From 615eecf8ac2a49385e346631e97850830360b8cf Mon Sep 17 00:00:00 2001 From: Andrew Hsu Date: Thu, 6 Dec 2018 04:28:35 +0000 Subject: [PATCH 1/3] update containerd to v1.2.1 Signed-off-by: Andrew Hsu Signed-off-by: Sebastiaan van Stijn --- vendor.conf | 6 ++-- .../containerd/containerd/oci/spec.go | 2 +- .../runtime/v1/linux/proc/deleted_state.go | 4 +++ .../containerd/runtime/v1/linux/proc/exec.go | 6 ++-- .../runtime/v1/linux/proc/exec_state.go | 17 +++++++++++ .../runtime/v1/linux/proc/init_state.go | 3 +- .../containerd/runtime/v1/linux/proc/utils.go | 4 ++- .../containerd/containerd/vendor.conf | 4 +-- vendor/github.com/containerd/cri/vendor.conf | 8 +++--- .../runc/libcontainer/cgroups/utils.go | 28 +++++++++++++------ .../runc/libcontainer/configs/config.go | 13 ++++----- .../runc/libcontainer/configs/intelrdt.go | 4 ++- 12 files changed, 66 insertions(+), 33 deletions(-) diff --git a/vendor.conf b/vendor.conf index 56d805a84f..a9b0138205 100644 --- a/vendor.conf +++ b/vendor.conf @@ -79,7 +79,7 @@ google.golang.org/grpc v1.12.0 # the containerd project first, and update both after that is merged. # This commit does not need to match RUNC_COMMIT as it is used for helper # packages but should be newer or equal. -github.com/opencontainers/runc 10d38b660a77168360df3522881e2dc2be5056bd +github.com/opencontainers/runc 96ec2177ae841256168fcf76954f7177af9446eb github.com/opencontainers/runtime-spec 5684b8af48c1ac3b1451fa499724e30e3c20a294 # v1.0.1-49-g5684b8a github.com/opencontainers/image-spec v1.0.1 github.com/seccomp/libseccomp-golang 32f571b70023028bd57d9288c20efbcb237f3ce0 @@ -118,12 +118,12 @@ github.com/googleapis/gax-go v2.0.0 google.golang.org/genproto 694d95ba50e67b2e363f3483057db5d4910c18f9 # containerd -github.com/containerd/containerd de1f167ab96338a9f5c2b17347abf84bdf1dd411 # v1.2.1-rc.0 +github.com/containerd/containerd 9b32062dc1f5a7c2564315c269b5059754f12b9d # v1.2.1 github.com/containerd/fifo 3d5202aec260678c48179c56f40e6f38a095738c github.com/containerd/continuity bd77b46c8352f74eb12c85bdc01f4b90f69d66b4 github.com/containerd/cgroups 5e610833b72089b37d0e615de9a92dfc043757c2 github.com/containerd/console c12b1e7919c14469339a5d38f2f8ed9b64a9de23 -github.com/containerd/cri f913714917d2456d7e65a0be84962b1ce8acb487 # release/1.2 branch +github.com/containerd/cri 0ca1e3c2b73b5c38e72f29bb76338d0078b23d6c # release/1.2 branch github.com/containerd/go-runc 5a6d9f37cfa36b15efba46dc7ea349fa9b7143c3 github.com/containerd/typeurl a93fcdb778cd272c6e9b3028b2f42d813e785d40 github.com/containerd/ttrpc 2a805f71863501300ae1976d29f0454ae003e85a diff --git a/vendor/github.com/containerd/containerd/oci/spec.go b/vendor/github.com/containerd/containerd/oci/spec.go index b83f40ac65..a30c953069 100644 --- a/vendor/github.com/containerd/containerd/oci/spec.go +++ b/vendor/github.com/containerd/containerd/oci/spec.go @@ -209,6 +209,7 @@ func populateDefaultUnixSpec(ctx context.Context, s *Spec, id string) error { Linux: &specs.Linux{ MaskedPaths: []string{ "/proc/acpi", + "/proc/asound", "/proc/kcore", "/proc/keys", "/proc/latency_stats", @@ -219,7 +220,6 @@ func populateDefaultUnixSpec(ctx context.Context, s *Spec, id string) error { "/proc/scsi", }, ReadonlyPaths: []string{ - "/proc/asound", "/proc/bus", "/proc/fs", "/proc/irq", diff --git a/vendor/github.com/containerd/containerd/runtime/v1/linux/proc/deleted_state.go b/vendor/github.com/containerd/containerd/runtime/v1/linux/proc/deleted_state.go index