemu/qmp" "github.com/docker/go-units" "github.com/sirupsen/logrus" - "golang.org/x/sys/unix" ) var ( @@ -125,7 +124,7 @@ func (p *Provider) NewMachine(opts machine.InitOptions) (machine.VM, error) { return nil, err } vm.QMPMonitor = monitor - cmd = append(cmd, []string{"-qmp", monitor.Network + ":/" + monitor.Address.GetPath() + ",server=on,wait=off"}...) + cmd = append(cmd, []string{"-qmp", monitor.Network + ":" + monitor.Address.GetPath() + ",server=on,wait=off"}...) // Add network // Right now the mac address is hardcoded so that the host networking gives it a specific IP address. This is @@ -629,14 +628,9 @@ func (v *MachineVM) Start(name string, _ machine.StartOptions) error { break } // check if qemu is still alive - var status syscall.WaitStatus - pid, err := syscall.Wait4(cmd.Process.Pid, &status, syscall.WNOHANG, nil) + err := checkProcessStatus("qemu", cmd.Process.Pid, stderrBuf) if err != nil { - return fmt.Errorf("failed to read qemu process status: %w", err) - } - if pid > 0 { - // child exited - return fmt.Errorf("qemu exited unexpectedly with exit code %d, stderr: %s", status.ExitStatus(), stderrBuf.String()) + return err } time.Sleep(wait) wait++ @@ -1724,14 +1718,6 @@ func (p *Provider) RemoveAndCleanMachines() error { return prevErr } -func isProcessAlive(pid int) bool { - err := unix.Kill(pid, syscall.Signal(0)) - if err == nil || err == unix.EPERM { - return true - } - return false -} - func (p *Provider) VMType() string { return vmtype } diff --git a/pkg/machine/qemu/machine_unix.go b/pkg/machine/qemu/machine_unix.go new file mode 100644 index 000000000..84ee191d1 --- /dev/null +++ b/pkg/machine/qemu/machine_unix.go @@ -0,0 +1,33 @@ +//go:build darwin || dragonfly || freebsd || linux || netbsd || openbsd +// +build darwin dragonfly freebsd linux netbsd openbsd + +package qemu + +import ( + "bytes" + "fmt" + "syscall" + + "golang.org/x/sys/unix" +) + +func isProcessAlive(pid int) bool { + err := unix.Kill(pid, syscall.Signal(0)) + if err == nil || err == unix.EPERM { + return true + } + return false +} + +func checkProcessStatus(processHint string, pid int, stderrBuf *bytes.Buffer) error { + var status syscall.WaitStatus + pid, err := syscall.Wait4(pid, &status, syscall.WNOHANG, nil) + if err != nil { + return fmt.Errorf("failed to read qem%su process status: %w", processHint, err) + } + if pid > 0 { + // child exited + return fmt.Errorf("%s exited unexpectedly with exit code %d, stderr: %s", processHint, status.ExitStatus(), stderrBuf.String()) + } + return nil +} diff --git a/pkg/machine/qemu/machine_unsupported.go b/pkg/machine/qemu/machine_unsupported.go index 794e710f9..7a9a2531d 100644 --- a/pkg/machine/qemu/machine_unsupported.go +++ b/pkg/machine/qemu/machine_unsupported.go @@ -1,4 +1,4 @@ -//go:build (!amd64 && !arm64) || windows -// +build !amd64,!arm64 windows +//go:build (!amd64 && !arm64) +// +build !amd64,!arm64 package qemu diff --git a/pkg/machine/qemu/machine_windows.go b/pkg/machine/qemu/machine_windows.go new file mode 100644 index 000000000..6c63faf50 --- /dev/null +++ b/pkg/machine/qemu/machine_windows.go @@ -0,0 +1,27 @@ +package qemu + +import ( + "bytes" + "fmt" + + "github.com/containers/podman/v4/pkg/machine" +) + +func isProcessAlive(pid int) bool { + if checkProcessStatus("process", pid, nil) == nil { + return true + } + return false +} + +func checkProcessStatus(processHint string, pid int, stderrBuf *bytes.Buffer) error { + active, exitCode := machine.GetProcessState(pid) + if !active { + if stderrBuf != nil { + return fmt.Errorf("%s exited unexpectedly, exit code: %d stderr: %s", processHint, exitCode, stderrBuf.String()) + } else { + return