167 lines
6.9 KiB
Diff
167 lines
6.9 KiB
Diff
From b3373e04e420d448bb638407f9d36c5033f85f14 Mon Sep 17 00:00:00 2001
|
|
From: jikai <jikai11@huawei.com>
|
|
Date: Sat, 20 Jan 2024 13:32:22 +0800
|
|
Subject: [PATCH 188/198] update annotations and add ci cases
|
|
|
|
Signed-off-by: jikai <jikai11@huawei.com>
|
|
---
|
|
.../container_cases/dev_cgroup_rule.sh | 24 ++++++++++++
|
|
src/daemon/modules/api/specs_api.h | 2 +
|
|
.../modules/service/service_container.c | 18 ++++++++-
|
|
src/daemon/modules/spec/specs.c | 38 +++++++++++++++++++
|
|
4 files changed, 80 insertions(+), 2 deletions(-)
|
|
|
|
diff --git a/CI/test_cases/container_cases/dev_cgroup_rule.sh b/CI/test_cases/container_cases/dev_cgroup_rule.sh
|
|
index 839a546c..5616d37a 100755
|
|
--- a/CI/test_cases/container_cases/dev_cgroup_rule.sh
|
|
+++ b/CI/test_cases/container_cases/dev_cgroup_rule.sh
|
|
@@ -29,6 +29,9 @@ function test_cpu_dev_cgoup_rule_spec()
|
|
local image="busybox"
|
|
local test="container device cgroup rule test with (${runtime}) => (${FUNCNAME[@]})"
|
|
local test_dev="/dev/testA"
|
|
+ local default_config="/etc/default/isulad/config.json"
|
|
+ local default_config_bak="/etc/default/isulad/config.json.bak"
|
|
+ local test_cgroup_parent="/testABC"
|
|
|
|
msg_info "${test} starting..."
|
|
|
|
@@ -54,6 +57,27 @@ function test_cpu_dev_cgoup_rule_spec()
|
|
[[ $? -ne 0 ]] && [[ $cnt -le $priv_minor_88_cnt ]] && msg_err "${FUNCNAME[0]}:${LINENO} - check device minor failed" && ((ret++))
|
|
isula rm -f $priv_cid
|
|
|
|
+ def_cid=$(isula run -tid --runtime $runtime -m 10m $image /bin/sh)
|
|
+ [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - run container failed" && ((ret++))
|
|
+ cp $default_config $default_config_bak
|
|
+ sed -i '/"linux": {/a \ \t\t"devices": [\n\t\t{\n\t\t\t"type": "c",\n\t\t\t"path": "\/dev\/testABC",\n\t\t\t"major": 88,\n\t\t\t"minor": 88\n\t\t}\n\t\t],' $default_config
|
|
+ stop_isulad_without_valgrind
|
|
+ start_isulad_with_valgrind --cgroup-parent $test_cgroup_parent
|
|
+ [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - start isulad failed" && ((ret++))
|
|
+ isula restart -t 0 $def_cid
|
|
+ [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - restart container failed" && ((ret++))
|
|
+ cat /sys/fs/cgroup/memory/$test_cgroup_parent/$def_cid/memory.limit_in_bytes | grep ^10485760$
|
|
+ [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - --cgroup-parent cannot work" && ((ret++))
|
|
+ cnt=$(cat ${RUNTIME_ROOT_PATH}/${runtime}/$def_cid/config.json | grep "major\": 88" | wc -l)
|
|
+ [[ $? -ne 0 ]]&& [[ $cnt -ne 2 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - check device major failed" && ((ret++))
|
|
+ cnt=$(cat ${RUNTIME_ROOT_PATH}/${runtime}/$def_cid/config.json | grep "minor\": 88" | wc -l)
|
|
+ [[ $? -ne 0 ]] && [[ $cnt -ne 2 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - check device minor failed" && ((ret++))
|
|
+ isula rm -f $def_cid
|
|
+ cp $default_config_bak $default_config
|
|
+ stop_isulad_without_valgrind
|
|
+ start_isulad_with_valgrind
|
|
+ [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - start isulad failed" && ((ret++))
|
|
+
|
|
cid=$(isula run -tid --device "$test_dev:$test_dev" --runtime $runtime $image /bin/sh)
|
|
[[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - run container failed" && ((ret++))
|
|
cnt=$(cat ${RUNTIME_ROOT_PATH}/${runtime}/$cid/config.json | grep "major\": 88" | wc -l)
|
|
diff --git a/src/daemon/modules/api/specs_api.h b/src/daemon/modules/api/specs_api.h
|
|
index f48f0bda..1a5a6ecc 100644
|
|
--- a/src/daemon/modules/api/specs_api.h
|
|
+++ b/src/daemon/modules/api/specs_api.h
|
|
