packages/iSulad
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
iSulad/0007-update-annotations-and-add-ci-cases.patch

175 lines
7.1 KiB
Diff
Raw Permalink Normal View History

upgrade from upstream Signed-off-by: zhongtao <zhongtao17@huawei.com> (cherry picked from commit 0cdbd434956257cb303368fcba4dcc192b4955cf)
2024-03-19 19:23:42 +08:00
From ed4b71b2027a6e9fdf15931fe93aa9e0bb3dc79d Mon Sep 17 00:00:00 2001
From: leizhongkai <leizhongkai@huawei.com>
Date: Wed, 31 Jan 2024 18:17:52 +0800
upgrade from upstream Signed-off-by: jikai <jikai11@huawei.com>
2024-04-02 11:50:19 +00:00
Subject: [PATCH 07/43] update annotations and add ci cases
upgrade from upstream Signed-off-by: zhongtao <zhongtao17@huawei.com> (cherry picked from commit 0cdbd434956257cb303368fcba4dcc192b4955cf)
2024-03-19 19:23:42 +08:00
Signed-off-by: leizhongkai <leizhongkai@huawei.com>
---
.../container_cases/dev_cgroup_rule.sh | 24 +++++++++++
src/daemon/modules/api/specs_api.h | 2 +
.../modules/service/service_container.c | 18 +++++++-
src/daemon/modules/spec/specs.c | 41 ++++++++++++++++++-
4 files changed, 82 insertions(+), 3 deletions(-)
diff --git a/CI/test_cases/container_cases/dev_cgroup_rule.sh b/CI/test_cases/container_cases/dev_cgroup_rule.sh
index 839a546c..5616d37a 100755
--- a/CI/test_cases/container_cases/dev_cgroup_rule.sh
+++ b/CI/test_cases/container_cases/dev_cgroup_rule.sh
@@ -29,6 +29,9 @@ function test_cpu_dev_cgoup_rule_spec()
local image="busybox"
local test="container device cgroup rule test with (${runtime}) => (${FUNCNAME[@]})"
local test_dev="/dev/testA"
+ local default_config="/etc/default/isulad/config.json"
+ local default_config_bak="/etc/default/isulad/config.json.bak"
+ local test_cgroup_parent="/testABC"
msg_info "${test} starting..."
@@ -54,6 +57,27 @@ function test_cpu_dev_cgoup_rule_spec()
[[ $? -ne 0 ]] && [[ $cnt -le $priv_minor_88_cnt ]] && msg_err "${FUNCNAME[0]}:${LINENO} - check device minor failed" && ((ret++))
isula rm -f $priv_cid
+ def_cid=$(isula run -tid --runtime $runtime -m 10m $image /bin/sh)
+ [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - run container failed" && ((ret++))
+ cp $default_config $default_config_bak
+ sed -i '/"linux": {/a \ \t\t"devices": [\n\t\t{\n\t\t\t"type": "c",\n\t\t\t"path": "\/dev\/testABC",\n\t\t\t"major": 88,\n\t\t\t"minor": 88\n\t\t}\n\t\t],' $default_config
+ stop_isulad_without_valgrind
+ start_isulad_with_valgrind --cgroup-parent $test_cgroup_parent
+ [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - start isulad failed" && ((ret++))
+ isula restart -t 0 $def_cid
+ [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - restart container failed" && ((ret++))
+ cat /sys/fs/cgroup/memory/$test_cgroup_parent/$def_cid/memory.limit_in_bytes | grep ^10485760$
+ [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - --cgroup-parent cannot work" && ((ret++))
+ cnt=$(cat ${RUNTIME_ROOT_PATH}/${runtime}/$def_cid/config.json | grep "major\": 88" | wc -l)
+ [[ $? -ne 0 ]]&& [[ $cnt -ne 2 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - check device major failed" && ((ret++))
+ cnt=$(cat ${RUNTIME_ROOT_PATH}/${runtime}/$def_cid/config.json | grep "minor\": 88" | wc -l)
+ [[ $? -ne 0 ]] && [[ $cnt -ne 2 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - check device minor failed" && ((ret++))
+ isula rm -f $def_cid
+ cp $default_config_bak $default_config
+ stop_isulad_without_valgrind
+ start_isulad_with_valgrind
+ [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - start isulad failed" && ((ret++))
+
cid=$(isula run -tid --device "$test_dev:$test_dev" --runtime $runtime $image /bin/sh)
[[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - run container failed" && ((ret++))
cnt=$(cat ${RUNTIME_ROOT_PATH}/${runtime}/$cid/config.json | grep "major\": 88" | wc -l)
