packages/iSulad
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

!549 [sync] PR-547: upgrade from upstream

Browse Source 
Merge pull request !549 from openeuler-sync-bot/sync-pr547-openEuler-22.03-LTS-to-openEuler-22.03-LTS-Next
This commit is contained in:
haozi007 2023-03-09 03:08:11 +00:00 committed by Gitee
commit df0dae6811
No known key found for this signature in database
GPG Key ID: 173E9B9CA92EEF8F
8 changed files with 848 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

220
0020-fix-CRI-SetupPod-and-TearDownPod-deadlock.patch Normal file
View File

@ -0,0 +1,220 @@
From e3e5cf6d2a6858f9f83ee42f8ceeaaef4752ff1b Mon Sep 17 00:00:00 2001
From: zhangxiaoyu <zhangxiaoyu58@huawei.com>
Date: Thu, 2 Mar 2023 14:27:01 +0800
Subject: [PATCH 20/26] fix CRI SetupPod and TearDownPod deadlock
Signed-off-by: zhangxiaoyu <zhangxiaoyu58@huawei.com>
---
src/daemon/entry/cri/cni_network_plugin.cc | 44 +++++++++++++------
.../cri_pod_sandbox_manager_service_impl.cc | 2 +
src/daemon/entry/cri/network_plugin.cc | 39 +++++++++++-----
3 files changed, 61 insertions(+), 24 deletions(-)
diff --git a/src/daemon/entry/cri/cni_network_plugin.cc b/src/daemon/entry/cri/cni_network_plugin.cc
index 9b03bea1..02e75ffe 100644
--- a/src/daemon/entry/cri/cni_network_plugin.cc
+++ b/src/daemon/entry/cri/cni_network_plugin.cc
@@ -110,9 +110,12 @@ void CniNetworkPlugin::SetDefaultNetwork(std::unique_ptr<CNINetwork> network, st
if (network == nullptr) {
return;
}
- WLockNetworkMap(err);
- if (err.NotEmpty()) {
- ERROR("%s", err.GetCMessage());
+
+ Errors tmpErr;
+ WLockNetworkMap(tmpErr);
+ if (tmpErr.NotEmpty()) {
+ ERROR("%s", tmpErr.GetCMessage());
+ err.AppendError(tmpErr.GetCMessage());
return;
}
m_defaultNetwork = std::move(network);
@@ -120,9 +123,10 @@ void CniNetworkPlugin::SetDefaultNetwork(std::unique_ptr<CNINetwork> network, st
DEBUG("Update new cni network: \"%s\"", m_defaultNetwork->GetName().c_str());
- UnlockNetworkMap(err);
- if (err.NotEmpty()) {
- ERROR("%s", err.GetCMessage());
+ UnlockNetworkMap(tmpErr);
+ if (tmpErr.NotEmpty()) {
+ ERROR("%s", tmpErr.GetCMessage());
+ err.AppendError(tmpErr.GetCMessage());
}
}
@@ -132,8 +136,11 @@ void CniNetworkPlugin::UpdateMutlNetworks(std::vector<std::unique_ptr<CNINetwork
if (multNets.size() == 0) {
return;
}
- WLockNetworkMap(err);
- if (err.NotEmpty()) {
+
+ Errors tmpErr;
+ WLockNetworkMap(tmpErr);
+ if (tmpErr.NotEmpty()) {
+ err.AppendError(tmpErr.GetCMessage());
return;
}
@@ -143,7 +150,10 @@ void CniNetworkPlugin::UpdateMutlNetworks(std::vector<std::unique_ptr<CNINetwork
m_mutlNetworks[(*iter)->GetName()] = std::move(*iter);
}
- UnlockNetworkMap(err);
+ UnlockNetworkMap(tmpErr);
+ if (tmpErr.NotEmpty()) {
+ err.AppendError(tmpErr.GetCMessage());
+ }
}
CniNetworkPlugin::CniNetworkPlugin(std::vector<std::string> &binDirs, const std::string &confDir,
@@ -336,13 +346,20 @@ free_out:
void CniNetworkPlugin::CheckInitialized(Errors &err)
{
- RLockNetworkMap(err);
- if (err.NotEmpty()) {
- ERROR("%s", err.GetCMessage());
+ Errors tmpErr;
+ RLockNetworkMap(tmpErr);
+ if (tmpErr.NotEmpty()) {
+ ERROR("%s", tmpErr.GetCMessage());
+ err.AppendError(tmpErr.GetCMessage());
return;
}
bool inited = (m_defaultNetwork != nullptr);
- UnlockNetworkMap(err);
+
+ UnlockNetworkMap(tmpErr);
+ if (tmpErr.NotEmpty()) {
+ err.AppendError(tmpErr.GetCMessage());
+ }
+
if (!inited) {
err.AppendError("cni config uninitialized");
}
@@ -527,6 +544,7 @@ void CniNetworkPlugin::SetUpPod(const std::string &ns, const std::string &name,
}
}
+ err.Clear();
RLockNetworkMap(err);
if (err.NotEmpty()) {
ERROR("%s", err.GetCMessage());
diff --git a/src/daemon/entry/cri/cri_pod_sandbox_manager_service_impl.cc b/src/daemon/entry/cri/cri_pod_sandbox_manager_service_impl.cc
index 2ebd800e..7ff545db 100644