fmt.Errorf("%s exited unexpectedly, exit code: %d", processHint, exitCode) + } + } + return nil +} diff --git a/pkg/machine/qemu/options_windows.go b/pkg/machine/qemu/options_windows.go new file mode 100644 index 000000000..69652ee39 --- /dev/null +++ b/pkg/machine/qemu/options_windows.go @@ -0,0 +1,13 @@ +package qemu + +import ( + "os" +) + +func getRuntimeDir() (string, error) { + tmpDir, ok := os.LookupEnv("TEMP") + if !ok { + tmpDir = os.Getenv("LOCALAPPDATA") + "\\Temp" + } + return tmpDir, nil +} diff --git a/pkg/machine/wsl/machine.go b/pkg/machine/wsl/machine.go index 8f6ef7a43..7e453823f 100644 --- a/pkg/machine/wsl/machine.go +++ b/pkg/machine/wsl/machine.go @@ -44,7 +44,6 @@ const containersConf = `[containers] [engine] cgroup_manager = "cgroupfs" -events_logger = "file" ` const appendPort = `grep -q Port\ %d /etc/ssh/sshd_config || echo Port %d >> /etc/ssh/sshd_config` @@ -639,13 +638,13 @@ func installScripts(dist string) error { } func checkAndInstallWSL(opts machine.InitOptions) (bool, error) { - if isWSLInstalled() { + if IsWSLInstalled() { return true, nil } admin := hasAdminRights() - if !isWSLFeatureEnabled() { + if !IsWSLFeatureEnabled() { return false, attemptFeatureInstall(opts, admin) } @@ -1062,8 +1061,8 @@ func launchWinProxy(v *MachineVM) (bool, string, error) { return globalName, "", err } - return globalName, pipePrefix + waitPipe, waitPipeExists(waitPipe, 30, func() error { - active, exitCode := getProcessState(cmd.Process.Pid) + return globalName, pipePrefix + waitPipe, waitPipeExists(waitPipe, 80, func() error { + active, exitCode := machine.GetProcessState(cmd.Process.Pid) if !active { return fmt.Errorf("win-sshproxy.exe failed to start, exit code: %d (see windows event logs)", exitCode) } @@ -1100,15 +1099,16 @@ func waitPipeExists(pipeName string, retries int, checkFailure func() error) err if fail := checkFailure(); fail != nil { return fail } - time.Sleep(100 * time.Millisecond) + time.Sleep(250 * time.Millisecond) } return err } -func isWSLInstalled() bool { - cmd := exec.Command("wsl", "--status") +func IsWSLInstalled() bool { + cmd := SilentExecCmd("wsl", "--status") out, err := cmd.StdoutPipe() + cmd.Stderr = nil if err != nil { return false } @@ -1132,9 +1132,8 @@ func isWSLInstalled() bool { return true } -func isWSLFeatureEnabled() bool { - cmd := exec.Command("wsl", "--set-default-version", "2") - return cmd.Run() == nil +func IsWSLFeatureEnabled() bool { + return SilentExec("wsl", "--set-default-version", "2") == nil } func isWSLRunning(dist string) (bool, error) { diff --git a/pkg/machine/wsl/util_windows.go b/pkg/machine/wsl/util_windows.go index 43f54fdd4..6613bde1f 100644 --- a/pkg/machine/wsl/util_windows.go +++ b/pkg/machine/wsl/util_windows.go @@ -6,6 +6,7 @@ import ( "fmt" "io/ioutil" "os" + "os/exec" "path/filepath" "strings" "syscall" @@ -280,18 +281,6 @@ func obtainShutdownPrivilege() error { return nil } -func getProcessState(pid int) (active bool, exitCode int) { - const da = syscall.STANDARD_RIGHTS_READ | syscall.PROCESS_QUERY_INFORMATION | syscall.SYNCHRONIZE - handle, err := syscall.OpenProcess(da, false, uint32(pid)) - if err != nil { - return false, int(syscall.ERROR_PROC_NOT_FOUND) - } - - var code uint32 - syscall.GetExitCodeProcess(handle, &code) - return code == 259, int(code) -} - func addRunOnceRegistryEntry(command string) error { k, _, err := registry.CreateKey(registry.CURRENT_USER, `Software\Microsoft\Windows\CurrentVersion\RunOnce`, registry.WRITE) if err != nil { @@ -355,3 +344,17 @@ func sendQuit(tid uint32) { postMessage := user32.NewProc("PostThreadMessageW") postMessage.Call(uintptr(tid), WM_QUIT, 0, 0) } + +func