Skip to content
This repository has been archived by the owner on Feb 8, 2021. It is now read-only.

A draft commit of Kata support #727

Open
wants to merge 53 commits into
base: kata-support
Choose a base branch
from
Open

A draft commit of Kata support #727

Show file tree
Hide file tree
Changes from 5 commits
Commits
Show all changes
53 commits
Select commit Hold shift + click to select a range
8aac0da
add kata-containers and the depended packages into vendor
lifupan Jun 6, 2018
78de507
update the vendor to coordinate with kata
lifupan Jun 6, 2018
cfa4183
replace runv with kata-containers
lifupan Jun 6, 2018
64c03ec
clean up the codes
Jun 15, 2018
07ed00b
gofmt for those codes
lifupan Jun 15, 2018
8b8b045
using the sandbox api instead of vc api
lifupan Jun 19, 2018
b4e91ad
enable save/load sandbox
lifupan Jun 19, 2018
f20ea2c
Associate containers with sandbox
lifupan Jun 20, 2018
73bcb9e
fix the issue of disassociating sandbox
lifupan Jun 20, 2018
2e70857
update vendor kata-containers to the latest version
lifupan Jun 21, 2018
b03861a
kata_agent: fix connection race
bergwolf Jun 21, 2018
d637321
Share the same pid namespace in a sandbox
lifupan Jun 21, 2018
086f31f
gofmt format the files
lifupan Jun 21, 2018
b90c98b
update vendor kata-containers/agent/protocols/grpc
lifupan Jun 21, 2018
29b7d94
Set sandbox.sharePidNs to false temporarily
lifupan Jun 21, 2018
57d713a
cleanup the sandbox after it exited
lifupan Jun 22, 2018
5db41e2
virtcontainers: To start the kataBuiltInProxy to watch the vm console…
lifupan Jun 23, 2018
43c5e34
don't store the containerconfig info into db
lifupan Jul 3, 2018
970024d
Only keep the aufs testing case
lifupan Jul 3, 2018
356dd86
replace vc.Sandbox with vc.VCSandbox
lifupan Jul 3, 2018
f2485ab
setup the kata-container runing env for test
lifupan Jul 3, 2018
d599637
container: fix the issue of missing Envs
lifupan Jul 5, 2018
dccecd9
fix the issue of stop sandbox
lifupan Jul 5, 2018
73b8c47
cleanup the legacy var stoppedChan
lifupan Jul 5, 2018
2fe3bfa
fix the issue of start container failed after restore pod
lifupan Jul 6, 2018
d421237
uprev vendor kata client
lifupan Jul 10, 2018
f75b33d
uprev vendor kata virtcontainers
lifupan Jul 10, 2018
b49cea7
Rename vendor Sirupsen to sirupsen according to upstream
lifupan Jul 10, 2018
f65fa51
uprev vendor intel/govmm/qemu
lifupan Jul 10, 2018
978c818
fix the issue of pausing sandbox
lifupan Jul 6, 2018
54c75d8
fix the issue of missing cmd from container image
lifupan Jul 9, 2018
d3ca391
pod: rollback the opertions once starting sandbox failed
lifupan Jul 9, 2018
9f39555
container: fix the issue of wrong RuntimeName
lifupan Jul 10, 2018
1ce4312
pod: fix the issue of missing execId for resize container tty
lifupan Jul 10, 2018
efce5ff
container: fix the issue of missing Env from container image
lifupan Jul 10, 2018
335688f
exec: fix the issue of waitexec process
lifupan Jul 11, 2018
a5841be
integration: fix the wrong exitcode in execsignal testcase
lifupan Jul 11, 2018
53bf002
decommission: do sanity check for pod.sandpox pointer
lifupan Jul 11, 2018
51ac7fe
provision: add the rollback function for createsandbox failed
lifupan Jul 11, 2018
81bc42b
container: don't specify the username in oci spec
lifupan Jul 11, 2018
9f5d2d4
fix the issue of missing hostname
lifupan Jul 11, 2018
9d2bee1
container: remove the unused ns from ocispec
lifupan Jul 12, 2018
10c4087
sandbox: add the volume support for sandbox
lifupan Jul 16, 2018
2814931
container: fix the issue of missing the entrypoint in cmd
lifupan Jul 18, 2018
98ab211
CI: comment out some testcases which are not supported
lifupan Jul 19, 2018
b484c8b
container: fix the issue of using the wrong user
lifupan Jul 19, 2018
35ab4dc
CI: fix the issue of missing 'ps' command in irssi:1 image
lifupan Jul 19, 2018
d6c68c3
container: fix the issue of missing some io contents
lifupan Jul 20, 2018
cb2dddf
exec: fix the issue of missing some io contents
lifupan Jul 21, 2018
fdf80d3
exec: fix the issue of wrong user
lifupan Jul 23, 2018
fe16d76
hack: fix the issue of irssi image missing ps cmd
lifupan Jul 23, 2018
50c5dad
volume: remove the redundancy mount
lifupan Jul 23, 2018
026a4d0
volume: fix the issue of missing readonly option
lifupan Jul 23, 2018
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
The table of contents is too big for display.
Diff view
Diff view
  •  
  •  
  •  
379 changes: 193 additions & 186 deletions daemon/pod/container.go
View file
Open in desktop