ab89c3ecba..bc9aefb7fb 100644 --- a/vendor/github.com/containerd/containerd/runtime/v1/linux/proc/deleted_state.go +++ b/vendor/github.com/containerd/containerd/runtime/v1/linux/proc/deleted_state.go @@ -69,3 +69,7 @@ func (s *deletedState) SetExited(status int) { func (s *deletedState) Exec(ctx context.Context, path string, r *ExecConfig) (proc.Process, error) { return nil, errors.Errorf("cannot exec in a deleted state") } + +func (s *deletedState) Pid() int { + return -1 +} diff --git a/vendor/github.com/containerd/containerd/runtime/v1/linux/proc/exec.go b/vendor/github.com/containerd/containerd/runtime/v1/linux/proc/exec.go index 4b932455b0..4c0e99e89c 100644 --- a/vendor/github.com/containerd/containerd/runtime/v1/linux/proc/exec.go +++ b/vendor/github.com/containerd/containerd/runtime/v1/linux/proc/exec.go @@ -69,8 +69,10 @@ func (e *execProcess) ID() string { } func (e *execProcess) Pid() int { - e.mu.Lock() - defer e.mu.Unlock() + return e.execState.Pid() +} + +func (e *execProcess) pidv() int { return e.pid } diff --git a/vendor/github.com/containerd/containerd/runtime/v1/linux/proc/exec_state.go b/vendor/github.com/containerd/containerd/runtime/v1/linux/proc/exec_state.go index 12489501ba..0e0bc3fcf2 100644 --- a/vendor/github.com/containerd/containerd/runtime/v1/linux/proc/exec_state.go +++ b/vendor/github.com/containerd/containerd/runtime/v1/linux/proc/exec_state.go @@ -31,6 +31,7 @@ type execState interface { Delete(context.Context) error Kill(context.Context, uint32, bool) error SetExited(int) + Pid() int } type execCreatedState struct { @@ -82,6 +83,12 @@ func (s *execCreatedState) SetExited(status int) { } } +func (s *execCreatedState) Pid() int { + s.p.mu.Lock() + defer s.p.mu.Unlock() + return s.p.pidv() +} + type execRunningState struct { p *execProcess } @@ -120,6 +127,12 @@ func (s *execRunningState) SetExited(status int) { } } +func (s *execRunningState) Pid() int { + s.p.mu.Lock() + defer s.p.mu.Unlock() + return s.p.pidv() +} + type execStoppedState struct { p *execProcess } @@ -157,3 +170,7 @@ func (s *execStoppedState) Kill(ctx context.Context, sig uint32, all bool) error func (s *execStoppedState) SetExited(status int) { // no op } + +func (s *execStoppedState) Pid() int { + return s.p.pidv() +} diff --git a/vendor/github.com/containerd/containerd/runtime/v1/linux/proc/init_state.go b/vendor/github.com/containerd/containerd/runtime/v1/linux/proc/init_state.go index 06a5c7f3d7..37798de201 100644 --- a/vendor/github.com/containerd/containerd/runtime/v1/linux/proc/init_state.go +++ b/vendor/github.com/containerd/containerd/runtime/v1/linux/proc/init_state.go @@ -24,7 +24,6 @@ import ( "syscall" "github.com/containerd/console" - "github.com/containerd/containerd/errdefs" "github.com/containerd/containerd/runtime/proc" "github.com/containerd/fifo" runc "github.com/containerd/go-runc" @@ -407,7 +406,7 @@ func (s *stoppedState) Delete(ctx context.Context) error { } func (s *stoppedState) Kill(ctx context.Context, sig uint32, all bool) error { - return errdefs.ToGRPCf(errdefs.ErrNotFound, "process %s not found", s.p.id) + return s.p.kill(ctx, sig, all) } func (s *stoppedState) SetExited(status int) { diff --git a/vendor/github.com/containerd/containerd/runtime/v1/linux/proc/utils.go b/vendor/github.com/containerd/containerd/runtime/v1/linux/proc/utils.go index 3d0334c450..04baae0f75 100644 --- a/vendor/github.com/containerd/containerd/runtime/v1/linux/proc/utils.go +++ b/vendor/github.com/containerd/containerd/runtime/v1/linux/proc/utils.go @@ -93,7 +93,9 @@ func checkKillError(err error) error { if err == nil { return nil } - if strings.Contains(err.Error(), "os: process already finished") || err == unix.ESRCH { + if strings.Contains(err.Error(), "os: process already finished") || + strings.Contains(err.Error(), "container not running") || + err == unix.ESRCH { return errors.Wrapf(errdefs.ErrNotFound, "process already finished") } return errors.Wrapf(err, "unknown error after kill") diff --git a/vendor/github.com/containerd/containerd/vendor.conf b/vendor/github.com/containerd/containerd/vendor.conf index 650710a9b8..c439d85cd9 100644 --- a/vendor/github.com/containerd/containerd/vendor.conf +++ b/vendor/github.com/containerd/containerd/vendor.conf @@ -20,7 +20,7 @@ github.com/gogo/protobuf v1.0.0 github.com/gogo/googleapis 08a7655d27152912db7aaf4f983275eaf8d128ef github.com/golang/protobuf v1.1.0 github.com/opencontainers/runtime-spec eba862dc2470385a233c7507392675cbeadf7353 # v1.0.1-45-geba862d -github.com/opencontainers/runc 10d38b660a77168360df3522881e2dc2be5056bd +github.com/opencontainers/runc 96ec2177ae841256168fcf76954f7177af9446eb github.com/sirupsen/logrus v1.0.0 github.com/urfave/cli 7bc6a0acffa589f415f88aca16cc1de5ffd66f9c golang.org/x/net b3756b4b77d7b13260a0a2ec658753cf48922eac @@ -43,7 +43,7 @@ github.com/google/go-cmp v0.1.0 go.etcd.io/bbolt v1.3.1-etcd.8 # cri dependencies -github.com/containerd/cri 2bb57d27203d82fc79c496aea724aec593b2705a # release/1.2 branch +github.com/containerd/cri 0ca1e3c2b73b5c38e72f29bb76338d0078b23d6c # release/1.2 branch github.com/containerd/go-cni 40bcf8ec8acd7372be1d77031d585d5d8e561c90 github.com/blang/semver v3.1.0 github.com/containernetworking/cni v0.6.0 diff --git a/vendor/github.com/containerd/cri/vendor.conf b/vendor/github.com/containerd/cri/vendor.conf index c81758046f..208a079b6a 100644 --- a/vendor/github.com/containerd/cri/vendor.conf +++ b/vendor/github.com/containerd/cri/vendor.conf @@ -3,7 +3,7 @@ github.com/blang/semver v3.1.0 github.com/BurntSushi/toml a368813c5e648fee92e5f6c30e3944ff9d5e8895 github.com/containerd/cgroups 5e610833b72089b37d0e615de9a92dfc043757c2 github.com/containerd/console c12b1e7919c14469339a5d38f2f8ed9b64a9de23 -github.com/containerd/containerd 15f19d7a67fa322e6de0ef4c6a1bf9da0f056554 +github.com/containerd/containerd 4b284fa3ab61832b022ba428055f793a75ffc251 github.com/containerd/continuity bd77b46c8352f74eb12c85bdc01f4b90f69d66b4 github.com/containerd/fifo 3d5202aec260678c48179c56f40e6f38a095738c github.com/containerd/go-cni 40bcf8ec8acd7372be1d77031d585d5d8e561c90 @@ -33,13 +33,13 @@ github.com/hashicorp/errwrap 7554cd9344cec97297fa6649b055a8c98c2a1e55 github.com/hashicorp/go-multierror ed905158d87462226a13fe39ddf685ea65f1c11f github.com/json-iterator/go 1.1.5 github.com/matttproud/golang_protobuf_extensions v1.0.0 -github.com/Microsoft/go-winio v0.4.10 -github.com/Microsoft/hcsshim v0.7.6 +github.com/Microsoft/go-winio v0.4.11 +github.com/Microsoft/hcsshim v0.8.1 github.com/modern-go/concurrent 1.0.3 github.com/modern-go/reflect2 1.0.1 github.com/opencontainers/go-digest c9281466c8b2f606084ac71339773efd177436e7 github.com/opencontainers/image-spec v1.0.1 -github.com/opencontainers/runc 00dc70017d222b178a002ed30e9321b12647af2d +github.com/opencontainers/runc v1.0.0-rc6 github.com/opencontainers/runtime-spec eba862dc2470385a233c7507392675cbeadf7353 github.com/opencontainers/runtime-tools v0.6.0 