--- a/src/daemon/entry/cri/cri_pod_sandbox_manager_service_impl.cc
+++ b/src/daemon/entry/cri/cri_pod_sandbox_manager_service_impl.cc
@@ -642,6 +642,7 @@ auto PodSandboxManagerServiceImpl::GetRealSandboxIDToStop(const std::string &pod
if (status->linux().namespaces().has_options()) {
hostNetwork = (status->linux().namespaces().options().network() == runtime::v1alpha2::NamespaceMode::NODE);
}
+ // if metadata is invalid, don't return -1 and continue stopping pod
if (status->has_metadata()) {
name = status->metadata().name();
ns = status->metadata().namespace_();
@@ -779,6 +780,7 @@ auto PodSandboxManagerServiceImpl::ClearCniNetwork(const std::string &realSandbo
}
}
+ pluginErr.Clear();
m_pluginManager->TearDownPod(ns, name, Network::DEFAULT_NETWORK_INTERFACE_NAME, realSandboxID, stdAnnos,
pluginErr);
if (pluginErr.NotEmpty()) {
diff --git a/src/daemon/entry/cri/network_plugin.cc b/src/daemon/entry/cri/network_plugin.cc
index 7a957de3..9933b584 100644
--- a/src/daemon/entry/cri/network_plugin.cc
+++ b/src/daemon/entry/cri/network_plugin.cc
@@ -422,21 +422,27 @@ void PluginManager::GetPodNetworkStatus(const std::string &ns, const std::string
const std::string &interfaceName, const std::string &podSandboxID,
PodNetworkStatus &status, Errors &error)
{
+ Errors tmpErr;
std::string fullName = name + "_" + ns;
- Lock(fullName, error);
- if (error.NotEmpty()) {
+ Lock(fullName, tmpErr);
+ if (tmpErr.NotEmpty()) {
+ error.AppendError(tmpErr.GetCMessage());
return;
}
if (m_plugin != nullptr) {
- Errors tmpErr;
m_plugin->GetPodNetworkStatus(ns, name, interfaceName, podSandboxID, status, tmpErr);
if (tmpErr.NotEmpty()) {
error.Errorf("NetworkPlugin %s failed on the status hook for pod %s: %s", m_plugin->Name().c_str(),
fullName.c_str(), tmpErr.GetCMessage());
}
}
- Unlock(fullName, error);
+
+ tmpErr.Clear();
+ Unlock(fullName, tmpErr);
+ if (tmpErr.NotEmpty()) {
+ error.AppendError(tmpErr.GetCMessage());
+ }
}
void PluginManager::SetUpPod(const std::string &ns, const std::string &name, const std::string &interfaceName,
@@ -447,20 +453,26 @@ void PluginManager::SetUpPod(const std::string &ns, const std::string &name, con
return;
}
+ Errors tmpErr;
std::string fullName = name + "_" + ns;
- Lock(fullName, error);
- if (error.NotEmpty()) {
+ Lock(fullName, tmpErr);
+ if (tmpErr.NotEmpty()) {
+ error.AppendError(tmpErr.GetCMessage());
return;
}
INFO("Calling network plugin %s to set up pod %s", m_plugin->Name().c_str(), fullName.c_str());
- Errors tmpErr;
m_plugin->SetUpPod(ns, name, interfaceName, podSandboxID, annotations, options, tmpErr);
if (tmpErr.NotEmpty()) {
error.Errorf("NetworkPlugin %s failed to set up pod %s network: %s", m_plugin->Name().c_str(), fullName.c_str(),
tmpErr.GetCMessage());
}
- Unlock(fullName, error);
+
+ tmpErr.Clear();
+ Unlock(fullName, tmpErr);
+ if (tmpErr.NotEmpty()) {
+ error.AppendError(tmpErr.GetCMessage());
+ }
}
void PluginManager::TearDownPod(const std::string &ns, const std::string &name, const std::string &interfaceName,
@@ -469,8 +481,9 @@ void PluginManager::TearDownPod(const std::string &ns, const std::string &name,
{
Errors tmpErr;
std::string fullName = name + "_" + ns;
- Lock(fullName, error);
- if (error.NotEmpty()) {
+ Lock(fullName, tmpErr);
+ if (tmpErr.NotEmpty()) {
+ error.AppendError(tmpErr.GetCMessage());
return;
}
if (m_plugin == nullptr) {
@@ -484,7 +497,11 @@ void PluginManager::TearDownPod(const std::string &ns, const std::string &name,
fullName.c_str(), tmpErr.GetCMessage());
}
unlock:
- Unlock(fullName, error);
+ tmpErr.Clear();
+ Unlock(fullName, tmpErr);
+ if (tmpErr.NotEmpty()) {
+ error.AppendError(tmpErr.GetCMessage());
+ }
}
void NoopNetworkPlugin::Init(const std::string &hairpinMode, const std::string &nonMasqueradeCIDR, int mtu,
--
2.25.1