SilentExec(command string, args ...string) error { + cmd := exec.Command(command, args...) + cmd.SysProcAttr = &syscall.SysProcAttr{CreationFlags: 0x08000000} + cmd.Stdout = nil + cmd.Stderr = nil + return cmd.Run() +} + +func SilentExecCmd(command string, args ...string) *exec.Cmd { + cmd := exec.Command(command, args...) + cmd.SysProcAttr = &syscall.SysProcAttr{CreationFlags: 0x08000000} + return cmd +} diff --git a/pkg/specgen/generate/container.go b/pkg/specgen/generate/container.go index 46b7a2dc2..c4fbda9e5 100644 --- a/pkg/specgen/generate/container.go +++ b/pkg/specgen/generate/container.go @@ -18,7 +18,6 @@ import ( envLib "github.com/containers/podman/v4/pkg/env" "github.com/containers/podman/v4/pkg/signal" "github.com/containers/podman/v4/pkg/specgen" - spec "github.com/opencontainers/runtime-spec/specs-go" "github.com/openshift/imagebuilder" "github.com/sirupsen/logrus" ) @@ -272,19 +271,7 @@ func CompleteSpec(ctx context.Context, r *libpod.Runtime, s *specgen.SpecGenerat } // If caller did not specify Pids Limits load default - if s.ResourceLimits == nil || s.ResourceLimits.Pids == nil { - if s.CgroupsMode != "disabled" { - limit := rtc.PidsLimit() - if limit != 0 { - if s.ResourceLimits == nil { - s.ResourceLimits = &spec.LinuxResources{} - } - s.ResourceLimits.Pids = &spec.LinuxPids{ - Limit: limit, - } - } - } - } + s.InitResourceLimits(rtc) if s.LogConfiguration == nil { s.LogConfiguration = &specgen.LogConfig{} diff --git a/pkg/specgen/generate/kube/kube.go b/pkg/specgen/generate/kube/kube.go index 375b719d3..9fd0adecf 100644 --- a/pkg/specgen/generate/kube/kube.go +++ b/pkg/specgen/generate/kube/kube.go @@ -7,6 +7,7 @@ import ( "fmt" "math" "net" + "os" "regexp" "runtime" "strconv" @@ -26,6 +27,7 @@ import ( "github.com/containers/podman/v4/pkg/k8s.io/apimachinery/pkg/api/resource" "github.com/containers/podman/v4/pkg/specgen" "github.com/containers/podman/v4/pkg/specgen/generate" + systemdDefine "github.com/containers/podman/v4/pkg/systemd/define" "github.com/containers/podman/v4/pkg/util" "github.com/docker/docker/pkg/system" "github.com/docker/go-units" @@ -357,8 +359,11 @@ func ToSpecGen(ctx context.Context, opts *CtrSpecGenOptions) (*specgen.SpecGener // a selinux mount option exists for it for k, v := range opts.Annotations { // Make sure the z/Z option is not already there (from editing the YAML) - if strings.Replace(k, define.BindMountPrefix, "", 1) == volumeSource.Source && !cutil.StringInSlice("z", options) && !cutil.StringInSlice("Z", options) { - options = append(options, v) + if k == define.BindMountPrefix { + lastIndex := strings.LastIndex(v, ":") + if v[:lastIndex] == volumeSource.Source && !cutil.StringInSlice("z", options) && !cutil.StringInSlice("Z", options) { + options = append(options, v[lastIndex+1:]) + } } } mount := spec.Mount{ @@ -442,6 +447,12 @@ func ToSpecGen(ctx context.Context, opts *CtrSpecGenOptions) (*specgen.SpecGener } } + // Make sure the container runs in a systemd unit which is + // stored as a label at container creation. + if unit := os.Getenv(systemdDefine.EnvVariable); unit != "" { + s.Labels[systemdDefine.EnvVariable] = unit + } + return s, nil } diff --git a/pkg/specgen/namespaces.go b/pkg/specgen/namespaces.go index 8cc0fe6a9..b6bbee868 100644 --- a/pkg/specgen/namespaces.go +++ b/pkg/specgen/namespaces.go @@ -510,6 +510,7 @@ func SetupUserNS(idmappings *storage.IDMappingOptions, userns Namespace, g *gene idmappings = mappings g.SetProcessUID(uint32(uid)) g.SetProcessGID(uint32(gid)) + g.AddProcessAdditionalGid(uint32(gid)) user = fmt.Sprintf("%d:%d", uid, gid) if err := privateUserNamespace(idmappings, g); err != nil { return