@@ -40,6 +40,8 @@ int parse_security_opt(const host_config *host_spec, bool *no_new_privileges, ch
|
|
int merge_share_namespace(oci_runtime_spec *oci_spec, const host_config *host_spec,
|
|
const container_config_v2_common_config_network_settings *network_settings);
|
|
|
|
+int update_spec_annotations(oci_runtime_spec *oci_spec, container_config *container_spec, host_config *host_spec);
|
|
+
|
|
const oci_runtime_spec *get_readonly_default_oci_spec(bool system_container);
|
|
|
|
int spec_module_init(void);
|
|
diff --git a/src/daemon/modules/service/service_container.c b/src/daemon/modules/service/service_container.c
|
|
index a5c12862..99e94e81 100644
|
|
--- a/src/daemon/modules/service/service_container.c
|
|
+++ b/src/daemon/modules/service/service_container.c
|
|
@@ -683,11 +683,18 @@ out:
|
|
epoll_loop_close(&descr);
|
|
}
|
|
|
|
-static int do_oci_spec_update(const char *id, oci_runtime_spec *oci_spec, host_config *hostconfig)
|
|
+static int do_oci_spec_update(const char *id, oci_runtime_spec *oci_spec, container_config *container_spec, host_config *hostconfig)
|
|
{
|
|
char *cgroup_parent = NULL;
|
|
int ret;
|
|
|
|
+ // First renew annotations for oci spec, cgroup path, rootfs.mount, native.mask
|
|
+ // for iSulad daemon might get updated
|
|
+ ret = update_spec_annotations(oci_spec, container_spec, hostconfig);
|
|
+ if (ret < 0) {
|
|
+ return -1;
|
|
+ }
|
|
+
|
|
// If isulad daemon cgroup parent updated, we should update this config into oci spec
|
|
cgroup_parent = merge_container_cgroups_path(id, hostconfig);
|
|
if (cgroup_parent == NULL) {
|
|
@@ -795,13 +802,20 @@ static int do_start_container(container_t *cont, const char *console_fifos[], bo
|
|
}
|
|
|
|
// Update possible changes
|
|
- nret = do_oci_spec_update(id, oci_spec, cont->hostconfig);
|
|
+ nret = do_oci_spec_update(id, oci_spec, cont->common_config->config, cont->hostconfig);
|
|
if (nret != 0) {
|
|
ERROR("Failed to update possible changes for oci spec");
|
|
ret = -1;
|
|
goto close_exit_fd;
|
|
}
|
|
|
|
+ nret = container_to_disk(cont);
|
|
+ if (nret != 0) {
|
|
+ ERROR("Failed to save container info to disk");
|
|
+ ret = -1;
|
|
+ goto close_exit_fd;
|
|
+ }
|
|
+
|
|
nret = setup_ipc_dirs(cont->hostconfig, cont->common_config);
|
|
if (nret != 0) {
|
|
ERROR("Failed to setup ipc dirs");
|
|
diff --git a/src/daemon/modules/spec/specs.c b/src/daemon/modules/spec/specs.c
|
|
index 316e9c92..8a112496 100644
|
|
--- a/src/daemon/modules/spec/specs.c
|
|
+++ b/src/daemon/modules/spec/specs.c
|
|
@@ -386,6 +386,44 @@ out:
|
|
return ret;
|
|
}
|
|
|
|
+int update_spec_annotations(oci_runtime_spec *oci_spec, container_config *container_spec, host_config *host_spec)
|
|
+{
|
|
+ int ret = 0;
|
|
+ if (oci_spec == NULL || container_spec == NULL || host_spec == NULL) {
|
|
+ return -1;
|
|
+ }
|
|
+
|
|
+ ret = make_sure_container_spec_annotations(container_spec);
|
|
+ if (ret < 0) {
|
|
+ return -1;
|
|
+ }
|
|
+
|
|
+ ret = make_annotations_cgroup_dir(container_spec, host_spec);
|
|
+ if (ret != 0) {
|
|
+ return -1;
|
|
+ }
|
|
+
|
|
+ /* add rootfs.mount */
|
|
+ ret = add_rootfs_mount(container_spec);
|
|
+ if (ret != 0) {
|
|
+ ERROR("Failed to add rootfs mount");
|
|
+ return -1;
|
|
+ }
|
|
+
|
|
+ /* add native.umask */
|
|
+ ret = add_native_umask(container_spec);
|
|
+ if (ret != 0) {
|
|
+ ERROR("Failed to add native umask");
|
|
+ return -1;
|
|
+ }
|
|
+
|
|
+ if (merge_annotations(oci_spec, container_spec)) {
|
|
+ return -1;
|
|
+ }
|
|
+
|
|
+ return 0;
|
|
+}
|
|
+
|
|
/* default_spec returns default oci spec used by isulad. */
|
|
oci_runtime_spec *default_spec(bool system_container)
|
|
{
|
|
--
|
|
2.25.1
|
|
|