From 9eb77281c4fe1c1f252a0df67ca2c1fee8867b80 Mon Sep 17 00:00:00 2001 From: Fabricio Voznika Date: Thu, 3 Dec 2020 16:53:22 -0800 Subject: [PATCH] Update containerd to 1.3.9 PiperOrigin-RevId: 345564927 --- .buildkite/pipeline.yaml | 4 +-- Makefile | 4 +-- WORKSPACE | 4 +-- go.mod | 2 +- go.sum | 4 +-- pkg/shim/v2/service.go | 65 ++++++++++++++++++++++++++++++---------- 6 files changed, 58 insertions(+), 25 deletions(-) diff --git a/.buildkite/pipeline.yaml b/.buildkite/pipeline.yaml index a46e9a851..04fccdf67 100644 --- a/.buildkite/pipeline.yaml +++ b/.buildkite/pipeline.yaml @@ -57,8 +57,8 @@ steps: label: ":person_in_lotus_position: KVM tests" command: make kvm-tests - <<: *common - label: ":docker: Containerd 1.3.4 tests" - command: make containerd-test-1.3.4 + label: ":docker: Containerd 1.3.9 tests" + command: make containerd-test-1.3.9 - <<: *common label: ":docker: Containerd 1.4.1 tests" command: make containerd-test-1.4.1 diff --git a/Makefile b/Makefile index 3f4c534ff..b4ca17c9d 100644 --- a/Makefile +++ b/Makefile @@ -151,7 +151,7 @@ tests: unit-tests syscall-tests integration-tests: ## Run all standard integration tests. integration-tests: docker-tests overlay-tests hostnet-tests swgso-tests -integration-tests: do-tests kvm-tests containerd-test-1.3.4 +integration-tests: do-tests kvm-tests containerd-test-1.3.9 .PHONY: integration-tests network-tests: ## Run all networking integration tests. @@ -261,7 +261,7 @@ containerd-test-%: load-basic_alpine load-basic_python load-basic_busybox load-b # actually drive the tests. The v1 API is tested exclusively through 1.2.13. containerd-tests: ## Runs all supported containerd version tests. containerd-tests: containerd-test-1.2.13 -containerd-tests: containerd-test-1.3.4 +containerd-tests: containerd-test-1.3.9 containerd-tests: containerd-test-1.4.0-beta.0 ## diff --git a/WORKSPACE b/WORKSPACE index 2405bfd80..91689bbd6 100644 --- a/WORKSPACE +++ b/WORKSPACE @@ -193,8 +193,8 @@ go_repository( name = "com_github_containerd_containerd", build_file_proto_mode = "disable", importpath = "github.com/containerd/containerd", - sum = "h1:3o0smo5SKY7H6AJCmJhsnCjR2/V2T8VmiHt7seN2/kI=", - version = "v1.3.4", + sum = "h1:K2U/F4jGAMBqeUssfgJRbFuomLcS2Fxo1vR3UM/Mbh8=", + version = "v1.3.9", ) go_repository( diff --git a/go.mod b/go.mod index 144543169..0972ff1aa 100644 --- a/go.mod +++ b/go.mod @@ -11,7 +11,7 @@ require ( github.com/cenkalti/backoff v1.1.1-0.20190506075156-2146c9339422 // indirect github.com/cilium/ebpf v0.0.0-20200110133405-4032b1d8aae3 // indirect github.com/containerd/cgroups v0.0.0-20181219155423-39b18af02c41 // indirect - github.com/containerd/containerd v1.3.4 // indirect + github.com/containerd/containerd v1.3.9 // indirect github.com/containerd/continuity v0.0.0-20200928162600-f2cc35102c2a // indirect github.com/containerd/fifo v0.0.0-20191213151349-ff969a566b00 // indirect github.com/containerd/go-runc v0.0.0-20200220073739-7016d3ce2328 // indirect diff --git a/go.sum b/go.sum index 060d5596a..e5adf4321 100644 --- a/go.sum +++ b/go.sum @@ -54,9 +54,7 @@ github.com/containerd/cgroups v0.0.0-20200531161412-0dbf7f05ba59/go.mod h1:pA0z1 github.com/containerd/console v0.0.0-20180822173158-c12b1e7919c1/go.mod h1:Tj/on1eG8kiEhd0+fhSDzsPAFESxzBBvdyEgyryXffw= github.com/containerd/console v0.0.0-20191206165004-02ecf6a7291e h1:GdiIYd8ZDOrT++e1NjhSD4rGt9zaJukHm4rt5F4mRQc= github.com/containerd/console v0.0.0-20191206165004-02ecf6a7291e/go.mod h1:8Pf4gM6VEbTNRIT26AyyU7hxdQU3MvAvxVI0sc00XBE= -github.com/containerd/containerd v1.3.2/go.mod h1:bC6axHOhabU15QhwfG7w5PipXdVtMXFTttgp+kVtyUA= -github.com/containerd/containerd v1.3.4 h1:3o0smo5SKY7H6AJCmJhsnCjR2/V2T8VmiHt7seN2/kI= -github.com/containerd/containerd v1.3.4/go.mod h1:bC6axHOhabU15QhwfG7w5PipXdVtMXFTttgp+kVtyUA= +github.com/containerd/containerd v1.3.9/go.mod h1:bC6axHOhabU15QhwfG7w5PipXdVtMXFTttgp+kVtyUA= github.com/containerd/continuity v0.0.0-20190426062206-aaeac12a7ffc/go.mod h1:GL3xCUCBDV3CZiTSEKksMWbLE66hEyuu9qyDOOqM47Y= github.com/containerd/continuity v0.0.0-20200928162600-f2cc35102c2a h1:jEIoR0aA5GogXZ8pP3DUzE+zrhaF6/1rYZy+7KkYEWM= github.com/containerd/continuity v0.0.0-20200928162600-f2cc35102c2a/go.mod h1:W0qIOTD7mp2He++YVq+kgfXezRYqzP1uDuMVH1bITDY= diff --git a/pkg/shim/v2/service.go b/pkg/shim/v2/service.go index 2e39d2c4a..cba403cae 100644 --- a/pkg/shim/v2/service.go +++ b/pkg/shim/v2/service.go @@ -67,9 +67,15 @@ var ( var _ = (taskAPI.TaskService)(&service{}) -// configFile is the default config file name. For containerd 1.2, -// we assume that a config.toml should exist in the runtime root. -const configFile = "config.toml" +const ( + // configFile is the default config file name. For containerd 1.2, + // we assume that a config.toml should exist in the runtime root. + configFile = "config.toml" + + // shimAddressPath is the relative path to a file that contains the address + // to the shim UDS. See service.shimAddress. + shimAddressPath = "address" +) // New returns a new shim service that can be used via GRPC. func New(ctx context.Context, id string, publisher shim.Publisher, cancel func()) (shim.Shim, error) { @@ -101,6 +107,11 @@ func New(ctx context.Context, id string, publisher shim.Publisher, cancel func() return nil, fmt.Errorf("failed to initialized platform behavior: %w", err) } go s.forward(ctx, publisher) + + if address, err := shim.ReadAddress(shimAddressPath); err == nil { + s.shimAddress = address + } + return s, nil } @@ -152,6 +163,9 @@ type service struct { // cancel is a function that needs to be called before the shim stops. The // function is provided by the caller to New(). cancel func() + + // shimAddress is the location of the UDS used to communicate to containerd. + shimAddress string } func (s *service) newCommand(ctx context.Context, containerdBinary, containerdAddress string) (*exec.Cmd, error) { @@ -191,38 +205,58 @@ func (s *service) StartShim(ctx context.Context, id, containerdBinary, container if err != nil { return "", err } - address, err := shim.SocketAddress(ctx, id) + address, err := shim.SocketAddress(ctx, containerdAddress, id) if err != nil { return "", err } socket, err := shim.NewSocket(address) if err != nil { - return "", err + // The only time where this would happen is if there is a bug and the socket + // was not cleaned up in the cleanup method of the shim or we are using the + // grouping functionality where the new process should be run with the same + // shim as an existing container. + if !shim.SocketEaddrinuse(err) { + return "", fmt.Errorf("create new shim socket: %w", err) + } + if shim.CanConnect(address) { + if err := shim.WriteAddress(shimAddressPath, address); err != nil { + return "", fmt.Errorf("write existing socket for shim: %w", err) + } + return address, nil + } + if err := shim.RemoveSocket(address); err != nil { + return "", fmt.Errorf("remove pre-existing socket: %w", err) + } + if socket, err = shim.NewSocket(address); err != nil { + return "", fmt.Errorf("try create new shim socket 2x: %w", err) + } } - defer socket.Close() + cu := cleanup.Make(func() { + socket.Close() + _ = shim.RemoveSocket(address) + }) + defer cu.Clean() + f, err := socket.File() if err != nil { return "", err } - defer f.Close() cmd.ExtraFiles = append(cmd.ExtraFiles, f) log.L.Debugf("Executing: %q %s", cmd.Path, cmd.Args) if err := cmd.Start(); err != nil { + f.Close() return "", err } - cu := cleanup.Make(func() { - cmd.Process.Kill() - }) - defer cu.Clean() + cu.Add(func() { cmd.Process.Kill() }) // make sure to wait after start go cmd.Wait() if err := shim.WritePidFile("shim.pid", cmd.Process.Pid); err != nil { return "", err } - if err := shim.WriteAddress("address", address); err != nil { + if err := shim.WriteAddress(shimAddressPath, address); err != nil { return "", err } if err := shim.SetScore(cmd.Process.Pid); err != nil { @@ -675,8 +709,11 @@ func (s *service) Connect(ctx context.Context, r *taskAPI.ConnectRequest) (*task func (s *service) Shutdown(ctx context.Context, r *taskAPI.ShutdownRequest) (*types.Empty, error) { log.L.Debugf("Shutdown, id: %s", r.ID) s.cancel() + if s.shimAddress != "" { + _ = shim.RemoveSocket(s.shimAddress) + } os.Exit(0) - return empty, nil + panic("Should not get here") } func (s *service) Stats(ctx context.Context, r *taskAPI.StatsRequest) (*taskAPI.StatsResponse, error) { @@ -843,9 +880,7 @@ func (s *service) getContainerPids(ctx context.Context, id string) ([]uint32, er func (s *service) forward(ctx context.Context, publisher shim.Publisher) { for e := range s.events { - ctx, cancel := context.WithTimeout(ctx, 5*time.Second) err := publisher.Publish(ctx, getTopic(e), e) - cancel() if err != nil { // Should not happen. panic(fmt.Errorf("post event: %w", err))