user, err @@ -522,6 +523,7 @@ func SetupUserNS(idmappings *storage.IDMappingOptions, userns Namespace, g *gene idmappings = mappings g.SetProcessUID(uint32(uid)) g.SetProcessGID(uint32(gid)) + g.AddProcessAdditionalGid(uint32(gid)) user = fmt.Sprintf("%d:%d", uid, gid) if err := privateUserNamespace(idmappings, g); err != nil { return user, err diff --git a/pkg/specgen/resources_freebsd.go b/pkg/specgen/resources_freebsd.go new file mode 100644 index 000000000..49e5976bb --- /dev/null +++ b/pkg/specgen/resources_freebsd.go @@ -0,0 +1,8 @@ +package specgen + +import ( + "github.com/containers/common/pkg/config" +) + +func (s *SpecGenerator) InitResourceLimits(rtc *config.Config) { +} diff --git a/pkg/specgen/resources_linux.go b/pkg/specgen/resources_linux.go new file mode 100644 index 000000000..ffa9e5786 --- /dev/null +++ b/pkg/specgen/resources_linux.go @@ -0,0 +1,22 @@ +package specgen + +import ( + "github.com/containers/common/pkg/config" + spec "github.com/opencontainers/runtime-spec/specs-go" +) + +func (s *SpecGenerator) InitResourceLimits(rtc *config.Config) { + if s.ResourceLimits == nil || s.ResourceLimits.Pids == nil { + if s.CgroupsMode != "disabled" { + limit := rtc.PidsLimit() + if limit != 0 { + if s.ResourceLimits == nil { + s.ResourceLimits = &spec.LinuxResources{} + } + s.ResourceLimits.Pids = &spec.LinuxPids{ + Limit: limit, + } + } + } + } +} diff --git a/pkg/specgen/volumes.go b/pkg/specgen/volumes.go index e70ed5b13..e71d14331 100644 --- a/pkg/specgen/volumes.go +++ b/pkg/specgen/volumes.go @@ -7,6 +7,7 @@ import ( "strings" "github.com/containers/common/pkg/parse" + "github.com/containers/podman/v4/libpod/define" spec "github.com/opencontainers/runtime-spec/specs-go" "github.com/sirupsen/logrus" ) @@ -159,7 +160,7 @@ func GenVolumeMounts(volumeFlag []string) (map[string]spec.Mount, map[string]*Na } else { newMount := spec.Mount{ Destination: dest, - Type: "bind", + Type: define.TypeBind, Source: src, Options: options, } diff --git a/pkg/systemd/generate/containers.go b/pkg/systemd/generate/containers.go index 1f8c519b7..6f546b0ab 100644 --- a/pkg/systemd/generate/containers.go +++ b/pkg/systemd/generate/containers.go @@ -22,85 +22,40 @@ import ( // containerInfo contains data required for generating a container's systemd // unit file. type containerInfo struct { - // ServiceName of the systemd service. - ServiceName string - // Name or ID of the container. - ContainerNameOrID string - // Type of the unit. - Type string - // NotifyAccess of the unit. - NotifyAccess string - // StopTimeout sets the timeout Podman waits before killing the container - // during service stop. - StopTimeout uint - // RestartPolicy of the systemd unit (e.g., no, on-failure, always). - RestartPolicy string - // Custom number of restart attempts. - StartLimitBurst string - // PIDFile of the service. Required for forking services. Must point to the - // PID of the associated conmon process. - PIDFile string - // ContainerIDFile to be used in the unit. - ContainerIDFile string - // GenerateTimestamp, if set the generated unit file has a time stamp. - GenerateTimestamp bool - // BoundToServices are the services this service binds to. Note that this - // service runs after them. - BoundToServices []string - // PodmanVersion for the header. Will be set internally. Will be auto-filled - // if left empty. - PodmanVersion string - // Executable is the path to the podman executable. Will be auto-filled if - // left empty. - Executable string - // RootFlags contains the root flags which were used to create the container - // Only used with --new - RootFlags string - // TimeStamp at the time of creating