packages/iSulad
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
iSulad/0064-split-remote-grpc-code-by-macro.patch
zhangxiaoyu 68738aa0f1 upgrade from upstream 
Signed-off-by: zhangxiaoyu <zhangxiaoyu58@huawei.com>
2023-06-01 12:04:54 +08:00

993 lines
45 KiB
Diff
Raw Blame History

From 84cc7186842b45844b017a5bc8afa16b28bac668 Mon Sep 17 00:00:00 2001
From: zhangxiaoyu <zhangxiaoyu58@huawei.com>
Date: Thu, 11 May 2023 10:27:08 +0800
Subject: [PATCH 64/79] split remote grpc code by macro
Signed-off-by: zhangxiaoyu <zhangxiaoyu58@huawei.com>
---
cmake/options.cmake | 6 ++
src/client/connect/connect.h | 2 +
src/client/connect/grpc/client_base.h | 12 ++-
.../connect/grpc/grpc_containers_client.cc | 22 +++++-
src/cmd/isula/client_arguments.c | 10 +++
src/cmd/isula/client_arguments.h | 15 +++-
src/cmd/isulad-shim/common.h | 4 +-
src/cmd/isulad/isulad_commands.c | 1 +
src/cmd/isulad/isulad_commands.h | 78 ++++++++++---------
src/cmd/isulad/main.c | 31 +++++---
src/common/constants.h | 2 +
src/daemon/config/daemon_arguments.c | 4 +
src/daemon/config/isulad_config.c | 4 +
.../connect/grpc/grpc_server_tls_auth.cc | 6 +-
src/daemon/entry/connect/grpc/grpc_service.cc | 11 +++
.../cri/cri_container_manager_service_impl.cc | 6 +-
src/daemon/entry/cri/cri_helpers.cc | 2 +-
.../oci/storage/image_store/image_store.c | 14 ++--
.../oci/storage/layer_store/layer_store.c | 14 ++--
.../remote_layer_support/image_remote_impl.c | 3 +-
src/utils/cutils/utils_verify.c | 6 ++
.../remote_layer_support/remote_layer_ut.cc | 2 +-
22 files changed, 181 insertions(+), 74 deletions(-)
diff --git a/cmake/options.cmake b/cmake/options.cmake
index 701082dd..d8b88dec 100644
--- a/cmake/options.cmake
+++ b/cmake/options.cmake
@@ -90,6 +90,12 @@ if (ENABLE_SELINUX STREQUAL "ON")
message("${Green}-- Enable selinux${ColourReset}")
endif()
+option(ENABLE_GRPC_REMOTE_CONNECT "enable gRPC remote connect" ON)
+if (ENABLE_GRPC_REMOTE_CONNECT STREQUAL "ON")
+ add_definitions(-DENABLE_GRPC_REMOTE_CONNECT=1)
+ set(ENABLE_GRPC_REMOTE_CONNECT 1)
+endif()
+
option(ENABLE_SHIM_V2 "enable shim v2 runtime" OFF)
if (ENABLE_SHIM_V2 STREQUAL "ON")
add_definitions(-DENABLE_SHIM_V2=1)
diff --git a/src/client/connect/connect.h b/src/client/connect/connect.h
index 1b2ea5b3..68c6d57f 100644
--- a/src/client/connect/connect.h
+++ b/src/client/connect/connect.h
@@ -24,12 +24,14 @@ extern "C" {
typedef struct {
unsigned int deadline;
char *socket;
+#ifdef ENABLE_GRPC_REMOTE_CONNECT
// gRPC tls config
bool tls;
bool tls_verify;
char *ca_file;
char *cert_file;
char *key_file;
+#endif
} client_connect_config_t;
#ifdef __cplusplus
diff --git a/src/client/connect/grpc/client_base.h b/src/client/connect/grpc/client_base.h
index dbe130cd..4a29765a 100644
--- a/src/client/connect/grpc/client_base.h
+++ b/src/client/connect/grpc/client_base.h
@@ -44,9 +44,10 @@ public:
auto *arguments = reinterpret_cast<client_connect_config_t *>(args);
std::string socket_address = arguments->socket;
- const std::string tcp_prefix = "tcp://";
deadline = arguments->deadline;
+#ifdef ENABLE_GRPC_REMOTE_CONNECT
+ const std::string tcp_prefix = "tcp://";
if (socket_address.compare(0, tcp_prefix.length(), tcp_prefix) == 0) {
socket_address.erase(0, tcp_prefix.length());
}
@@ -76,9 +77,12 @@ public:
// Connect to gRPC server with ssl/tls authentication mechanism.
stub_ = SV::NewStub(channel);
} else {
+#endif
// Connect to gRPC server without ssl/tls authentication mechanism.