316
0021-support-pull-image-with-digest.patch Normal file
View File

@ -0,0 +1,316 @@
From ea3ffc300224b2fee31a5c9f761386cb830ce7bc Mon Sep 17 00:00:00 2001
From: haozi007 <liuhao27@huawei.com>
Date: Thu, 16 Feb 2023 18:22:02 +0800
Subject: [PATCH 21/26] support pull image with digest
usage: isula pull busybox@sha256:907ca53d7e2947e849b839b1cd258c98fd3916c60f2e6e70c30edbf741ab6754
Signed-off-by: haozi007 <liuhao27@huawei.com>
---
src/daemon/executor/container_cb/execution.c | 2 +-
src/daemon/executor/image_cb/image_cb.c | 8 ++++
src/daemon/modules/image/oci/oci_pull.c | 23 ++++++----
.../modules/image/oci/registry/registry.c | 2 +-
.../oci/storage/image_store/image_store.c | 7 +++
src/daemon/modules/image/oci/utils_images.c | 45 +++++++++++++++----
src/daemon/modules/image/oci/utils_images.h | 2 +
src/utils/cutils/utils_verify.c | 25 ++++++++---
src/utils/cutils/utils_verify.h | 3 ++
9 files changed, 92 insertions(+), 25 deletions(-)
diff --git a/src/daemon/executor/container_cb/execution.c b/src/daemon/executor/container_cb/execution.c
index 735c1bff..92c34b09 100644
--- a/src/daemon/executor/container_cb/execution.c
+++ b/src/daemon/executor/container_cb/execution.c
@@ -405,7 +405,7 @@ static int do_init_cpurt_cgroups_path(const char *path, int recursive_depth, con
return 0;
}
-// TODO: maybe we should adapt to cgroup v2
+// maybe we should adapt to cgroup v2
static int cpurt_controller_init(const char *id, const host_config *host_spec)
{
int ret = 0;
diff --git a/src/daemon/executor/image_cb/image_cb.c b/src/daemon/executor/image_cb/image_cb.c
index 5beda5f4..c087a679 100644
--- a/src/daemon/executor/image_cb/image_cb.c
+++ b/src/daemon/executor/image_cb/image_cb.c
@@ -556,6 +556,14 @@ static int trans_one_image(image_list_images_response *response, size_t image_in
out_image->name = util_strdup_s(im_image->repo_tags[repo_index]);
}
+ if (out_image->name == NULL && im_image->repo_digests != NULL && im_image->repo_digests_len > 0) {
+ // repo digest must valid, so just get lastest @
+ char *pod = strrchr(im_image->repo_digests[0], '@');
+ if (pod != NULL) {
+ out_image->name = util_sub_string(im_image->repo_digests[0], 0, (size_t)(pod - im_image->repo_digests[0]));
+ }
+ }
+
out_image->target = util_common_calloc_s(sizeof(image_descriptor));
if (out_image->target == NULL) {
ERROR("Out of memory");
diff --git a/src/daemon/modules/image/oci/oci_pull.c b/src/daemon/modules/image/oci/oci_pull.c
index d8c874a8..c39cab22 100644
--- a/src/daemon/modules/image/oci/oci_pull.c
+++ b/src/daemon/modules/image/oci/oci_pull.c
@@ -119,10 +119,19 @@ static int pull_image(const im_pull_request *request, char **name)
options->skip_tls_verify = oci_image_data->insecure_skip_verify_enforce;
insecure_registries = oci_image_data->insecure_registries;
+ // key of image which save in image-store
+ options->dest_image_name = oci_normalize_image_name(request->image);
+
+ // add default tag if required
+ with_tag = oci_default_tag(request->image);
+
host = oci_get_host(request->image);
if (host != NULL) {
- options->image_name = oci_default_tag(request->image);
- options->dest_image_name = oci_normalize_image_name(request->image);
+ // 1. image_name use for split host/tag/name
+ // 2. user for tag of log
+ options->image_name = with_tag;
+ with_tag = NULL;
+
update_option_insecure_registry(options, insecure_registries, host);
ret = registry_pull(options);
if (ret != 0) {
@@ -143,13 +152,12 @@ static int pull_image(const im_pull_request *request, char **name)
}
host = oci_host_from_mirror(*mirror);
update_option_insecure_registry(options, insecure_registries, host);