github.com/opencontainers/selinux b6fa367ed7f534f9ba25391cc2d467085dbb445a diff --git a/vendor/github.com/opencontainers/runc/libcontainer/cgroups/utils.go b/vendor/github.com/opencontainers/runc/libcontainer/cgroups/utils.go index cd32a67353..316d963d62 100644 --- a/vendor/github.com/opencontainers/runc/libcontainer/cgroups/utils.go +++ b/vendor/github.com/opencontainers/runc/libcontainer/cgroups/utils.go @@ -22,31 +22,41 @@ const ( ) // https://www.kernel.org/doc/Documentation/cgroup-v1/cgroups.txt -func FindCgroupMountpoint(subsystem string) (string, error) { - mnt, _, err := FindCgroupMountpointAndRoot(subsystem) +func FindCgroupMountpoint(cgroupPath, subsystem string) (string, error) { + mnt, _, err := FindCgroupMountpointAndRoot(cgroupPath, subsystem) return mnt, err } -func FindCgroupMountpointAndRoot(subsystem string) (string, string, error) { +func FindCgroupMountpointAndRoot(cgroupPath, subsystem string) (string, string, error) { // We are not using mount.GetMounts() because it's super-inefficient, // parsing it directly sped up x10 times because of not using Sscanf. // It was one of two major performance drawbacks in container start. if !isSubsystemAvailable(subsystem) { return "", "", NewNotFoundError(subsystem) } + f, err := os.Open("/proc/self/mountinfo") if err != nil { return "", "", err } defer f.Close() - scanner := bufio.NewScanner(f) + return findCgroupMountpointAndRootFromReader(f, cgroupPath, subsystem) +} + +func findCgroupMountpointAndRootFromReader(reader io.Reader, cgroupPath, subsystem string) (string, string, error) { + scanner := bufio.NewScanner(reader) for scanner.Scan() { txt := scanner.Text() - fields := strings.Split(txt, " ") - for _, opt := range strings.Split(fields[len(fields)-1], ",") { - if opt == subsystem { - return fields[4], fields[3], nil + fields := strings.Fields(txt) + if len(fields) < 5 { + continue + } + if strings.HasPrefix(fields[4], cgroupPath) { + for _, opt := range strings.Split(fields[len(fields)-1], ",") { + if opt == subsystem { + return fields[4], fields[3], nil + } } } } @@ -257,7 +267,7 @@ func GetInitCgroupPath(subsystem string) (string, error) { } func getCgroupPathHelper(subsystem, cgroup string) (string, error) { - mnt, root, err := FindCgroupMountpointAndRoot(subsystem) + mnt, root, err := FindCgroupMountpointAndRoot("", subsystem) if err != nil { return "", err } diff --git a/vendor/github.com/opencontainers/runc/libcontainer/configs/config.go b/vendor/github.com/opencontainers/runc/libcontainer/configs/config.go index b065f7f28e..7728522fef 100644 --- a/vendor/github.com/opencontainers/runc/libcontainer/configs/config.go +++ b/vendor/github.com/opencontainers/runc/libcontainer/configs/config.go @@ -272,26 +272,23 @@ func (hooks Hooks) MarshalJSON() ([]byte, error) { }) } -// HookState is the payload provided to a hook on execution. -type HookState specs.State - type Hook interface { // Run executes the hook with the provided state. - Run(HookState) error + Run(*specs.State) error } // NewFunctionHook will call the provided function when the hook is run. -func NewFunctionHook(f func(HookState) error) FuncHook { +func NewFunctionHook(f func(*specs.State) error) FuncHook { return FuncHook{ run: f, } } type FuncHook struct { - run func(HookState) error + run func(*specs.State) error } -func (f FuncHook) Run(s HookState) error { +func (f FuncHook) Run(s *specs.State) error { return f.run(s) } @@ -314,7 +311,7 @@ type CommandHook struct { Command } -func (c Command) Run(s HookState) error { +func (c Command) Run(s *specs.State) error { b, err := json.Marshal(s) if err != nil { return err diff --git a/vendor/github.com/opencontainers/runc/libcontainer/configs/intelrdt.go b/vendor/github.com/opencontainers/runc/libcontainer/configs/intelrdt.go index 6f47aac077..57e9f037d9 100644 --- a/vendor/github.com/opencontainers/runc/libcontainer/configs/intelrdt.go +++ b/vendor/github.com/opencontainers/runc/libcontainer/configs/intelrdt.go @@ -5,7 +5,9 @@ type IntelRdt struct { // Format: "L3:=;=;..." L3CacheSchema string `json:"l3_cache_schema,omitempty"` - // The schema of memory bandwidth percentage per L3 cache id + // The schema of memory bandwidth per L3 cache id // Format: "MB:=bandwidth0;=bandwidth1;..." + // The unit of memory bandwidth is specified in "percentages" by + // default, and in "MBps" if MBA Software Controller is enabled. MemBwSchema string `json:"memBwSchema,omitempty"` } From 75c4b741550a3c5cb061269cc92a5d563d153626 Mon Sep 17 00:00:00 2001 From: Andrew Hsu Date: Fri, 7 Dec 2018 01:53:00 +0000 Subject: [PATCH 2/3] vndr libnetwork to adjust for updated runc Signed-off-by: Andrew Hsu Signed-off-by: Sebastiaan van Stijn --- hack/dockerfile/install/proxy.installer | 2 +- vendor.conf | 2 +- .../docker/libnetwork/sandbox_externalkey_unix.go | 8 ++++---- vendor/github.com/docker/libnetwork/service_common.go | 2 +- vendor/github.com/docker/libnetwork/vendor.conf | 2 +- 5 files changed, 8 insertions(+), 8 deletions(-) diff --git a/hack/dockerfile/install/proxy.installer b/hack/dockerfile/install/proxy.installer index 38b18a0fda..b8c19ef0c1 100755 --- a/hack/dockerfile/install/proxy.installer +++ b/hack/dockerfile/install/proxy.installer @@ -3,7 +3,7 @@ # LIBNETWORK_COMMIT is used to build the docker-userland-proxy binary. When # updating the binary version, consider updating github.com/docker/libnetwork # in vendor.conf accordingly -LIBNETWORK_COMMIT=49627167f0585504fd78ed8827529aec57a9618d +LIBNETWORK_COMMIT=1a06131fb8a047d919f7deaf02a4c414d7884b83 install_proxy() { case "$1" in diff --git a/vendor.conf b/vendor.conf index a9b0138205..40f3378a73 100644 --- a/vendor.conf +++ b/vendor.conf @@ -37,7 +37,7 @@ github.com/mitchellh/hashstructure 2bca23e0e452137f789efbc8610126fd8b94f73b #get libnetwork packages # When updating, also update LIBNETWORK_COMMIT in hack/dockerfile/install/proxy.installer accordingly -github.com/docker/libnetwork 1f28166bb386cf9223d2d00a28382b0e474be314 +github.com/docker/libnetwork 1a06131fb8a047d919f7deaf02a4c414d7884b83 github.com/docker/go-events 9461782956ad83b30282bf90e31fa6a70c255ba9 github.com/armon/go-radix e39d623f12e8e41c7b5529e9a9dd67a1e2261f80 github.com/armon/go-metrics eb0af217e5e9747e41dd5303755356b62d28e3ec diff --git a/vendor/github.com/docker/libnetwork/sandbox_externalkey_unix.go b/vendor/github.com/docker/libnetwork/sandbox_externalkey_unix.go index 7601db9049..5006583c5b 100644 --- a/vendor/github.com/docker/libnetwork/sandbox_externalkey_unix.go +++ b/vendor/github.com/docker/libnetwork/sandbox_externalkey_unix.go @@ -13,7 +13,7 @@ import ( "path/filepath" "github.com/docker/libnetwork/types" - "github.com/opencontainers/runc/libcontainer/configs" + "github.com/opencontainers/runtime-spec/specs-go" "github.com/sirupsen/logrus" ) @@ -25,7 +25,7 @@ const ( // processSetKeyReexec is a private function that must be called only on an reexec path // It expects 3 args { [0] = "libnetwork-setkey", [1] = , [2] = } -// It