stub_ = SV::NewStub(grpc::CreateChannel(socket_address, grpc::InsecureChannelCredentials()));
+#ifdef ENABLE_GRPC_REMOTE_CONNECT
}
+#endif
}
virtual ~ClientBase() = default;
@@ -109,12 +113,14 @@ public:
context.set_deadline(tDeadline);
}
+#ifdef ENABLE_GRPC_REMOTE_CONNECT
// Set metadata for authorization
if (SetMetadataInfo(context) != 0) {
ERROR("Failed to set metadata info for authorization");
response->cc = ISULAD_ERR_INPUT;
return -1;
}
+#endif
ret = request_to_grpc(request, &req);
if (ret != 0) {
@@ -187,6 +193,7 @@ protected:
return ss.str();
}
+#ifdef ENABLE_GRPC_REMOTE_CONNECT
auto SetMetadataInfo(ClientContext &context) -> int
{
// Set common name from cert.perm
@@ -204,10 +211,13 @@ protected:
return 0;
}
+#endif
std::unique_ptr<sTB> stub_;
+#ifdef ENABLE_GRPC_REMOTE_CONNECT
std::string m_tlsMode { ClientBaseConstants::TLS_OFF };
std::string m_certFile;
+#endif
unsigned int deadline;
};
diff --git a/src/client/connect/grpc/grpc_containers_client.cc b/src/client/connect/grpc/grpc_containers_client.cc
index 1528b2ee..301e172b 100644
--- a/src/client/connect/grpc/grpc_containers_client.cc
+++ b/src/client/connect/grpc/grpc_containers_client.cc
@@ -298,6 +298,7 @@ public:
}
};
+#ifdef ENABLE_GRPC_REMOTE_CONNECT
class RemoteStartWriteToServerTask : public StoppableThread {
public:
explicit RemoteStartWriteToServerTask(
@@ -442,6 +443,8 @@ out:
return (response->cc == ISULAD_SUCCESS) ? 0 : -1;
}
};
+#endif
+
class ContainerTop : public ClientBase<ContainerService, ContainerService::Stub, isula_top_request, TopRequest,
isula_top_response, TopResponse> {
public:
@@ -868,6 +871,7 @@ public:
}
};
+#ifdef ENABLE_GRPC_REMOTE_CONNECT
class RemoteExecWriteToServerTask : public StoppableThread {
public:
explicit RemoteExecWriteToServerTask(
@@ -1035,6 +1039,7 @@ out:
return (response->cc == ISULAD_SUCCESS) ? 0 : -1;
}
};
+#endif
class ContainerInspect : public ClientBase<ContainerService, ContainerService::Stub, isula_inspect_request,
InspectContainerRequest, isula_inspect_response, InspectContainerResponse> {
@@ -1351,6 +1356,7 @@ public:
ERROR("Missing container id in the request");
return -1;
}
+#ifdef ENABLE_GRPC_REMOTE_CONNECT
#ifdef OPENSSL_VERIFY
// Set common name from cert.perm
char common_name_value[ClientBaseConstants::COMMON_NAME_LEN] = { 0 };
@@ -1362,6 +1368,7 @@ public:
}
context.AddMetadata("username", std::string(common_name_value, strlen(common_name_value)));
context.AddMetadata("tls_mode", m_tlsMode);
+#endif
#endif
context.AddMetadata("container-id", std::string(request->name));
context.AddMetadata("attach-stdin", request->attach_stdin ? "true" : "false");
@@ -1742,11 +1749,13 @@ public:
Status status;
container_events_format_t *isula_event = nullptr;
+#ifdef ENABLE_GRPC_REMOTE_CONNECT
if (SetMetadataInfo(context) != 0) {
ERROR("Failed to set metadata info for authorization");
response->cc = ISULAD_ERR_INPUT;
return -1;
}
+#endif
ret = events_request_to_grpc(request, &req);
if (ret != 0) {
@@ -1926,6 +1935,7 @@ public:
return -1;
}
+#ifdef ENABLE_GRPC_REMOTE_CONNECT
#ifdef OPENSSL_VERIFY
// Set common name from cert.perm
char common_name_value[ClientBaseConstants::COMMON_NAME_LEN] = { 0 };
@@ -1938,6 +1948,7 @@ public:
}
ctx->context.AddMetadata("username", std::string(common_name_value, strlen(common_name_value)));
ctx->context.AddMetadata("tls_mode", m_tlsMode);
+#endif
#endif
auto reader = stub_->CopyFromContainer(&ctx->context, ctx->request);
reader->WaitForInitialMetadata();
@@ -2073,6 +2084,7 @@ public:
goto out;
}
context.AddMetadata("isulad-copy-to-container", json);
+#ifdef ENABLE_GRPC_REMOTE_CONNECT
#ifdef OPENSSL_VERIFY
{
// Set common name from cert.perm
@@ -2088,6 +2100,7 @@ public:
context.AddMetadata("tls_mode", m_tlsMode);
}
#endif
+#endif
out:
free(err);
@@ -2146,6 +2159,7 @@ public:
ClientContext context;
LogsRequest grequest;
+#ifdef ENABLE_GRPC_REMOTE_CONNECT
#ifdef OPENSSL_VERIFY
// Set common name from cert.perm
char common_name_value[ClientBaseConstants::COMMON_NAME_LEN] = { 0 };
@@ -2157,6 +2171,7 @@ public:
}
context.AddMetadata("username", std::string(common_name_value, strlen(common_name_value)));
context.AddMetadata("tls_mode", m_tlsMode);
+#endif
#endif
if (logs_request_to_grpc(request, &grequest) != 0) {
@@ -2234,13 +2249,11 @@ auto grpc_containers_client_ops_init(isula_connect_ops *ops) -> int
ops->container.info = container_func<isula_info_request, isula_info_response, ContainerInfo>;
ops->container.create = container_func<isula_create_request, isula_create_response, ContainerCreate>;
ops->container.start = container_func<isula_start_request, isula_start_response, ContainerStart>;
- ops->container.remote_start = container_func<isula_start_request, isula_start_response, ContainerRemoteStart>;
ops->container.stop = container_func<isula_stop_request, isula_stop_response, ContainerStop>;
ops->container.restart = container_func<isula_restart_request, isula_restart_response, ContainerRestart>;
ops->container.remove = container_func<isula_delete_request, isula_delete_response, ContainerDelete>;
ops->container.list = container_func<isula_list_request, isula_list_response, ContainerList>;