diff --git a/src/daemon/modules/api/specs_api.h b/src/daemon/modules/api/specs_api.h
index 7c904614..f5f6ad8b 100644
--- a/src/daemon/modules/api/specs_api.h
+++ b/src/daemon/modules/api/specs_api.h
@@ -41,6 +41,8 @@ int merge_share_namespace(oci_runtime_spec *oci_spec, const host_config *host_sp
const container_config_v2_common_config *v2_spec,
const container_network_settings *network_settings);
+int update_spec_annotations(oci_runtime_spec *oci_spec, container_config *container_spec, host_config *host_spec);
+
oci_runtime_spec *load_oci_config(const char *rootpath, const char *name);
oci_runtime_spec *default_spec(bool system_container);
diff --git a/src/daemon/modules/service/service_container.c b/src/daemon/modules/service/service_container.c
index 97f73768..239783b8 100644
--- a/src/daemon/modules/service/service_container.c
+++ b/src/daemon/modules/service/service_container.c
@@ -691,11 +691,18 @@ out:
epoll_loop_close(&descr);
}
-static int do_oci_spec_update(const char *id, oci_runtime_spec *oci_spec, host_config *hostconfig)
+static int do_oci_spec_update(const char *id, oci_runtime_spec *oci_spec, container_config *container_spec, host_config *hostconfig)
{
__isula_auto_free char *cgroup_parent = NULL;
int ret;
+ // First renew annotations for oci spec, cgroup path, rootfs.mount, native.mask
+ // for iSulad daemon might get updated
+ ret = update_spec_annotations(oci_spec, container_spec, hostconfig);
+ if (ret < 0) {
+ return -1;
+ }
+
// If isulad daemon cgroup parent updated, we should update this config into oci spec
cgroup_parent = merge_container_cgroups_path(id, hostconfig);
if (cgroup_parent == NULL) {
@@ -802,13 +809,20 @@ static int do_start_container(container_t *cont, const char *console_fifos[], bo
}
// Update possible changes
- nret = do_oci_spec_update(id, oci_spec, cont->hostconfig);
+ nret = do_oci_spec_update(id, oci_spec, cont->common_config->config, cont->hostconfig);
if (nret != 0) {
ERROR("Failed to update possible changes for oci spec");
ret = -1;
goto close_exit_fd;
}
+ nret = container_to_disk(cont);
+ if (nret != 0) {
+ ERROR("Failed to save container info to disk");
+ ret = -1;
+ goto close_exit_fd;
+ }
+
nret = setup_ipc_dirs(cont->hostconfig, cont->common_config);
if (nret != 0) {
ERROR("Failed to setup ipc dirs");
diff --git a/src/daemon/modules/spec/specs.c b/src/daemon/modules/spec/specs.c
index cc49d85f..62e340b1 100644
--- a/src/daemon/modules/spec/specs.c
+++ b/src/daemon/modules/spec/specs.c
@@ -385,6 +385,44 @@ out:
return ret;
}
+int update_spec_annotations(oci_runtime_spec *oci_spec, container_config *container_spec, host_config *host_spec)
+{
+ int ret = 0;
+ if (oci_spec == NULL || container_spec == NULL || host_spec == NULL) {
+ return -1;
+ }
+
+ ret = make_sure_container_spec_annotations(container_spec);
+ if (ret < 0) {
+ return -1;
+ }
+
+ ret = make_annotations_cgroup_dir(container_spec, host_spec);
+ if (ret != 0) {
+ return -1;
+ }
+
+ /* add rootfs.mount */
+ ret = add_rootfs_mount(container_spec);
+ if (ret != 0) {
+ ERROR("Failed to add rootfs mount");
+ return -1;
+ }
+
+ /* add native.umask */
+ ret = add_native_umask(container_spec);
+ if (ret != 0) {
+ ERROR("Failed to add native umask");
+ return -1;
+ }
+
+ if (merge_annotations(oci_spec, container_spec)) {
+ return -1;
+ }
+
+ return 0;
+}
+
static int make_sure_oci_spec_root(oci_runtime_spec *oci_spec)
{
if (oci_spec->root == NULL) {
@@ -2501,4 +2539,5 @@ int spec_module_init(void)
return -1;
}
return 0;
-}
\ No newline at end of file
+}
+
--
upgrade from upstream Signed-off-by: jikai <jikai11@huawei.com>
2024-04-02 11:50:19 +00:00
2.34.1
upgrade from upstream Signed-off-by: zhongtao <zhongtao17@huawei.com> (cherry picked from commit 0cdbd434956257cb303368fcba4dcc192b4955cf)
2024-03-19 19:23:42 +08:00
Reference in New Issue Copy Permalink