Large diffs are not rendered by default.

58 changes: 29 additions & 29 deletions daemon/pod/decommission.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -10,10 +10,10 @@ import (
dockertypes "github.com/docker/engine-api/types"

"github.com/hyperhq/hyperd/utils"
"github.com/hyperhq/runv/hypervisor"
vc "github.com/kata-containers/runtime/virtcontainers"
)

type sandboxOp func(sb *hypervisor.Vm) error
type sandboxOp func(sb *vc.Sandbox) error
type stateValidator func(state PodState) bool

func (p *XPod) DelayDeleteOn() bool {
Expand All @@ -37,9 +37,9 @@ func (p *XPod) Stop(graceful int) error {

func (p *XPod) ForceQuit() {
err := p.protectedSandboxOperation(
func(sb *hypervisor.Vm) error {
sb.Kill()
return nil
func(sb *vc.Sandbox) error {
_, err := vc.StopSandbox(sb.ID())
return err
},
time.Second*5,
"kill pod")
Expand Down Expand Up @@ -118,8 +118,8 @@ func (p *XPod) Pause() error {
p.statusLock.Unlock()

err := p.protectedSandboxOperation(
func(sb *hypervisor.Vm) error {
return sb.Pause(true)
func(sb *vc.Sandbox) error {
return sb.Pause()
},
time.Second*5,
"pause pod")
Expand Down Expand Up @@ -148,8 +148,8 @@ func (p *XPod) UnPause() error {
p.statusLock.Unlock()

err := p.protectedSandboxOperation(
func(sb *hypervisor.Vm) error {
return sb.Pause(false)
func(sb *vc.Sandbox) error {
return sb.Pause()
},
time.Second*5,
"resume pod")
Expand All @@ -176,8 +176,8 @@ func (p *XPod) KillContainer(id string, sig int64) error {
}
c.setKill()
return p.protectedSandboxOperation(
func(sb *hypervisor.Vm) error {
return sb.KillContainer(id, syscall.Signal(sig))
func(sb *vc.Sandbox) error {
return vc.KillContainer(sb.ID(), id, syscall.Signal(sig), true)
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Should call sb.SignalProcess() instead. Whenever we have a sandbox pointer, we should be calling sb operations directly instead of the vc APIs.

},
time.Second*5,
fmt.Sprintf("Kill container %s with %d", id, sig))
Expand Down Expand Up @@ -307,7 +307,7 @@ func (p *XPod) RemoveContainer(id string) error {
// protectedSandboxOperation() protect the hypervisor operations, which may
// panic or hang too long time.
func (p *XPod) protectedSandboxOperation(op sandboxOp, timeout time.Duration, comment string) error {
dangerousOp := func(sb *hypervisor.Vm, errChan chan<- error) {
dangerousOp := func(sb *vc.Sandbox, errChan chan<- error) {
defer func() {
err := recover()
if err != nil {
Expand Down Expand Up @@ -393,13 +393,13 @@ func (p *XPod) doStopPod(graceful int) error {
}

p.Log(INFO, "stop container success, shutdown sandbox")
result := p.sandbox.Shutdown()
if result.IsSuccess() {
_, err = vc.StopSandbox(p.sandbox.ID())
if err == nil {
p.Log(INFO, "pod is stopped")
return nil
}