ops->container.exec = container_func<isula_exec_request, isula_exec_response, ContainerExec>;
- ops->container.remote_exec = container_func<isula_exec_request, isula_exec_response, ContainerRemoteExec>;
ops->container.attach = container_func<isula_attach_request, isula_attach_response, ContainerAttach>;
ops->container.pause = container_func<isula_pause_request, isula_pause_response, ContainerPause>;
ops->container.resume = container_func<isula_resume_request, isula_resume_response, ContainerResume>;
@@ -2260,5 +2273,10 @@ auto grpc_containers_client_ops_init(isula_connect_ops *ops) -> int
ops->container.resize = container_func<isula_resize_request, isula_resize_response, ContainerResize>;
ops->container.logs = container_func<isula_logs_request, isula_logs_response, ContainerLogs>;
+#ifdef ENABLE_GRPC_REMOTE_CONNECT
+ ops->container.remote_start = container_func<isula_start_request, isula_start_response, ContainerRemoteStart>;
+ ops->container.remote_exec = container_func<isula_exec_request, isula_exec_response, ContainerRemoteExec>;
+#endif
+
return 0;
}
diff --git a/src/cmd/isula/client_arguments.c b/src/cmd/isula/client_arguments.c
index 8f8c2657..2340beec 100644
--- a/src/cmd/isula/client_arguments.c
+++ b/src/cmd/isula/client_arguments.c
@@ -31,6 +31,8 @@ client_connect_config_t get_connect_config(const struct client_arguments *args)
client_connect_config_t config = { 0 };
config.socket = args->socket;
+
+#ifdef ENABLE_GRPC_REMOTE_CONNECT
// unix socket not support tls
if (strncmp(args->socket, "tcp://", strlen("tcp://"))) {
config.tls_verify = false;
@@ -49,9 +51,12 @@ client_connect_config_t get_connect_config(const struct client_arguments *args)
config.cert_file = args->cert_file;
config.key_file = args->key_file;
}
+#endif
+
return config;
}
+#ifdef ENABLE_GRPC_REMOTE_CONNECT
static int set_default_tls_options(struct client_arguments *args)
{
int ret = -1;
@@ -104,6 +109,7 @@ out:
free(cert_path);
return ret;
}
+#endif
/* client arguments init */
int client_arguments_init(struct client_arguments *args)
@@ -127,9 +133,11 @@ int client_arguments_init(struct client_arguments *args)
(void)memset(&args->custom_conf, 0, sizeof(struct custom_configs));
(void)memset(&args->cr, 0, sizeof(struct args_cgroup_resources));
+#ifdef ENABLE_GRPC_REMOTE_CONNECT
if (set_default_tls_options(args) != 0) {
return -1;
}
+#endif
// default swappiness should be set to -1
args->cr.swappiness = -1;
@@ -241,6 +249,7 @@ void client_arguments_free(struct client_arguments *args)
util_free_array(custom_conf->security);
custom_conf->security = NULL;
+#ifdef ENABLE_GRPC_REMOTE_CONNECT
free(args->ca_file);
args->ca_file = NULL;
@@ -249,6 +258,7 @@ void client_arguments_free(struct client_arguments *args)
free(args->key_file);
args->key_file = NULL;
+#endif
util_free_array(custom_conf->blkio_throttle_read_bps_device);
custom_conf->blkio_throttle_read_bps_device = NULL;
diff --git a/src/cmd/isula/client_arguments.h b/src/cmd/isula/client_arguments.h
index 087ea056..0b08bcb2 100644
--- a/src/cmd/isula/client_arguments.h
+++ b/src/cmd/isula/client_arguments.h
@@ -348,12 +348,14 @@ struct client_arguments {
json_map_string_string *annotations;
+#ifdef ENABLE_GRPC_REMOTE_CONNECT
// gRPC tls config
bool tls;
bool tls_verify;
char *ca_file;
char *cert_file;
char *key_file;
+#endif
do_resize_call_back_t resize_cb;
struct winsize s_pre_wsz;
@@ -361,9 +363,10 @@ struct client_arguments {
#define LOG_OPTIONS(log) { CMD_OPT_TYPE_BOOL_FALSE, false, "debug", 'D', &(log).quiet, "Enable debug mode", NULL },
-#define COMMON_OPTIONS(cmdargs) \
- { CMD_OPT_TYPE_STRING_DUP, false, "host", 'H', &(cmdargs).socket, "Daemon socket(s) to connect to", \
- command_valid_socket }, \
+#ifdef ENABLE_GRPC_REMOTE_CONNECT
+#define COMMON_OPTIONS(cmdargs) \
+ { CMD_OPT_TYPE_STRING_DUP, false, "host", 'H', &(cmdargs).socket, "Daemon socket(s) to connect to", \
+ command_valid_socket }, \
{ CMD_OPT_TYPE_BOOL, false, "tls", 0, &(cmdargs).tls, "Use TLS; implied by --tlsverify", NULL }, \
{ CMD_OPT_TYPE_BOOL, false, "tlsverify", 0, &(cmdargs).tls_verify, "Use TLS and verify the remote", NULL }, \
{ CMD_OPT_TYPE_STRING_DUP, \
@@ -388,6 +391,12 @@ struct client_arguments {
"Path to TLS key file (default \"/root/.iSulad/key.pem\")", \
NULL }, \
{ CMD_OPT_TYPE_BOOL, false, "help", 0, &(cmdargs).help, "Print usage", NULL },
+#else
+#define COMMON_OPTIONS(cmdargs) \
+ { CMD_OPT_TYPE_STRING_DUP, false, "host", 'H', &(cmdargs).socket, "Daemon socket(s) to connect to", \
+ command_valid_socket }, \
+ { CMD_OPT_TYPE_BOOL, false, "help", 0, &(cmdargs).help, "Print usage", NULL },
+#endif
#define VERSION_OPTIONS(cmdargs) \
{ CMD_OPT_TYPE_BOOL, false, "version", 0, NULL, "Print version information and quit", NULL },
diff --git a/src/cmd/isulad-shim/common.h b/src/cmd/isulad-shim/common.h
index d733823b..b3f52dc3 100644
--- a/src/cmd/isulad-shim/common.h
+++ b/src/cmd/isulad-shim/common.h
@@ -35,8 +35,8 @@ extern "C" {
#define SHIM_ERR_TIMEOUT (-4)
// common exit code is defined in stdlib.h
-// EXIT_FAILURE 1 : Failing exit status.