- with_tag = oci_default_tag(request->image);
+ // add current mirror to image name
+ free(options->image_name);
options->image_name = oci_add_host(host, with_tag);
- free(with_tag);
- with_tag = NULL;
free(host);
host = NULL;
- options->dest_image_name = oci_normalize_image_name(request->image);
+
ret = registry_pull(options);
if (ret != 0) {
continue;
@@ -161,10 +169,9 @@ static int pull_image(const im_pull_request *request, char **name)
*name = util_strdup_s(options->dest_image_name);
out:
+ free(with_tag);
free(host);
- host = NULL;
free_registry_pull_options(options);
- options = NULL;
return ret;
}
diff --git a/src/daemon/modules/image/oci/registry/registry.c b/src/daemon/modules/image/oci/registry/registry.c
index e3efbb7c..14e84f81 100644
--- a/src/daemon/modules/image/oci/registry/registry.c
+++ b/src/daemon/modules/image/oci/registry/registry.c
@@ -1855,7 +1855,7 @@ static int prepare_pull_desc(pull_descriptor *desc, registry_pull_options *optio
}
if (!util_valid_image_name(options->dest_image_name)) {
- ERROR("Invalid dest image name %s", options->image_name);
+ ERROR("Invalid dest image name %s", options->dest_image_name);
isulad_try_set_error_message("Invalid image name");
return -1;
}
diff --git a/src/daemon/modules/image/oci/storage/image_store/image_store.c b/src/daemon/modules/image/oci/storage/image_store/image_store.c
index 9dab66fd..7e1a5373 100644
--- a/src/daemon/modules/image/oci/storage/image_store/image_store.c
+++ b/src/daemon/modules/image/oci/storage/image_store/image_store.c
@@ -1980,6 +1980,7 @@ static int resort_image_names(const char **names, size_t names_len, char **first
MAX_IMAGE_NAME_LENGTH - MAX_IMAGE_DIGEST_LENGTH);
}
+ // maybe should support other digest
if (prefix != NULL && strcmp(prefix, DIGEST_PREFIX) == 0) {
if (util_array_append(image_digests, names[i]) != 0) {
ERROR("Failed to append image to digest: %s", names[i]);
@@ -2173,6 +2174,7 @@ static int get_image_repo_digests(char ***old_repo_digests, char **image_tags, i
goto out;
}
+ // get repo digest from images which with tag
if (pack_repo_digest(old_repo_digests, (const char **)image_tags, digest, repo_digests) != 0) {
ERROR("Failed to pack repo digest");
ret = -1;
@@ -2195,12 +2197,17 @@ static int pack_image_tags_and_repo_digest(image_t *img, imagetool_image *info)
char *image_digest = NULL;
char **repo_digests = NULL;
+ // get names from image-store names:
+ // 1. image names with tag;
+ // 2. image names with digests;
+ // 3. get first image name, current unused;
if (resort_image_names((const char **)img->simage->names, img->simage->names_len, &name, &tags, &digests) != 0) {
ERROR("Failed to resort image names");
ret = -1;
goto out;
}
+ // update repo digests from tags
if (get_image_repo_digests(&digests, tags, img, &image_digest, &repo_digests) != 0) {
ERROR("Failed to get image repo digests");
ret = -1;
diff --git a/src/daemon/modules/image/oci/utils_images.c b/src/daemon/modules/image/oci/utils_images.c
index 80a25502..794f0d16 100644
--- a/src/daemon/modules/image/oci/utils_images.c
+++ b/src/daemon/modules/image/oci/utils_images.c
@@ -42,6 +42,26 @@
// nanos of 2038-01-19T03:14:07, the max valid linux time
#define MAX_NANOS 2147483647000000000
+char *oci_image_digest_pos(const char *name)
+{
+ char *pos = NULL;
+
+ if (name == NULL) {
+ return NULL;
+ }
+
+ pos = strrchr(name, '@');
+ if (pos == NULL) {
+ return NULL;
+ }
+
+ if (util_reg_match(__DIGESTPattern, pos) != 0) {
+ return NULL;
+ }
+
+ return pos;
+}
+
char *get_last_part(char **parts)
{
char *last_part = NULL;