err = fmt.Errorf("failed to shuting down: %s", result.Message())
err = fmt.Errorf("failed to shuting down: %s", err)
p.Log(ERROR, err)
return err
}
Expand Down Expand Up @@ -448,13 +448,20 @@ func (p *XPod) stopContainers(cList []string, graceful int) error {
}
future.Add(c.Id(), func() error {
var toc <-chan time.Time
var retch = make(chan int32)

if int64(graceful) < 0 {
toc = make(chan time.Time)
} else {
toc = time.After(waitTime)
}

forceKill := graceful == 0
resChan := p.sandbox.WaitProcess(true, []string{c.Id()}, -1)
go func(retch chan int32, c *Container) {
ret, _ := p.sandbox.WaitProcess(c.Id(), c.Id())
retch <- ret
}(retch, c)

c.Log(DEBUG, "now, stop container")
err := c.terminate(forceKill)
// TODO filter container/process can't find error
Expand All @@ -464,20 +471,11 @@ func (p *XPod) stopContainers(cList []string, graceful int) error {
return err
}
}
if resChan == nil {
err := fmt.Errorf("cannot wait container %s", c.Id())
p.Log(ERROR, err)
return err
}

for {
select {
case ex, ok := <-resChan:
if !ok {
err := fmt.Errorf("chan broken while waiting container: %s", c.Id())
p.Log(WARNING, err)
return err
}
p.Log(DEBUG, "container %s stopped (%v)", ex.Id, ex.Code)
case ret := <-retch:
p.Log(DEBUG, "container %s stopped (%d)", c.Id(), ret)
return nil
case <-toc:
if forceKill {
Expand All @@ -493,6 +491,7 @@ func (p *XPod) stopContainers(cList []string, graceful int) error {
}
}
return nil

})
}

Expand Down Expand Up @@ -532,7 +531,8 @@ func (p *XPod) waitVMStop() {
}
p.statusLock.RUnlock()

_, _ = <-p.sandbox.WaitVm(-1)
monitor, _ := p.sandbox.Monitor()
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

check for error?

_ = <-monitor
p.Log(INFO, "got vm exit event")
p.cleanup()
}
Expand Down
104 changes: 56 additions & 48 deletions daemon/pod/exec.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -8,11 +8,9 @@ import (
"time"

"github.com/docker/docker/pkg/stdcopy"

"github.com/hyperhq/hypercontainer-utils/hlog"
"github.com/hyperhq/hyperd/utils"
"github.com/hyperhq/runv/api"
"github.com/hyperhq/runv/hypervisor"
vc "github.com/kata-containers/runtime/virtcontainers"
)

type Exec struct {
Expand Down Expand Up @@ -57,7 +55,7 @@ func (p *XPod) CreateExec(containerId, cmds string, terminal bool) (string, erro
p.statusLock.Lock()
p.execs[execId] = &Exec{
Container: containerId,
Id: execId,
Id: "",
Cmds: command,
Terminal: terminal,
ExitCode: 255,
Expand Down Expand Up @@ -85,6 +83,7 @@ type writeCloser struct {
}

func (p *XPod) StartExec(stdin io.ReadCloser, stdout io.WriteCloser, containerId, execId string) error {

c, ok := p.containers[containerId]
if !ok {
err := fmt.Errorf("no container %s available for exec %s", containerId, execId)
Expand All @@ -103,7 +102,7 @@ func (p *XPod) StartExec(stdin io.ReadCloser, stdout io.WriteCloser, containerId
}

wReader := &waitClose{ReadCloser: stdin, wait: make(chan bool)}
tty := &hypervisor.TtyIO{
tty := &TtyIO{
Stdin: wReader,
Stdout: stdout,
}
Expand All @@ -124,21 +123,39 @@ func (p *XPod) StartExec(stdin io.ReadCloser, stdout io.WriteCloser, containerId
}
}

cmd := vc.Cmd{
Args: es.Cmds,
Envs: c.cmdEnvs([]vc.EnvVar{}),
WorkDir: c.spec.Workdir,
Interactive: es.Terminal,
Detach: !es.Terminal,
User: "0", //set the default user and group
PrimaryGroup: "0",
}

if c.spec.User != nil {
cmd.User = c.spec.User.Name
cmd.PrimaryGroup = c.spec.User.Group
}