-// EXIT_SUCCESS 0 : Successful exit status.
+// EXIT_FAILURE 1 : Failing exit status.
+// EXIT_SUCCESS 0 : Successful exit status.
// custom shim exit code
// SHIM_EXIT_TIMEOUT 2: Container process timeout exit code
#define SHIM_EXIT_TIMEOUT 2
diff --git a/src/cmd/isulad/isulad_commands.c b/src/cmd/isulad/isulad_commands.c
index 42d0bde6..e814109e 100644
--- a/src/cmd/isulad/isulad_commands.c
+++ b/src/cmd/isulad/isulad_commands.c
@@ -225,6 +225,7 @@ int parse_args(struct service_arguments *args, int argc, const char **argv)
command_t cmd = { 0 };
struct command_option options[] = {
ISULAD_OPTIONS(args)
+ ISULAD_TLS_OPTIONS(args)
};
command_init_isulad(&cmd, options, sizeof(options) / sizeof(options[0]), argc, (const char **)argv, isulad_desc,
isulad_usage);
diff --git a/src/cmd/isulad/isulad_commands.h b/src/cmd/isulad/isulad_commands.h
index a89de5c1..e5bcb6c8 100644
--- a/src/cmd/isulad/isulad_commands.h
+++ b/src/cmd/isulad/isulad_commands.h
@@ -65,6 +65,48 @@ int command_default_ulimit_append(command_option_t *option, const char *arg);
#define USERNS_REMAP_OPT(cmdargs)
#endif
+#ifdef ENABLE_GRPC_REMOTE_CONNECT
+#define ISULAD_TLS_OPTIONS(cmdargs) \
+ { CMD_OPT_TYPE_STRING_DUP, \
+ false, \
+ "authorization-plugin", \
+ 0, \
+ &(cmdargs)->json_confs->authorization_plugin, \
+ "Use authorization plugin", \
+ NULL }, \
+ { CMD_OPT_TYPE_BOOL, false, "tls", 0, &(cmdargs)->json_confs->tls, "Use TLS; implied by --tlsverify", NULL }, \
+ { CMD_OPT_TYPE_BOOL, \
+ false, \
+ "tlsverify", \
+ 0, \
+ &(cmdargs)->json_confs->tls_verify, \
+ "Use TLS and verify the remote", \
+ NULL }, \
+ { CMD_OPT_TYPE_STRING_DUP, \
+ false, \
+ "tlscacert", \
+ 0, \
+ &(cmdargs)->json_confs->tls_config->ca_file, \
+ "Trust certs signed only by this CA (default \"/root/.iSulad/ca.pem\")", \
+ NULL }, \
+ { CMD_OPT_TYPE_STRING_DUP, \
+ false, \
+ "tlscert", \
+ 0, \
+ &(cmdargs)->json_confs->tls_config->cert_file, \
+ "Path to TLS certificate file (default \"/root/.iSulad/cert.pem\")", \
+ NULL }, \
+ { CMD_OPT_TYPE_STRING_DUP, \
+ false, \
+ "tlskey", \
+ 0, \
+ &(cmdargs)->json_confs->tls_config->key_file, \
+ "Path to TLS key file (default \"/root/.iSulad/key.pem\")", \
+ NULL },
+#else
+#define ISULAD_TLS_OPTIONS(cmdargs)
+#endif
+
#define ISULAD_OPTIONS(cmdargs) \
{ CMD_OPT_TYPE_CALLBACK, \
false, \
@@ -241,42 +283,6 @@ int command_default_ulimit_append(command_option_t *option, const char *arg);
(cmdargs)->json_confs->use_decrypted_key, \
"Use decrypted private key by default (default true)", \
NULL }, \
- { CMD_OPT_TYPE_STRING_DUP, \
- false, \
- "authorization-plugin", \
- 0, \
- &(cmdargs)->json_confs->authorization_plugin, \
- "Use authorization plugin", \
- NULL }, \
- { CMD_OPT_TYPE_BOOL, false, "tls", 0, &(cmdargs)->json_confs->tls, "Use TLS; implied by --tlsverify", NULL }, \
- { CMD_OPT_TYPE_BOOL, \
- false, \
- "tlsverify", \
- 0, \
- &(cmdargs)->json_confs->tls_verify, \
- "Use TLS and verify the remote", \
- NULL }, \
- { CMD_OPT_TYPE_STRING_DUP, \
- false, \
- "tlscacert", \
- 0, \
- &(cmdargs)->json_confs->tls_config->ca_file, \
- "Trust certs signed only by this CA (default \"/root/.iSulad/ca.pem\")", \
- NULL }, \
- { CMD_OPT_TYPE_STRING_DUP, \
- false, \
- "tlscert", \
- 0, \
- &(cmdargs)->json_confs->tls_config->cert_file, \
- "Path to TLS certificate file (default \"/root/.iSulad/cert.pem\")", \
- NULL }, \
- { CMD_OPT_TYPE_STRING_DUP, \
- false, \
- "tlskey", \
- 0, \
- &(cmdargs)->json_confs->tls_config->key_file, \
- "Path to TLS key file (default \"/root/.iSulad/key.pem\")", \
- NULL }, \
{ CMD_OPT_TYPE_CALLBACK, \
false, \
"default-ulimit", \
diff --git a/src/cmd/isulad/main.c b/src/cmd/isulad/main.c
index 6d121f33..f5ded220 100644
