From b1ffa045c401f5ecfe5223975d3b0b2e9890ddc9 Mon Sep 17 00:00:00 2001 From: WangFengTu Date: Tue, 18 May 2021 14:48:15 +0800 Subject: [PATCH] iSulad: sync with upstream iSulad Signed-off-by: WangFengTu --- ...ull-option-when-create-run-container.patch | 116 ++ 0050-add-testcase-for-pull-option.patch | 38 + ....patch => 0051-remove-redundant-code.patch | 2 +- ...umount-when-resize2fs-command-failed.patch | 2 +- 0053-support-isula-exec-workdir.patch | 174 +++ ...-add-testcase-for-isula-exec-workdir.patch | 72 ++ ...te-mtab-when-runtime-is-kata-runtime.patch | 2 +- ...-unchecked-layer-ignore-rootfs-layer.patch | 2 +- ...k-running-container-with-image-integ.patch | 2 +- ...n-inspect-container-when-daemon-sets.patch | 4 +- ...eadme-add-related-resouces-in-readme.patch | 33 + 0060-update-docs-build_guide_zh.md.patch | 25 + ...-fix-health_check.sh-execute-failure.patch | 88 ++ 0062-support-cgroup-v2.patch | 488 ++++++++ 0063-add-testcases-for-cgroup-v2.patch | 785 ++++++++++++ ...add-configure-image-registry-address.patch | 44 + 0065-add-iSulad-experiment-in-README.patch | 32 + 0066-CI-add-testcase-for-long-label.patch | 106 ++ ...ory-leak-when-pack-annotation-failed.patch | 92 ++ ...-script-to-install-iSulad-on-Centos7.patch | 198 +++ ...-IO-copy-thread-in-CRI-exec-operatio.patch | 1061 +++++++++++++++++ 0070-CI-add-testcase-for-cri-stream.patch | 191 +++ ...sage-normal-when-stats-with-no-strea.patch | 69 ++ ...t-to-install-iSulad-on-Ubuntu-20.04-.patch | 118 ++ ...pdate-libarchive-requirement-to-v3.4.patch | 26 + ...t-the-mistake-package-libarchive-dev.patch | 26 + ...ocomplete-in-isula-command-line-mode.patch | 140 +++ ...iSulad-fix-bugs-of-isula-runtime-ops.patch | 27 + ...mpatible-with-registry-URL-ending-in.patch | 57 + ...t-run-on-2-cpu-4G-memory-environment.patch | 443 +++++++ 0079-added-default-completion.patch | 41 + 0080-fix-coredump-when-poweroff.patch | 80 ++ ...ontainer-when-build-failed-for-debug.patch | 36 + ...ecrease-log-level-of-check-dm-device.patch | 85 ++ 0083-fix-bugs-when-pulling-image.patch | 206 ++++ 0084-add-testcase-for-pulling-image.patch | 55 + ...turn-value-to-valid-use-NULL-pointer.patch | 84 ++ ...move-reinstall_thinpool-to-helper.sh.patch | 192 +++ 0087-CI-activate-vg-isulad.patch | 46 + 0088-CI-devicemapper-add-filter.patch | 31 + ...yslog-tag-support-dynamic-tag-values.patch | 555 +++++++++ ...-add-testcase-for-contailer-log-opts.patch | 218 ++++ 0091-CI-run-the-containers-one-by-one.patch | 40 + 0092-completion-isula-images.patch | 102 ++ 0093-fix-memory-leak-when-pulling-image.patch | 110 ++ 0094-isula-fix-help-xx-coredump.patch | 51 + 0095-workdir-must-be-absolute-path.patch | 30 + 0096-check-if-pull-option-is-valid.patch | 42 + ...-of-stats-not-right-when-runtime-is-.patch | 28 + 0098-log-adjust-log-level-to-reduce-log.patch | 207 ++++ ...se-ali-registry-instead-of-docker.io.patch | 26 + ...ck-key-s-case-when-parse-http-header.patch | 60 + 0101-CI-use-docker.io-registry.patch | 57 + 0102-CI-fix-integration_check.sh.patch | 45 + 0103-optimize-token-generation.patch | 83 ++ ...-string-array-initialization-failure.patch | 35 + iSulad.spec | 70 +- 57 files changed, 7064 insertions(+), 14 deletions(-) create mode 100644 0049-support-pull-option-when-create-run-container.patch create mode 100644 0050-add-testcase-for-pull-option.patch rename 0049-remove-redundant-code.patch => 0051-remove-redundant-code.patch (94%) rename 0050-devicemapper-umount-when-resize2fs-command-failed.patch => 0052-devicemapper-umount-when-resize2fs-command-failed.patch (94%) create mode 100644 0053-support-isula-exec-workdir.patch create mode 100644 0054-add-testcase-for-isula-exec-workdir.patch rename 0051-ignore-to-create-mtab-when-runtime-is-kata-runtime.patch => 0055-ignore-to-create-mtab-when-runtime-is-kata-runtime.patch (94%) rename 