@@ -98,6 +118,7 @@ char *oci_default_tag(const char *name)
}
last_part = get_last_part(parts);
+ // will pass image name with digest and with tag
if (last_part != NULL && strrchr(last_part, ':') == NULL) {
add_default_tag = DEFAULT_TAG;
}
@@ -181,9 +202,9 @@ char *oci_normalize_image_name(const char *name)
return result;
}
-int oci_split_image_name(const char *image_name, char **host, char **name, char **tag)
+int oci_split_image_name(const char *image_name, char **host, char **name, char **tag_digest)
{
- char *tag_pos = NULL;
+ char *tag_digest_pos = NULL;
char *name_pos = NULL;
char *tmp_image_name = NULL;
@@ -193,18 +214,24 @@ int oci_split_image_name(const char *image_name, char **host, char **name, char
}
tmp_image_name = util_strdup_s(image_name);
- tag_pos = util_tag_pos(tmp_image_name);
- if (tag_pos != NULL) {
- *tag_pos = 0;
- tag_pos++;
- if (tag != NULL) {
- *tag = util_strdup_s(tag_pos);
+
+ // check digest first
+ tag_digest_pos = oci_image_digest_pos(tmp_image_name);
+ if (tag_digest_pos == NULL) {
+ tag_digest_pos = util_tag_pos(tmp_image_name);
+ }
+
+ if (tag_digest_pos != NULL) {
+ *tag_digest_pos = '\0';
+ tag_digest_pos++;
+ if (tag_digest != NULL) {
+ *tag_digest = util_strdup_s(tag_digest_pos);
}
}
name_pos = strchr(tmp_image_name, '/');
if (name_pos != NULL) {
- *name_pos = 0;
+ *name_pos = '\0';
name_pos++;
if (name != NULL) {
*name = util_strdup_s(name_pos);
diff --git a/src/daemon/modules/image/oci/utils_images.h b/src/daemon/modules/image/oci/utils_images.h
index 2fa8b29d..53bce4e0 100644
--- a/src/daemon/modules/image/oci/utils_images.h
+++ b/src/daemon/modules/image/oci/utils_images.h
@@ -56,6 +56,8 @@ char *oci_get_isulad_tmpdir(const char *root_dir);
int makesure_isulad_tmpdir_perm_right(const char *root_dir);
char *get_hostname_to_strip();
+char *oci_image_digest_pos(const char *name);
+
#ifdef __cplusplus
}
#endif
diff --git a/src/utils/cutils/utils_verify.c b/src/utils/cutils/utils_verify.c
index 713e72c3..ea43a40a 100644
--- a/src/utils/cutils/utils_verify.c
+++ b/src/utils/cutils/utils_verify.c
@@ -359,7 +359,7 @@ cleanup:
bool util_valid_image_name(const char *name)
{
char *copy = NULL;
- char *tag_pos = NULL;
+ char *check_pos = NULL;
bool bret = false;
if (name == NULL) {
@@ -372,13 +372,26 @@ bool util_valid_image_name(const char *name)
}
copy = util_strdup_s(name);
- tag_pos = util_tag_pos(copy);
- if (tag_pos != NULL) {
- if (util_reg_match(__TagPattern, tag_pos)) {
+
+ // 1. first, check digest or not
+ check_pos = strrchr(copy, '@');
+ if (check_pos != NULL) {
+ // image name with digest
+ if (util_reg_match(__DIGESTPattern, check_pos)) {
goto cleanup;
}
-
- *tag_pos = '\0';
+ *check_pos = '\0';
+ } else {
+ // image name without digest
+ // 2. check tag or not
+ check_pos = util_tag_pos(copy);
+ if (check_pos != NULL) {
+ if (util_reg_match(__TagPattern, check_pos)) {
+ goto cleanup;
+ }
+
+ *check_pos = '\0';
+ }
}
if (util_reg_match(__NamePattern, copy)) {
diff --git a/src/utils/cutils/utils_verify.h b/src/utils/cutils/utils_verify.h
index 87976299..7d954475 100644
--- a/src/utils/cutils/utils_verify.h
+++ b/src/utils/cutils/utils_verify.h
@@ -33,6 +33,9 @@ extern "C" {
"^(([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9-]*[a-zA-Z0-9])" \
"((\\.([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9-]*[a-zA-Z0-9]))+)?(:[0-9]+)?/)?[a-z0-9]" \
"+((([._]|__|[-]*)[a-z0-9]+)+)?((/[a-z0-9]+((([._]|__|[-]*)[a-z0-9]+)+)?)+)?$"
+
+#define __DIGESTPattern "@[a-z0-9]+:[a-z0-9]{32,}"
+
#define VALID_VOLUME_NAME "[a-zA-Z0-9][a-zA-Z0-9_.-]{1,63}"
extern const char *g_all_caps[];
--
2.25.1