also expects configs.HookState as a json string in +// It also expects specs.State as a json string in // Refer to https://github.com/opencontainers/runc/pull/160/ for more information // The docker exec-root can be specified as "-exec-root" flag. The default value is "/run/docker". func processSetKeyReexec() { @@ -50,12 +50,12 @@ func processSetKeyReexec() { } containerID, controllerID := args[0], args[1] - // We expect configs.HookState as a json string in + // We expect specs.State as a json string in stateBuf, err := ioutil.ReadAll(os.Stdin) if err != nil { return } - var state configs.HookState + var state specs.State if err = json.Unmarshal(stateBuf, &state); err != nil { return } diff --git a/vendor/github.com/docker/libnetwork/service_common.go b/vendor/github.com/docker/libnetwork/service_common.go index 78986c5424..73358134b8 100644 --- a/vendor/github.com/docker/libnetwork/service_common.go +++ b/vendor/github.com/docker/libnetwork/service_common.go @@ -64,7 +64,7 @@ func (c *controller) addContainerNameResolution(nID, eID, containerName string, // Add resolution for taskaliases for _, alias := range taskAliases { - n.(*network).addSvcRecords(eID, alias, eID, ip, nil, true, method) + n.(*network).addSvcRecords(eID, alias, eID, ip, nil, false, method) } return nil diff --git a/vendor/github.com/docker/libnetwork/vendor.conf b/vendor/github.com/docker/libnetwork/vendor.conf index f2bb55223e..865704ab4e 100644 --- a/vendor/github.com/docker/libnetwork/vendor.conf +++ b/vendor/github.com/docker/libnetwork/vendor.conf @@ -32,7 +32,7 @@ github.com/mattn/go-shellwords v1.0.3 github.com/miekg/dns v1.0.7 github.com/opencontainers/go-digest v1.0.0-rc1 github.com/opencontainers/image-spec v1.0.1 -github.com/opencontainers/runc 69663f0bd4b60df09991c08812a60108003fa340 +github.com/opencontainers/runc 96ec2177ae841256168fcf76954f7177af9446eb github.com/opencontainers/runtime-spec v1.0.1 github.com/samuel/go-zookeeper d0e0d8e11f318e000a8cc434616d69e329edc374 github.com/sirupsen/logrus v1.0.3 From 78045a5419718ba8884ed5afc0b41a3a80afc3b4 Mon Sep 17 00:00:00 2001 From: Andrew Hsu Date: Thu, 6 Dec 2018 18:49:51 +0000 Subject: [PATCH 3/3] use empty string as cgroup path to grab first find Signed-off-by: Andrew Hsu Signed-off-by: Sebastiaan van Stijn --- daemon/daemon_unix.go | 2 +- pkg/sysinfo/sysinfo_linux.go | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/daemon/daemon_unix.go b/daemon/daemon_unix.go index b18fca17c7..aaeeabb0b5 100644 --- a/daemon/daemon_unix.go +++ b/daemon/daemon_unix.go @@ -1484,7 +1484,7 @@ func (daemon *Daemon) initCgroupsPath(path string) error { // for the period and runtime as this limits what the children can be set to. daemon.initCgroupsPath(filepath.Dir(path)) - mnt, root, err := cgroups.FindCgroupMountpointAndRoot("cpu") + mnt, root, err := cgroups.FindCgroupMountpointAndRoot("", "cpu") if err != nil { return err } diff --git a/pkg/sysinfo/sysinfo_linux.go b/pkg/sysinfo/sysinfo_linux.go index 6492a1c9ac..1fcf08310c 100644 --- a/pkg/sysinfo/sysinfo_linux.go +++ b/pkg/sysinfo/sysinfo_linux.go @@ -232,7 +232,7 @@ func checkCgroupCpusetInfo(cgMounts map[string]string, quiet bool) cgroupCpusetI // checkCgroupPids reads the pids information from the pids cgroup mount point. func checkCgroupPids(quiet bool) cgroupPids { - _, err := cgroups.FindCgroupMountpoint("pids") + _, err := cgroups.FindCgroupMountpoint("", "pids") if err != nil { if !quiet { logrus.Warn(err)