_, process, err := p.sandbox.EnterContainer(containerId, cmd)
if err != nil {
err := fmt.Errorf("cannot enter container %s, with err %s", containerId, err)
p.Log(ERROR, err)
return err
}
es.Id = process.Token

go func(es *Exec) {
result := p.sandbox.WaitProcess(false, []string{execId}, -1)
if result == nil {
ret, err := p.sandbox.WaitProcess(containerId, es.Id)
if err == nil {
es.Log(ERROR, "can not wait exec")
return
}

r, ok := <-result
if !ok {
es.Log(ERROR, "waiting exec interrupted")
return
}
es.Log(DEBUG, "exec terminated at %v with code %d", time.Now(), int(ret))
es.ExitCode = uint8(ret)

es.Log(DEBUG, "exec terminated at %v with code %d", r.FinishedAt, r.Code)
es.ExitCode = uint8(r.Code)
select {
case es.finChan <- true:
es.Log(DEBUG, "wake exec stopped chan")
Expand All @@ -147,30 +164,17 @@ func (p *XPod) StartExec(stdin io.ReadCloser, stdout io.WriteCloser, containerId
}
}(es)

var envs []string
for e, v := range c.descript.Envs {
envs = append(envs, fmt.Sprintf("%s=%s", e, v))
}

process := &api.Process{
Container: es.Container,
Id: es.Id,
Terminal: es.Terminal,
Args: es.Cmds,
Envs: envs,
Workdir: c.descript.Workdir,
}

if c.descript.UGI != nil {
process.User = c.descript.UGI.User
process.Group = c.descript.UGI.Group
process.AdditionalGroup = c.descript.UGI.AdditionalGroups
cstdin, cstdout, cstderr, err := p.sandbox.IOStream(containerId, es.Id)
if err != nil {
c.Log(ERROR, err)
return err
}

err := p.sandbox.AddProcess(process, tty)
go streamCopy(tty, cstdin, cstdout, cstderr)

<-wReader.wait
return err

return nil
}

func (p *XPod) GetExecExitCode(containerId, execId string) (uint8, error) {
Expand Down Expand Up @@ -208,8 +212,8 @@ func (p *XPod) KillExec(execId string, sig int64) error {
}

return p.protectedSandboxOperation(
func(sb *hypervisor.Vm) error {
return sb.SignalProcess(es.Container, es.Id, syscall.Signal(sig))
func(sb *vc.Sandbox) error {
return sb.SignalProcess(es.Container, es.Id, syscall.Signal(sig), true)
},
time.Second*5,
fmt.Sprintf("Kill process %s with %d", es.Id, sig))
Expand All @@ -228,16 +232,20 @@ func (p *XPod) CleanupExecs() {
}

func (p *XPod) ExecVM(cmd string, stdin io.ReadCloser, stdout, stderr io.WriteCloser) (int, error) {
wReader := &waitClose{ReadCloser: stdin, wait: make(chan bool)}
tty := &hypervisor.TtyIO{
Stdin: wReader,
Stdout: stdout,
Stderr: stderr,
}
res, err := p.sandbox.HyperstartExec(cmd, tty)
if err != nil {
return res, err
}
<-wReader.wait
return res, err
/*
wReader := &waitClose{ReadCloser: stdin, wait: make(chan bool)}
tty := &hypervisor.TtyIO{
Stdin: wReader,
Stdout: stdout,
Stderr: stderr,
}

res, err := p.sandbox.HyperstartExec(cmd, tty)
if err != nil {
return res, err
}
<-wReader.wait
*/
// return res, err
return 0, nil
}
13 changes: 8 additions & 5 deletions daemon/pod/networks.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -76,11 +76,14 @@ func (inf *Interface) add() error {
inf.Log(ERROR, err)
return err
}
err := inf.p.sandbox.AddNic(inf.descript)
if err != nil {
inf.Log(ERROR, "failed to add NIC: %v", err)
}
return err
/*
err := inf.p.sandbox.AddNic(inf.descript)
if err != nil {
inf.Log(ERROR, "failed to add NIC: %v", err)
}
return err
*/
return nil
}

func (inf *Interface) cleanup() error {
Expand Down
Loading