186
0022-isulad-shim-support-execSync-with-timeout.patch Normal file
View File

@ -0,0 +1,186 @@
From 7d5be830bfae9f9908b3b7b323975b65fc7dd856 Mon Sep 17 00:00:00 2001
From: zhongtao <zhongtao17@huawei.com>
Date: Mon, 13 Feb 2023 15:36:58 +0800
Subject: [PATCH 22/26] isulad-shim support execSync with timeout
Signed-off-by: zhongtao <zhongtao17@huawei.com>
---
.../executor/container_cb/execution_stream.c | 2 +-
.../modules/runtime/isula/isula_rt_ops.c | 37 +++++++++++++++---
src/utils/cutils/utils.c | 39 +++++++++++++++++++
src/utils/cutils/utils.h | 5 +++
4 files changed, 77 insertions(+), 6 deletions(-)
diff --git a/src/daemon/executor/container_cb/execution_stream.c b/src/daemon/executor/container_cb/execution_stream.c
index fde0335e..1a7353b5 100644
--- a/src/daemon/executor/container_cb/execution_stream.c
+++ b/src/daemon/executor/container_cb/execution_stream.c
@@ -161,7 +161,7 @@ static int container_exec_cb(const container_exec_request *request, container_ex
if (exec_container(cont, request, *response, stdinfd, stdout_handler, stderr_handler) != 0) {
ret = -1;
- goto out;
+ goto pack_err_response;
}
goto out;
diff --git a/src/daemon/modules/runtime/isula/isula_rt_ops.c b/src/daemon/modules/runtime/isula/isula_rt_ops.c
index e80aa9a4..51a72c4f 100644
--- a/src/daemon/modules/runtime/isula/isula_rt_ops.c
+++ b/src/daemon/modules/runtime/isula/isula_rt_ops.c
@@ -205,6 +205,10 @@ static void show_shim_runtime_errlog(const char *workdir)
char buf1[SHIM_LOG_SIZE] = { 0 };
char buf2[SHIM_LOG_SIZE] = { 0 };
+ if (g_isulad_errmsg != NULL) {
+ return;
+ }
+
get_err_message(buf1, sizeof(buf1), workdir, "shim-log.json");
get_err_message(buf2, sizeof(buf2), workdir, "log.json");
ERROR("shim-log: %s", buf1);
@@ -678,8 +682,29 @@ static int status_to_exit_code(int status)
return exit_code;
}
+static int try_wait_pid(pid_t pid)
+{
+ if (waitpid(pid, NULL, WNOHANG) == pid) {
+ return 0;
+ }
+
+ return 1;
+}
+
+static void kill_and_show_err(pid_t pid)
+{
+ int nret = 0;
+ kill(pid, SIGKILL);
+ // wait atmost 0.5 seconds
+ DO_RETRY_CALL(5, 100000, nret, try_wait_pid, pid);
+ if (nret != 0) {
+ WARN("Fail to wait isulad-shim");
+ }
+ isulad_set_error_message("Exec container error;exec timeout");
+}
+
static int shim_create(bool fg, const char *id, const char *workdir, const char *bundle, const char *runtime_cmd,
- int *exit_code)
+ int *exit_code, const int64_t timeout)
{
pid_t pid = 0;
int exec_fd[2] = { -1, -1 };
@@ -770,7 +795,7 @@ realexec:
goto out;
}
- status = util_wait_for_pid_status(pid);
+ status = util_waitpid_with_timeout(pid, timeout, kill_and_show_err);
if (status < 0) {
ERROR("failed wait shim-parent %d exit %s", pid, strerror(errno));
ret = -1;
@@ -784,7 +809,9 @@ realexec:
out:
if (ret != 0) {