--- a/src/cmd/isulad/main.c
+++ b/src/cmd/isulad/main.c
@@ -695,6 +695,7 @@ out:
}
#endif
+#ifdef ENABLE_GRPC_REMOTE_CONNECT
// update values for options after flag parsing is complete
static int update_tls_options(struct service_arguments *args)
{
@@ -745,6 +746,7 @@ static int update_tls_options(struct service_arguments *args)
out:
return ret;
}
+#endif
static int update_set_default_log_file(struct service_arguments *args)
{
@@ -946,9 +948,11 @@ static int update_server_args(struct service_arguments *args)
}
#endif
+#ifdef ENABLE_GRPC_REMOTE_CONNECT
if (update_tls_options(args)) {
return -1;
}
+#endif
if (update_set_default_log_file(args) != 0) {
return -1;
@@ -1284,17 +1288,20 @@ static char *parse_host(bool tls, const char *val)
char *host = NULL;
char *tmp = util_strdup_s(val);
tmp = util_trim_space(tmp);
- if (tmp == NULL) {
- if (tls) {
- host = util_strdup_s(DEFAULT_TLS_HOST);
- } else {
- host = util_strdup_s(DEFAULT_UNIX_SOCKET);
- }
- } else {
+
+ if (tmp != NULL) {
host = util_strdup_s(val);
+ free(tmp);
+ return host;
+ }
+
+#ifdef ENABLE_GRPC_REMOTE_CONNECT
+ if (tls) {
+ return util_strdup_s(DEFAULT_TLS_HOST);
}
- free(tmp);
- return host;
+#endif
+
+ return util_strdup_s(DEFAULT_UNIX_SOCKET);
}
static int listener_init(const char *proto, const char *addr, const char *socket_group)
@@ -1329,7 +1336,11 @@ static int load_listener(const struct service_arguments *args)
for (i = 0; i < args->hosts_len; i++) {
char *proto_addr = NULL;
+#ifdef ENABLE_GRPC_REMOTE_CONNECT
proto_addr = parse_host(args->json_confs->tls, args->hosts[i]);
+#else
+ proto_addr = parse_host(false, args->hosts[i]);
+#endif
proto = strtok_r(proto_addr, delim, &addr);
if (proto == NULL) {
ERROR("Failed to get proto");
@@ -1339,11 +1350,13 @@ static int load_listener(const struct service_arguments *args)
}
addr += strlen("://") - 1;
+#ifdef ENABLE_GRPC_REMOTE_CONNECT
if (strncmp(proto, "tcp", strlen("tcp")) == 0 &&
(args->json_confs->tls_config == NULL || !args->json_confs->tls_verify)) {
WARN("[!] DON'T BIND ON ANY IP ADDRESS WITHOUT setting"
" --tlsverify IF YOU DON'T KNOW WHAT YOU'RE DOING [!]");
}
+#endif
// note: If we're binding to a TCP port, make sure that a container doesn't try to use it.
ret = listener_init(proto, args->hosts[i], args->json_confs->group);
diff --git a/src/common/constants.h b/src/common/constants.h
index 1a4cb7c4..37854291 100644
--- a/src/common/constants.h
+++ b/src/common/constants.h
@@ -121,8 +121,10 @@ extern "C" {
#define OCI_IMAGE_GRAPH_ROOTPATH_NAME "storage"
+#ifdef ENABLE_GRPC_REMOTE_CONNECT
#define DEFAULT_TCP_HOST "tcp://localhost:2375"
#define DEFAULT_TLS_HOST "tcp://localhost:2376"
+#endif
#define AUTH_PLUGIN "authz-broker"
diff --git a/src/daemon/config/daemon_arguments.c b/src/daemon/config/daemon_arguments.c
index 04173557..078fb4a1 100644
--- a/src/daemon/config/daemon_arguments.c
+++ b/src/daemon/config/daemon_arguments.c
@@ -27,6 +27,7 @@
#include "utils_array.h"
#include "utils_file.h"
+#ifdef ENABLE_GRPC_REMOTE_CONNECT
static int set_daemon_default_tls_options(struct service_arguments *args)
{
int ret = -1;
@@ -87,6 +88,7 @@ out:
free(cert_path);
return ret;
}
+#endif
int service_arguments_init(struct service_arguments *args)
{
@@ -156,9 +158,11 @@ int service_arguments_init(struct service_arguments *args)
*(args->json_confs->use_decrypted_key) = true;
args->json_confs->insecure_skip_verify_enforce = false;
+#ifdef ENABLE_GRPC_REMOTE_CONNECT
if (set_daemon_default_tls_options(args) != 0) {
goto free_out;
}
+#endif
args->default_ulimit = NULL;
args->default_ulimit_len = 0;
diff --git a/src/daemon/config/isulad_config.c b/src/daemon/config/isulad_config.c
index 996917c4..d9644756 100644
--- a/src/daemon/config/isulad_config.c
