From 83a1e2e5d22761ad62de8e202938bbdb4896f236 Mon Sep 17 00:00:00 2001 From: Matthew Heon Date: Thu, 14 May 2020 09:39:41 -0400 Subject: Cleanup OCI runtime before storage Some runtimes (e.g. Kata containers) seem to object to having us unmount storage before the container is removed from the runtime. This is an easy fix (change the order of operations in cleanup) and seems to make more sense than the way we were doing things. Signed-off-by: Matthew Heon --- libpod/container_internal.go | 19 +++++++++++-------- 1 file changed, 11 insertions(+), 8 deletions(-) diff --git a/libpod/container_internal.go b/libpod/container_internal.go index 3fcf687ec..5baa5fc1c 100644 --- a/libpod/container_internal.go +++ b/libpod/container_internal.go @@ -1562,21 +1562,24 @@ func (c *Container) cleanup(ctx context.Context) error { lastError = errors.Wrapf(err, "error removing container %s network", c.ID()) } - // Unmount storage - if err := c.cleanupStorage(); err != nil { + // Remove the container from the runtime, if necessary. + // Do this *before* unmounting storage - some runtimes (e.g. Kata) + // apparently object to having storage removed while the container still + // exists. + if err := c.cleanupRuntime(ctx); err != nil { if lastError != nil { - logrus.Errorf("Error unmounting container %s storage: %v", c.ID(), err) + logrus.Errorf("Error removing container %s from OCI runtime: %v", c.ID(), err) } else { - lastError = errors.Wrapf(err, "error unmounting container %s storage", c.ID()) + lastError = err } } - // Remove the container from the runtime, if necessary - if err := c.cleanupRuntime(ctx); err != nil { + // Unmount storage + if err := c.cleanupStorage(); err != nil { if lastError != nil { - logrus.Errorf("Error removing container %s from OCI runtime: %v", c.ID(), err) + logrus.Errorf("Error unmounting container %s storage: %v", c.ID(), err) } else { - lastError = err + lastError = errors.Wrapf(err, "error unmounting container %s storage", c.ID()) } } -- cgit v1.2.3-54-g00ecf From 892d81685c9fc213b0e9d444f953577ebb89593b Mon Sep 17 00:00:00 2001 From: Matthew Heon Date: Thu, 14 May 2020 11:58:02 -0400 Subject: Ensure that cleanup runs before we set Removing state Cleaning up the OCI runtime is not allowed in the Removing state. To ensure it is actually cleaned up, when calling cleanup() as part of removing a container, do so before we set the Removing state, so we can successfully remove. Signed-off-by: Matthew Heon --- libpod/runtime_ctr.go | 19 ++++++++++++------- 1 file changed, 12 insertions(+), 7 deletions(-) diff --git a/libpod/runtime_ctr.go b/libpod/runtime_ctr.go index 1d880531e..c670822a0 100644 --- a/libpod/runtime_ctr.go +++ b/libpod/runtime_ctr.go @@ -488,20 +488,25 @@ func (r *Runtime) removeContainer(ctx context.Context, c *Container, force bool, } } + var cleanupErr error + + // Clean up network namespace, cgroups, mounts. + // Do this before we set ContainerStateRemoving, to ensure that we can + // actually remove from the OCI runtime. + if err := c.cleanup(ctx); err != nil { + cleanupErr = errors.Wrapf(err, "error cleaning up container %s", c.ID()) + } + // Set ContainerStateRemoving c.state.State = define.ContainerStateRemoving if err := c.save(); err != nil { + if cleanupErr != nil { + logrus.Errorf(err.Error()) + } return errors.Wrapf(err, "unable to set container %s removing state in database", c.ID()) } - var cleanupErr error - - // Clean up network namespace, cgroups, mounts - if err := c.cleanup(ctx); err != nil { - cleanupErr = errors.Wrapf(err, "error cleaning up container %s", c.ID()) - } - // Stop the container's storage if err := c.teardownStorage(); err != nil { if cleanupErr == nil { -- cgit v1.2.3-54-g00ecf