the unit file. Will be set internally. - TimeStamp string - // CreateCommand is the full command plus arguments of the process the - // container has been created with. - CreateCommand []string - // containerEnv stores the container environment variables - containerEnv []string - // ExtraEnvs contains the container environment variables referenced - // by only the key in the container create command, e.g. --env FOO. - // This is only used with --new - ExtraEnvs []string - // EnvVariable is generate.EnvVariable and must not be set. - EnvVariable string - // ExecStartPre of the unit. - ExecStartPre string - // ExecStart of the unit. - ExecStart string - // TimeoutStartSec of the unit. - TimeoutStartSec uint - // TimeoutStopSec of the unit. - TimeoutStopSec uint - // ExecStop of the unit. - ExecStop string - // ExecStopPost of the unit. - ExecStopPost string - // Removes autogenerated by Podman and timestamp if set to true - GenerateNoHeader bool - // If not nil, the container is part of the pod. We can use the - // podInfo to extract the relevant data. - Pod *podInfo - // Location of the GraphRoot for the container. Required for ensuring the - // volume has finished mounting when coming online at boot. - GraphRoot string - // Location of the RunRoot for the container. Required for ensuring the tmpfs - // or volume exists and is mounted when coming online at boot. - RunRoot string - // Add %i and %I to description and execute parts - IdentifySpecifier bool - // Wants are the list of services that this service is (weak) dependent on. This - // option does not influence the order in which services are started or stopped. - Wants []string - // After ordering dependencies between the list of services and this service. - After []string - // Similar to Wants, but declares a stronger requirement dependency. - Requires []string + ServiceName string + ContainerNameOrID string + Type string + NotifyAccess string + StopTimeout uint + RestartPolicy string + StartLimitBurst string + PIDFile string + ContainerIDFile string + GenerateTimestamp bool + BoundToServices []string + PodmanVersion string + Executable string + RootFlags string + TimeStamp string + CreateCommand []string + containerEnv []string + ExtraEnvs []string + EnvVariable string + AdditionalEnvVariables []string + ExecStartPre string + ExecStart string + TimeoutStartSec uint + TimeoutStopSec uint + ExecStop string + ExecStopPost string + GenerateNoHeader bool + Pod *podInfo + GraphRoot string + RunRoot string + IdentifySpecifier bool + Wants []string + After []string + Requires []string } const containerTemplate = headerTemplate + ` @@ -127,6 +82,10 @@ Environment={{{{.EnvVariable}}}}=%n{{{{- if (eq .IdentifySpecifier true) }}}}-%i {{{{- if .ExtraEnvs}}}} Environment={{{{- range $index, $value := .ExtraEnvs -}}}}{{{{if $index}}}} {{{{end}}}}{{{{ $value }}}}{{{{end}}}} {{{{- end}}}} +{{{{- if .AdditionalEnvVariables}}}} +{{{{- range $index, $value := .AdditionalEnvVariables -}}}}{{{{if $index}}}}{{{{end}}}} +Environment={{{{ $value }}}}{{{{end}}}} +{{{{- end}}}} Restart={{{{.RestartPolicy}}}} {{{{- if .StartLimitBurst}}}} StartLimitBurst={{{{.StartLimitBurst}}}} @@ -211,19 +170,20 @@ func generateContainerInfo(ctr *libpod.Container, options entities.GenerateSyste envs := config.Spec.Process.Env info := containerInfo{ - ServiceName: serviceName, - ContainerNameOrID: nameOrID, - RestartPolicy: define.DefaultRestartPolicy, - PIDFile: conmonPidFile, - TimeoutStartSec: startTimeout, - StopTimeout: stopTimeout, - GenerateTimestamp: true, - CreateCommand: createCommand, - RunRoot: runRoot, - containerEnv: envs, - Wants: options.Wants, - After: options.After, - Requires: options.Requires, + ServiceName: serviceName, + ContainerNameOrID: nameOrID, + RestartPolicy: define.DefaultRestartPolicy, + PIDFile: conmonPidFile, + TimeoutStartSec: startTimeout, + StopTimeout: stopTimeout, + GenerateTimestamp: true, + CreateCommand: createCommand, + RunRoot: runRoot, + containerEnv: envs, + Wants: options.Wants, + After: options.After, + Requires: options.Requires, + AdditionalEnvVariables: options.AdditionalEnvVariables, } return &info, nil @@ -324,6 +284,9 @@ func executeContainerTemplate(info *containerInfo, options entities.GenerateSyst info.ExecStart = "{{{{.Executable}}}} start {{{{.ContainerNameOrID}}}}" info.ExecStop = "{{{{.Executable}}}} stop {{{{if (ge .StopTimeout 0)}}}}-t {{{{.StopTimeout}}}}{{{{end}}}} {{{{.ContainerNameOrID}}}}" info.ExecStopPost = "{{{{.Executable}}}} stop {{{{if (ge .StopTimeout 0)}}}}-t {{{{.StopTimeout}}}}{{{{end}}}} {{{{.ContainerNameOrID}}}}" + for i, env := range info.AdditionalEnvVariables { + info.AdditionalEnvVariables[i] = escapeSystemdArg(env) + } // Assemble the ExecStart command when creating a new container. // diff --git a/pkg/systemd/generate/containers_test.go b/pkg/systemd/generate/containers_test.go index 873cbfbb3..7f92e75b8 100644 --- a/pkg/systemd/generate/containers_test.go +++ b/pkg/systemd/generate/containers_test.go @@ -784,6 +784,33 @@ NotifyAccess=all WantedBy=default.target ` + goodEnvironment := `# container-foobar.service +# autogenerated by Podman CI + +[Unit] +Description=Podman container-foobar.service +Documentation=man:podman-generate-systemd(1) +Wants=network-online.target +After=network-online.target +RequiresMountsFor=/var/run/containers/storage + +[Service] +Environment=PODMAN_SYSTEMD_UNIT=%n +Environment=FOO=abc +Environment="BAR=my test" +Environment=USER=%%a +Restart=on-failure +TimeoutStopSec=70 +ExecStart=/usr/bin/podman start foobar +ExecStop=/usr/bin/podman stop -t 10 foobar +ExecStopPost=/usr/bin/podman stop -t 10 foobar +PIDFile=/run/containers/storage/overlay-containers/639c53578af4d84b8800b4635fa4e680ee80fd67e0e6a2d4eea48d1e3230f401/userdata/conmon.pid +Type=forking + +[Install] +WantedBy=default.target +` + goodNewWithRestartPolicy := `# jadda-jadda.service # autogenerated by Podman CI @@ -1424,7 +1451,7 @@ WantedBy=default.target false, false, }, - {"good with environment variables", + {"good with container environment variables", containerInfo{ Executable: "/usr/bin/podman", ServiceName: "jadda-jadda", @@ -1444,6 +1471,25 @@ WantedBy=default.target false, false, }, + {"good with systemd environment variables", + containerInfo{ + Executable: "/usr/bin/podman", + ServiceName: "container-foobar", + ContainerNameOrID: "foobar", + PIDFile: "/run/containers/storage/overlay-containers/639c53578af4d84b8800b4635fa4e680ee80fd67e0e6a2d4eea48d1e3230f401/userdata/conmon.pid", + StopTimeout: 10, + PodmanVersion: "CI", + GraphRoot: "/var/lib/containers/storage", + RunRoot: "/var/run/containers/storage", + EnvVariable: define.EnvVariable, + AdditionalEnvVariables: []string{"FOO=abc", "BAR=my test", "USER=%a"}, + }, + goodEnvironment, + false, + false, + false, + false, + }, {"good with restart policy", containerInfo{ Executable: "/usr/bin/podman", diff --git a/pkg/systemd/notifyproxy/notifyproxy.go b/pkg/systemd/notifyproxy/notifyproxy.go index 9e6eb4cf0..1bfab9ca0 100644 --- a/pkg/systemd/notifyproxy/notifyproxy.go +++ b/pkg/systemd/notifyproxy/notifyproxy.go @@ -1,12 +1,17 @@ package notifyproxy import ( + "errors" + "fmt" + "io" "io/ioutil" "net" "os" "strings" "syscall" + "time" + "github.com/containers/podman/v4/libpod/define" "github.com/coreos/go-systemd/v22/daemon" "github.com/sirupsen/logrus" ) @@ -39,6 +44,7 @@ func SendMessage(socketPath string, message string) error { type NotifyProxy struct { connection *net.UnixConn socketPath string + container Container // optional } // New creates a NotifyProxy. The specified temp directory can be left empty. @@ -77,9 +83,26 @@ func (p *NotifyProxy) close() error { return p.connection.Close() } +// AddContainer associates a container with the proxy. +func (p *NotifyProxy) AddContainer(container Container) { + p.container = container +} + +// ErrNoReadyMessage is returned when we are waiting for the READY message of a +// container that is not in the running state anymore. +var ErrNoReadyMessage = errors.New("container stopped running before READY message was received") + +// Container avoids a circular dependency among this package and libpod. +type Container interface { + State() (define.ContainerStatus, error) + ID() string +} + // WaitAndClose waits until receiving the `READY` notify message and close the // listener. Note that the this function must only be executed inside a systemd // service which will kill the process after a given timeout. +// If the (optional) container stopped running before the `READY` is received, +// the waiting gets canceled and ErrNoReadyMessage is returned. func (p *NotifyProxy) WaitAndClose() error { defer func() { if err := p.close(); err != nil { @@ -87,16 +110,48 @@ func (p *NotifyProxy) WaitAndClose() error { } }() + const bufferSize = 1024 + sBuilder := strings.Builder{} for { - buf := make([]byte, 1024) - num, err := p.connection.Read(buf) - if err != nil { + // Set a read deadline of one second such that we achieve a + // non-blocking read and can check if the container has already + // stopped running; in that case no READY message will be send + // and we're done. + if err := p.connection.SetReadDeadline(time.Now().Add(time.Second)); err != nil { return err } - for _, s := range strings.Split(string(buf[:num]), "\n") { - if s == daemon.SdNotifyReady { + + for { + buffer := make([]byte, bufferSize) + num, err := p.connection.Read(buffer) + if err != nil { + if !errors.Is(err, os.ErrDeadlineExceeded) && !errors.Is(err, io.EOF) { + return err + } + } + sBuilder.Write(buffer[:num]) + if num != bufferSize || buffer[num-1] == '\n' { + break + } + } + + for _, line := range strings.Split(sBuilder.String(), "\n") { + if line == daemon.SdNotifyReady { return nil } } + sBuilder.Reset() + + if p.container == nil { + continue + } + + state, err := p.container.State() + if err != nil { + return err + } + if state != define.ContainerStateRunning { + return fmt.Errorf("%w: %s", ErrNoReadyMessage, p.container.ID()) + } } } diff --git a/pkg/systemd/notifyproxy/notifyproxy_test.go b/pkg/systemd/notifyproxy/notifyproxy_test.go index ce63fc9cd..066046cb8 100644 --- a/pkg/systemd/notifyproxy/notifyproxy_test.go +++ b/pkg/systemd/notifyproxy/notifyproxy_test.go @@ -41,7 +41,7 @@ func TestWaitAndClose(t *testing.T) { default: } - sendMessage(t, proxy, daemon.SdNotifyReady+"\nsomething else") + sendMessage(t, proxy, daemon.SdNotifyReady+"\nsomething else\n") done := func() bool { for i := 0; i < 10; i++ { select { diff --git a/pkg/util/utils_freebsd.go b/pkg/util/utils_freebsd.go index 17436ae81..9b0d7c8c7 100644 --- a/pkg/util/utils_freebsd.go +++ b/pkg/util/utils_freebsd.go @@ -5,8 +5,14 @@ package util import ( "errors" + + "github.com/opencontainers/runtime-tools/generate" ) func GetContainerPidInformationDescriptors() ([]string, error) { return []string{}, errors.New("this function is not supported on freebsd") } + +func AddPrivilegedDevices(g *generate.Generator) error { + return nil +} |