+++ b/src/daemon/config/isulad_config.c
@@ -1496,6 +1496,7 @@ static int merge_cri_runtimes_into_global(struct service_arguments *args, isulad
return 0;
}
+#ifdef ENABLE_GRPC_REMOTE_CONNECT
static int merge_authorization_conf_into_global(struct service_arguments *args, isulad_daemon_configs *tmp_json_confs)
{
args->json_confs->tls = tmp_json_confs->tls;
@@ -1511,6 +1512,7 @@ static int merge_authorization_conf_into_global(struct service_arguments *args,
return 0;
}
+#endif
static int merge_storage_conf_into_global(struct service_arguments *args, isulad_daemon_configs *tmp_json_confs)
{
@@ -1651,10 +1653,12 @@ int merge_json_confs_into_global(struct service_arguments *args)
args->json_confs->insecure_skip_verify_enforce = tmp_json_confs->insecure_skip_verify_enforce;
}
+#ifdef ENABLE_GRPC_REMOTE_CONNECT
if (merge_authorization_conf_into_global(args, tmp_json_confs)) {
ret = -1;
goto out;
}
+#endif
if (merge_default_ulimits_conf_into_global(args, tmp_json_confs)) {
ret = -1;
diff --git a/src/daemon/entry/connect/grpc/grpc_server_tls_auth.cc b/src/daemon/entry/connect/grpc/grpc_server_tls_auth.cc
index 6e958e23..737bb129 100644
--- a/src/daemon/entry/connect/grpc/grpc_server_tls_auth.cc
+++ b/src/daemon/entry/connect/grpc/grpc_server_tls_auth.cc
@@ -17,6 +17,7 @@
#include <map>
#include <stdlib.h>
#include "http.h"
+#include "constants.h"
namespace AuthorizationPluginConfig {
std::string auth_plugin = "";
@@ -25,6 +26,7 @@ std::string auth_plugin = "";
namespace GrpcServerTlsAuth {
Status auth(ServerContext *context, std::string action)
{
+#ifdef ENABLE_GRPC_REMOTE_CONNECT
const std::multimap<grpc::string_ref, grpc::string_ref> &init_metadata = context->client_metadata();
auto tls_mode_kv = init_metadata.find("tls_mode");
if (tls_mode_kv == init_metadata.end()) {
@@ -36,7 +38,7 @@ Status auth(ServerContext *context, std::string action)
}
if (AuthorizationPluginConfig::auth_plugin.empty()) {
return Status::OK;
- } else if (AuthorizationPluginConfig::auth_plugin == "authz-broker") {
+ } else if (AuthorizationPluginConfig::auth_plugin == AUTH_PLUGIN) {
auto username_kv = init_metadata.find("username");
if (username_kv == init_metadata.end()) {
return Status(StatusCode::UNKNOWN, "unknown error");
@@ -55,6 +57,8 @@ Status auth(ServerContext *context, std::string action)
} else {
return Status(StatusCode::UNIMPLEMENTED, "authorization plugin invalid");
}
+#endif
+
return Status::OK;
}
} // namespace GrpcServerTlsAuth
diff --git a/src/daemon/entry/connect/grpc/grpc_service.cc b/src/daemon/entry/connect/grpc/grpc_service.cc
index ab3e32ab..050a43f8 100644
--- a/src/daemon/entry/connect/grpc/grpc_service.cc
+++ b/src/daemon/entry/connect/grpc/grpc_service.cc
@@ -54,13 +54,19 @@ public:
ERROR("Init runtime service failed: %s", err.GetCMessage());
return -1;
}
+
+ // hosts has been validate by util_validate_socket
auto hosts = std::vector<std::string>(args->hosts, args->hosts + args->hosts_len);
for (auto host : hosts) {
+#ifdef ENABLE_GRPC_REMOTE_CONNECT
if (host.find("tcp://") == 0) {
m_tcpPath.push_back(host.erase(0, std::string("tcp://").length()));
} else {
+#endif
m_socketPath.push_back(host);
+#ifdef ENABLE_GRPC_REMOTE_CONNECT
}
+#endif
}
if (ListeningPort(args, err)) {
@@ -109,6 +115,7 @@ public:
private:
int ListeningPort(const struct service_arguments *args, Errors &err)
{
+#ifdef ENABLE_GRPC_REMOTE_CONNECT
if (args->json_confs->tls) {
if (args->json_confs->authorization_plugin != nullptr) {
AuthorizationPluginConfig::auth_plugin = args->json_confs->authorization_plugin;
@@ -152,6 +159,8 @@ private:
INFO("Server listening on %s", address.c_str());
}
}
+#endif
+
// Listen on the given socket address without any authentication mechanism.