show_shim_runtime_errlog(workdir);
- kill(pid, SIGKILL); /* can kill other process? */
+ if (timeout <= 0) {
+ kill(pid, SIGKILL); /* can kill other process? */
+ }
}
return ret;
@@ -893,7 +920,7 @@ int rt_isula_create(const char *id, const char *runtime, const rt_create_params_
}
get_runtime_cmd(runtime, &cmd);
- ret = shim_create(false, id, workdir, params->bundle, cmd, NULL);
+ ret = shim_create(false, id, workdir, params->bundle, cmd, NULL, -1);
if (ret != 0) {
runtime_call_delete_force(workdir, runtime, id);
ERROR("%s: failed create shim process", id);
@@ -1165,7 +1192,7 @@ int rt_isula_exec(const char *id, const char *runtime, const rt_exec_params_t *p
}
get_runtime_cmd(runtime, &cmd);
- ret = shim_create(fg_exec(params), id, workdir, bundle, cmd, exit_code);
+ ret = shim_create(fg_exec(params), id, workdir, bundle, cmd, exit_code, params->timeout);
if (ret != 0) {
ERROR("%s: failed create shim process for exec %s", id, exec_id);
goto errlog_out;
diff --git a/src/utils/cutils/utils.c b/src/utils/cutils/utils.c
index 2c3709ad..9173cd14 100644
--- a/src/utils/cutils/utils.c
+++ b/src/utils/cutils/utils.c
@@ -313,6 +313,45 @@ rep:
return 0;
}
+/*
+ * If timeout <= 0, blocking wait pid.
+ * If timeout > 0, non-blocking wait pid with timeout.
+ * When waitpid timeout, calling handle_timeout_callback_t.
+ */
+int util_waitpid_with_timeout(pid_t pid, const int64_t timeout, handle_timeout_callback_t cb)
+{
+ int nret = 0;
+ time_t start_time = time(NULL);
+ time_t end_time;
+ double interval;
+
+ if (timeout <= 0) {
+ return util_wait_for_pid_status(pid);
+ }
+
+ for (;;) {
+ nret = waitpid(pid, NULL, WNOHANG);
+ if (nret == pid) {
+ break;
+ }
+ if (nret == -1 && errno != EINTR) {
+ return -1;
+ }
+ end_time = time(NULL);
+ interval = difftime(end_time, start_time);
+ if (nret == 0 && interval >= timeout) {
+ INFO("Wait %d timeout", pid);
+ if (cb != NULL) {
+ cb(pid);
+ }
+ return -1;
+ }
+ // sleep some time instead to avoid cpu full running and then retry.
+ sleep(0.1);
+ }
+ return 0;
+}
+
int util_wait_for_pid_status(pid_t pid)
{
int st;
diff --git a/src/utils/cutils/utils.h b/src/utils/cutils/utils.h
index fec6d879..d14d048e 100644
--- a/src/utils/cutils/utils.h
+++ b/src/utils/cutils/utils.h
@@ -301,6 +301,9 @@ typedef struct _proc_t {
processor; /* current (or most recent?) CPU */
} proc_t;
+// handle waitpid timeout.
+typedef void(*handle_timeout_callback_t)(pid_t pid);
+
struct signame {
int num;
const char *name;
@@ -328,6 +331,8 @@ char *util_strdup_s(const char *src);
int util_wait_for_pid(pid_t pid);
+int util_waitpid_with_timeout(pid_t pid, const int64_t timeout, handle_timeout_callback_t cb);
+
void util_contain_errmsg(const char *errmsg, int *exit_code);
char *util_short_digest(const char *digest);
--
2.25.1