for (const auto &address : m_socketPath) {
m_builder.AddListeningPort(address, grpc::InsecureServerCredentials());
@@ -187,7 +196,9 @@ private:
RuntimeRuntimeServiceImpl m_runtimeRuntimeService;
RuntimeImageServiceImpl m_runtimeImageService;
ServerBuilder m_builder;
+#ifdef ENABLE_GRPC_REMOTE_CONNECT
std::vector<std::string> m_tcpPath;
+#endif
std::vector<std::string> m_socketPath;
std::unique_ptr<Server> m_server;
};
diff --git a/src/daemon/entry/cri/cri_container_manager_service_impl.cc b/src/daemon/entry/cri/cri_container_manager_service_impl.cc
index 5398c088..101824ae 100644
--- a/src/daemon/entry/cri/cri_container_manager_service_impl.cc
+++ b/src/daemon/entry/cri/cri_container_manager_service_impl.cc
@@ -1228,14 +1228,14 @@ void ContainerManagerServiceImpl::UpdateContainerResources(const std::string &co
}
if (resources.hugepage_limits_size() != 0) {
hostconfig->hugetlbs = (host_config_hugetlbs_element **)util_smart_calloc_s(
- sizeof(host_config_hugetlbs_element *), resources.hugepage_limits_size());
+ sizeof(host_config_hugetlbs_element *), resources.hugepage_limits_size());
if (hostconfig->hugetlbs == nullptr) {
error.SetError("Out of memory");
return;
}
- for (int i = 0; i < resources.hugepage_limits_size(); i++) {
+ for (int i = 0; i < resources.hugepage_limits_size(); i++) {
hostconfig->hugetlbs[i] =
- (host_config_hugetlbs_element *)util_common_calloc_s(sizeof(host_config_hugetlbs_element));
+ (host_config_hugetlbs_element *)util_common_calloc_s(sizeof(host_config_hugetlbs_element));
if (hostconfig->hugetlbs[i] == nullptr) {
error.SetError("Out of memory");
goto cleanup;
diff --git a/src/daemon/entry/cri/cri_helpers.cc b/src/daemon/entry/cri/cri_helpers.cc
index e588b6c4..e2d00bc7 100644
--- a/src/daemon/entry/cri/cri_helpers.cc
+++ b/src/daemon/entry/cri/cri_helpers.cc
@@ -457,7 +457,7 @@ void UpdateCreateConfig(container_config *createConfig, host_config *hc,
}
for (int i = 0; i < rOpts.hugepage_limits_size(); i++) {
hc->hugetlbs[i] =
- (host_config_hugetlbs_element *)util_common_calloc_s(sizeof(host_config_hugetlbs_element));
+ (host_config_hugetlbs_element *)util_common_calloc_s(sizeof(host_config_hugetlbs_element));
if (hc->hugetlbs[i] == nullptr) {
error.SetError("Out of memory");
return;
diff --git a/src/daemon/modules/image/oci/storage/image_store/image_store.c b/src/daemon/modules/image/oci/storage/image_store/image_store.c
index d436eba2..f6ddd03b 100644
--- a/src/daemon/modules/image/oci/storage/image_store/image_store.c
+++ b/src/daemon/modules/image/oci/storage/image_store/image_store.c
@@ -133,7 +133,7 @@ static void free_image_store(image_store_t *store)
(void)map_free(store->bydigest);
store->bydigest = NULL;
- linked_list_for_each_safe (item, &(store->images_list), next) {
+ linked_list_for_each_safe(item, &(store->images_list), next) {
linked_list_del(item);
image_ref_dec((image_t *)item->elem);
free(item);
@@ -165,7 +165,7 @@ static void image_store_digest_field_kvfree(void *key, void *value)
free(key);
if (val != NULL) {
- linked_list_for_each_safe (item, &(val->images_list), next) {
+ linked_list_for_each_safe(item, &(val->images_list), next) {
linked_list_del(item);
free(item);
item = NULL;
@@ -501,7 +501,7 @@ static void digest_image_slice_without_value(digest_image_t *digest_filter_image
return;
}
- linked_list_for_each_safe (item, &(digest_filter_images->images_list), next) {
+ linked_list_for_each_safe(item, &(digest_filter_images->images_list), next) {
tmp = (image_t *)item->elem;
if (strcmp(tmp->simage->id, img->simage->id) == 0) {
linked_list_del(item);
@@ -582,7 +582,7 @@ static int remove_image_from_memory(const char *id)
goto out;
}
- linked_list_for_each_safe (item, &(g_image_store->images_list), next) {
+ linked_list_for_each_safe(item, &(g_image_store->images_list), next) {
image_t *tmp = (image_t *)item->elem;
if (strcmp(tmp->simage->id, id) != 0) {
continue;
@@ -681,7 +681,7 @@ static void free_digest_image(digest_image_t *ptr)
return;
}
- linked_list_for_each_safe (item, &(ptr->images_list), next) {
+ linked_list_for_each_safe(item, &(ptr->images_list), next) {
linked_list_del(item);
free(item);
item = NULL;
@@ -2679,7 +2679,7 @@ int image_store_get_all_images(imagetool_images_list *images_list)
goto unlock;
}
- linked_list_for_each_safe (item, &(g_image_store->images_list), next) {
+ linked_list_for_each_safe(item, &(g_image_store->images_list), next) {
imagetool_image_summary *imginfo = NULL;
image_t *img = (image_t *)item->elem;
imginfo = get_image_summary(img);
@@ -3546,7 +3546,7 @@ static void image_store_check_all_images()
return;
}
- linked_list_for_each_safe (item, &(g_image_store->images_list), next) {
+ linked_list_for_each_safe(item, &(g_image_store->images_list), next) {
image_t *img = (image_t *)item->elem;
if (img->spec == NULL) {
ERROR("Failed to check spec info of image: %s, try to delete", img->simage->id);
diff --git a/src/daemon/modules/image/oci/storage/layer_store/layer_store.c b/src/daemon/modules/image/oci/storage/layer_store/layer_store.c
index 12fca5ff..6024d734 100644
--- a/src/daemon/modules/image/oci/storage/layer_store/layer_store.c
+++ b/src/daemon/modules/image/oci/storage/layer_store/layer_store.c
@@ -136,7 +136,7 @@ void layer_store_cleanup()
map_free(g_metadata.by_uncompress_digest);
g_metadata.by_uncompress_digest = NULL;
- linked_list_for_each_safe (item, &(g_metadata.layers_list), next) {
+ linked_list_for_each_safe(item, &(g_metadata.layers_list), next) {
linked_list_del(item);
layer_ref_dec((layer_t *)item->elem);
free(item);
@@ -167,7 +167,7 @@ static void free_digest_layer_t(digest_layer_t *ptr)
return;
}
- linked_list_for_each_safe (item, &(ptr->layer_list), next) {
+ linked_list_for_each_safe(item, &(ptr->layer_list), next) {
linked_list_del(item);
free(item->elem);
item->elem = NULL;
@@ -622,7 +622,7 @@ static int delete_digest_from_map(map_t *by_digest, const char *digest, const ch
return 0;
}
- linked_list_for_each_safe (item, &(old_list->layer_list), next) {
+ linked_list_for_each_safe(item, &(old_list->layer_list), next) {
char *t_id = (char *)item->elem;
if (strcmp(t_id, id) == 0) {
linked_list_del(item);
@@ -735,7 +735,7 @@ static int remove_memory_stores(const char *id)
}
}
- linked_list_for_each_safe (item, &(g_metadata.layers_list), next) {
+ linked_list_for_each_safe(item, &(g_metadata.layers_list), next) {
layer_t *tl = (layer_t *)item->elem;
if (strcmp(tl->slayer->id, id) != 0) {
continue;
@@ -1505,7 +1505,7 @@ int layer_store_list(struct layer_list *resp)
goto unlock;
}
- linked_list_for_each_safe (item, &(g_metadata.layers_list), next) {
+ linked_list_for_each_safe(item, &(g_metadata.layers_list), next) {
layer_t *l = (layer_t *)item->elem;
resp->layers[i] = util_common_calloc_s(sizeof(struct layer));
if (resp->layers[i] == NULL) {
@@ -1548,7 +1548,7 @@ static int layers_by_digest_map(map_t *m, const char *digest, struct layer_list
goto free_out;
}
- linked_list_for_each_safe (item, &(id_list->layer_list), next) {
+ linked_list_for_each_safe(item, &(id_list->layer_list), next) {
layer_t *l = NULL;
resp->layers[i] = util_common_calloc_s(sizeof(struct layer));
if (resp->layers[i] == NULL) {
@@ -1902,7 +1902,7 @@ static int load_layers_from_json_files()
goto unlock_out;
}
- linked_list_for_each_safe (item, &(g_metadata.layers_list), next) {
+ linked_list_for_each_safe(item, &(g_metadata.layers_list), next) {
layer_t *tl = (layer_t *)item->elem;
size_t i = 0;
diff --git a/src/daemon/modules/image/oci/storage/remote_layer_support/image_remote_impl.c b/src/daemon/modules/image/oci/storage/remote_layer_support/image_remote_impl.c
index 1ac0139f..92bf901d 100644
--- a/src/daemon/modules/image/oci/storage/remote_layer_support/image_remote_impl.c
+++ b/src/daemon/modules/image/oci/storage/remote_layer_support/image_remote_impl.c
@@ -184,7 +184,8 @@ static int remote_image_add(void *data)
return ret;
}
-void remote_image_refresh(struct remote_image_data *data) {
+void remote_image_refresh(struct remote_image_data *data)
+{
if (remote_dir_scan(data) != 0) {
ERROR("remote overlay failed to scan dir, skip refresh");
return;
diff --git a/src/utils/cutils/utils_verify.c b/src/utils/cutils/utils_verify.c
index ea43a40a..c2836ae3 100644
--- a/src/utils/cutils/utils_verify.c
+++ b/src/utils/cutils/utils_verify.c
@@ -121,6 +121,7 @@ int util_validate_absolute_path(const char *path)
return nret;
}
+#ifdef ENABLE_GRPC_REMOTE_CONNECT
static bool util_vaildate_tcp_socket(const char *socket)
{
if (socket == NULL) {
@@ -132,6 +133,7 @@ static bool util_vaildate_tcp_socket(const char *socket)
"|([1-5][0-9]{4})|([1-9][0-9]{0,3})|0))$",
socket) == 0;
}
+#endif
bool util_validate_unix_socket(const char *socket)
{
@@ -162,7 +164,11 @@ bool util_validate_unix_socket(const char *socket)
bool util_validate_socket(const char *socket)
{
+#ifdef ENABLE_GRPC_REMOTE_CONNECT
return util_validate_unix_socket(socket) || util_vaildate_tcp_socket(socket);
+#else
+ return util_validate_unix_socket(socket);
+#endif
}
bool util_valid_device_mode(const char *mode)
diff --git a/test/image/oci/storage/remote_layer_support/remote_layer_ut.cc b/test/image/oci/storage/remote_layer_support/remote_layer_ut.cc
index 5f5e92fb..13e535c5 100644
--- a/test/image/oci/storage/remote_layer_support/remote_layer_ut.cc
+++ b/test/image/oci/storage/remote_layer_support/remote_layer_ut.cc
@@ -74,7 +74,7 @@ void mockCommonAll(MockRemoteStore *mock)
TEST(remote_Layer_ut, test_map_diff)
{
- // old: a b x
+ // old: a b x
// new: x b c
map_t *old_one = map_new(MAP_STR_BOOL, MAP_DEFAULT_CMP_FUNC, MAP_DEFAULT_FREE_FUNC);
map_t *new_one = map_new(MAP_STR_BOOL, MAP_DEFAULT_CMP_FUNC, MAP_DEFAULT_FREE_FUNC);
--
2.25.1
Reference in New Issue View Git Blame Copy Permalink