26
0023-change-sleep-to-usleep-to-avoid-lossing-of-accuracy.patch Normal file
View File

@ -0,0 +1,26 @@
From e9bd090e5d6755eacaa1f8710c32386aba5190f2 Mon Sep 17 00:00:00 2001
From: zhongtao <zhongtao17@huawei.com>
Date: Mon, 6 Mar 2023 09:54:44 +0800
Subject: [PATCH 23/26] change sleep() to usleep() to avoid lossing of accuracy
Signed-off-by: zhongtao <zhongtao17@huawei.com>
---
src/utils/cutils/utils.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/utils/cutils/utils.c b/src/utils/cutils/utils.c
index 9173cd14..64d7e9f9 100644
--- a/src/utils/cutils/utils.c
+++ b/src/utils/cutils/utils.c
@@ -347,7 +347,7 @@ int util_waitpid_with_timeout(pid_t pid, const int64_t timeout, handle_timeout_c
return -1;
}
// sleep some time instead to avoid cpu full running and then retry.
- sleep(0.1);
+ usleep(0.1);
}
return 0;
}
--
2.25.1

33
0024-adapt-to-repo-of-openeuler-url-changed.patch Normal file
View File

@ -0,0 +1,33 @@
From 7a2f218550735403319a0bea6c47a0c334838a12 Mon Sep 17 00:00:00 2001
From: haozi007 <liuhao27@huawei.com>
Date: Mon, 6 Mar 2023 14:38:58 +0800
Subject: [PATCH 24/26] adapt to repo of openeuler url changed
Signed-off-by: haozi007 <liuhao27@huawei.com>
---
CI/pr-gateway.sh | 8 ++++++++
1 file changed, 8 insertions(+)
diff --git a/CI/pr-gateway.sh b/CI/pr-gateway.sh
index 604ec6cb..93b07c44 100755
--- a/CI/pr-gateway.sh
+++ b/CI/pr-gateway.sh
@@ -18,7 +18,15 @@ if [ $# -eq 1 ]; then
tbranch=$1
fi
+sed -i "s#http://repo.openeuler.org#https://repo.huaweicloud.com/openeuler#g" /etc/yum.repos.d/openEuler.repo
+
+dnf update -y
+
dnf install -y gtest-devel gmock-devel diffutils cmake gcc-c++ yajl-devel patch make libtool libevent-devel libevhtp-devel grpc grpc-plugins grpc-devel protobuf-devel libcurl libcurl-devel sqlite-devel libarchive-devel device-mapper-devel http-parser-devel libseccomp-devel libcap-devel libselinux-devel libwebsockets libwebsockets-devel systemd-devel git chrpath
+if [ $? -ne 0 ]; then
+ echo "install dependences failed"
+ exit 1
+fi
# dnf install -y cargo rust rust-packaging
--
2.25.1

26
0025-modify-sleep-time.patch Normal file
View File

@ -0,0 +1,26 @@
From c2bf76c3b6af0d88d84a76cd5680caf0aa22e321 Mon Sep 17 00:00:00 2001
From: zhongtao <zhongtao17@huawei.com>
Date: Mon, 6 Mar 2023 15:34:05 +0800
Subject: [PATCH 25/26] modify sleep time
Signed-off-by: zhongtao <zhongtao17@huawei.com>
---
src/utils/cutils/utils.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/utils/cutils/utils.c b/src/utils/cutils/utils.c
index 64d7e9f9..7f36d019 100644
--- a/src/utils/cutils/utils.c
+++ b/src/utils/cutils/utils.c
@@ -347,7 +347,7 @@ int util_waitpid_with_timeout(pid_t pid, const int64_t timeout, handle_timeout_c
return -1;
}
// sleep some time instead to avoid cpu full running and then retry.
- usleep(0.1);
+ usleep(100);
}
return 0;
}
--
2.25.1

27
0026-change-goto-branch.patch Normal file
View File

@ -0,0 +1,27 @@
From e0c800749961cf9f97b6a767ea3f7628a568a33d Mon Sep 17 00:00:00 2001
From: zhongtao <zhongtao17@huawei.com>
Date: Mon, 6 Mar 2023 17:22:16 +0800
Subject: [PATCH 26/26] change goto branch
Signed-off-by: zhongtao <zhongtao17@huawei.com>
---
src/daemon/executor/container_cb/execution_stream.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/src/daemon/executor/container_cb/execution_stream.c b/src/daemon/executor/container_cb/execution_stream.c
index 1a7353b5..7e928cf7 100644
--- a/src/daemon/executor/container_cb/execution_stream.c
+++ b/src/daemon/executor/container_cb/execution_stream.c
@@ -161,7 +161,8 @@ static int container_exec_cb(const container_exec_request *request, container_ex
if (exec_container(cont, request, *response, stdinfd, stdout_handler, stderr_handler) != 0) {
ret = -1;
- goto pack_err_response;
+ // pack err response in exec_container, there is no need to pack here.
+ goto out;
}
goto out;
--
2.25.1

15
iSulad.spec
View File

@ -1,5 +1,5 @@
%global _version 2.0.18
%global _release 3
%global _release 4
%global is_systemd 1
%global enable_shimv2 1
%global is_embedded 1
@ -32,6 +32,13 @@ Patch0016: 0016-fix-code-style.patch
Patch0017: 0017-add-retry-for-read-write.patch
Patch0018: 0018-add-crictl-timeout-and-sync-for-CI.patch
Patch0019: 0019-unlock-m_podsLock-if-new-failed.patch
Patch0020: 0020-fix-CRI-SetupPod-and-TearDownPod-deadlock.patch
Patch0021: 0021-support-pull-image-with-digest.patch
Patch0022: 0022-isulad-shim-support-execSync-with-timeout.patch
Patch0023: 0023-change-sleep-to-usleep-to-avoid-lossing-of-accuracy.patch
Patch0024: 0024-adapt-to-repo-of-openeuler-url-changed.patch
Patch0025: 0025-modify-sleep-time.patch
Patch0026: 0026-change-goto-branch.patch
%ifarch x86_64 aarch64
Provides: libhttpclient.so()(64bit)
@ -276,6 +283,12 @@ fi
%endif
%changelog
* Wed Mar 09 2023 zhangxiaoyu <zhangxiaoyu58@huawei.com> - 2.0.18-4
- Type: bugfix
- ID: NA
- SUG: NA
- DESC: upgrade from upstream
* Wed Feb 22 2023 zhangxiaoyu <zhangxiaoyu58@huawei.com> - 2.0.18-3
- Type: bugfix
- ID: NA