0052-remove-unchecked-layer-ignore-rootfs-layer.patch => 0056-remove-unchecked-layer-ignore-rootfs-layer.patch (97%) rename 0053-add-test-to-check-running-container-with-image-integ.patch => 0057-add-test-to-check-running-container-with-image-integ.patch (95%) rename 0054-fix-coredump-when-inspect-container-when-daemon-sets.patch => 0058-fix-coredump-when-inspect-container-when-daemon-sets.patch (91%) create mode 100644 0059-Readme-add-related-resouces-in-readme.patch create mode 100644 0060-update-docs-build_guide_zh.md.patch create mode 100644 0061-fix-health_check.sh-execute-failure.patch create mode 100644 0062-support-cgroup-v2.patch create mode 100644 0063-add-testcases-for-cgroup-v2.patch create mode 100644 0064-Readme-add-configure-image-registry-address.patch create mode 100644 0065-add-iSulad-experiment-in-README.patch create mode 100644 0066-CI-add-testcase-for-long-label.patch create mode 100644 0067-event-fix-memory-leak-when-pack-annotation-failed.patch create mode 100644 0068-Readme-add-script-to-install-iSulad-on-Centos7.patch create mode 100644 0069-cri-fix-residual-IO-copy-thread-in-CRI-exec-operatio.patch create mode 100644 0070-CI-add-testcase-for-cri-stream.patch create mode 100644 0071-stats-show-cpu-usage-normal-when-stats-with-no-strea.patch create mode 100644 0072-Readme-add-script-to-install-iSulad-on-Ubuntu-20.04-.patch create mode 100644 0073-update-libarchive-requirement-to-v3.4.patch create mode 100644 0074-correct-the-mistake-package-libarchive-dev.patch create mode 100644 0075-Added-autocomplete-in-isula-command-line-mode.patch create mode 100644 0076-iSulad-fix-bugs-of-isula-runtime-ops.patch create mode 100644 0077-Compatible-with-registry-URL-ending-in.patch create mode 100644 0078-CI-fix-CI-to-fit-run-on-2-cpu-4G-memory-environment.patch create mode 100644 0079-added-default-completion.patch create mode 100644 0080-fix-coredump-when-poweroff.patch create mode 100644 0081-CI-keep-container-when-build-failed-for-debug.patch create mode 100644 0082-devmapper-decrease-log-level-of-check-dm-device.patch create mode 100644 0083-fix-bugs-when-pulling-image.patch create mode 100644 0084-add-testcase-for-pulling-image.patch create mode 100644 0085-check-return-value-to-valid-use-NULL-pointer.patch create mode 100644 0086-move-reinstall_thinpool-to-helper.sh.patch create mode 100644 0087-CI-activate-vg-isulad.patch create mode 100644 0088-CI-devicemapper-add-filter.patch create mode 100644 0089-syslog-tag-support-dynamic-tag-values.patch create mode 100644 0090-add-testcase-for-contailer-log-opts.patch create mode 100644 0091-CI-run-the-containers-one-by-one.patch create mode 100644 0092-completion-isula-images.patch create mode 100644 0093-fix-memory-leak-when-pulling-image.patch create mode 100644 0094-isula-fix-help-xx-coredump.patch create mode 100644 0095-workdir-must-be-absolute-path.patch create mode 100644 0096-check-if-pull-option-is-valid.patch create mode 100644 0097-fix-memory-usage-of-stats-not-right-when-runtime-is-.patch create mode 100644 0098-log-adjust-log-level-to-reduce-log.patch create mode 100644 0099-CI-use-ali-registry-instead-of-docker.io.patch create mode 100644 0100-do-not-check-key-s-case-when-parse-http-header.patch create mode 100644 0101-CI-use-docker.io-registry.patch create mode 100644 0102-CI-fix-integration_check.sh.patch create mode 100644 0103-optimize-token-generation.patch create mode 100644 0104-fix-string-array-initialization-failure.patch diff --git a/0049-support-pull-option-when-create-run-container.patch b/0049-support-pull-option-when-create-run-container.patch new file mode 100644 index 0000000..be7d9ab --- /dev/null +++ b/0049-support-pull-option-when-create-run-container.patch @@ -0,0 +1,116 @@ +From 4692715e4ef7e1ec5461b03940f85cac4af8b18e Mon Sep 17 00:00:00 2001 +From: WangFengTu +Date: Sat, 27 Feb 2021 10:44:26 +0800 +Subject: [PATCH 049/104] support --pull option when create/run container + +Signed-off-by: WangFengTu +--- + src/cmd/isula/base/create.c | 24 +++++++++++++++++++++++- + src/cmd/isula/base/create.h | 7 +++++++ + src/cmd/isula/base/run.c | 1 + + src/cmd/isula/client_arguments.h | 1 + + 4 files changed, 32 insertions(+), 1 deletion(-) + +diff --git a/src/cmd/isula/base/create.c b/src/cmd/isula/base/create.c +index a531fc0e..48dc29be 100644 +--- a/src/cmd/isula/base/create.c ++++ b/src/cmd/isula/base/create.c +@@ -59,6 +59,7 @@ struct client_arguments g_cmd_create_args = { + .custom_conf.health_timeout = 0, + .custom_conf.health_start_period = 0, + .custom_conf.health_retries = 0, ++ .pull = "missing" + }; + + static void request_pack_host_config_limit(const struct client_arguments *args, isula_host_config_t *hostconfig) +@@ -1268,9 +1269,17 @@ static int client_try_to_create(const struct client_arguments *args, const struc + goto out; + } + ++ if (strcmp(args->pull, "always") == 0) { ++ ret = client_pull(args); ++ if (ret != 0) { ++ goto out; ++ } ++ } ++ + ret = do_client_create(args, ops, request, response); + if (ret != 0) { +- if (response->errmsg == NULL || strstr(response->errmsg, IMAGE_NOT_FOUND_ERROR) == NULL) { ++ if (response->errmsg == NULL || strstr(response->errmsg, IMAGE_NOT_FOUND_ERROR) == NULL || ++ strcmp(args->pull, "missing") != 0) { + client_print_error(response->cc, response->server_errono, response->errmsg); + goto out; + } +@@ -1299,6 +1308,14 @@ out: + return ret; + } + ++static bool valid_pull_option(const char *pull) ++{ ++ if (strcmp(pull, "always") == 0 || strcmp(pull, "missing") == 0 || strcmp(pull, "never") == 0) { ++ return true; ++ } ++ return false; ++} ++ + /* + * Create a create request message and call RPC + */ +@@ -1551,6 +1568,11 @@ int cmd_create_main(int argc, const char **argv) + exit(ECOMMON); + } + ++ if (!valid_pull_option(g_cmd_create_args.pull)) { ++ COMMAND_ERROR("invalid --pull option, only \"always\"|\"missing\"|\"never\" is allowed"); ++ exit(ECOMMON); ++ } ++ + ret = client_create(&g_cmd_create_args); + if (ret != 0) { + ERROR("Container \"%s\" create failed", g_cmd_create_args.name); +diff --git a/src/cmd/isula/base/create.h b/src/cmd/isula/base/create.h +index 1c455d40..610a289f 100644 +--- a/src/cmd/isula/base/create.h ++++ b/src/cmd/isula/base/create.h +@@ -276,6 +276,13 @@ extern "C" { + &(cmdargs).custom_conf.privileged, \ + "Give extended privileges to this container", \ + NULL }, \ ++ { CMD_OPT_TYPE_STRING, \ ++ false, \ ++ "pull", \ ++ 0, \ ++ &(cmdargs).pull, \ ++ "Pull image before running (\"always\"|\"missing\"|\"never\") (default \"missing\")", \ ++ NULL }, \ + { CMD_OPT_TYPE_CALLBACK, false, "tmpfs", 0, &(cmdargs).custom_conf.tmpfs, "Mount a tmpfs directory", \ + command_append_array }, \ + { CMD_OPT_TYPE_BOOL, false, "tty", 't', &(cmdargs).custom_conf.tty, "Allocate a pseudo-TTY", NULL }, \ +diff --git a/src/cmd/isula/base/run.c b/src/cmd/isula/base/run.c +index a6068709..53e89c3d 100644 +--- a/src/cmd/isula/base/run.c ++++ b/src/cmd/isula/base/run.c +@@ -39,6 +39,7 @@ static int run_checker(struct client_arguments *args); + struct client_arguments g_cmd_run_args = { + .runtime = "", + .restart = "no", ++ .pull = "missing" + }; + + static int local_cmd_start(const struct client_arguments *args) +diff --git a/src/cmd/isula/client_arguments.h b/src/cmd/isula/client_arguments.h +index adb45104..a155b863 100644 +--- a/src/cmd/isula/client_arguments.h ++++ b/src/cmd/isula/client_arguments.h +@@ -307,6 +307,7 @@ struct client_arguments { + // pull/rmi + char *ref; + bool plain_http; ++ char *pull; + + // logs + bool follow; +-- +2.25.1 + diff --git a/0050-add-testcase-for-pull-option.patch b/0050-add-testcase-for-pull-option.patch new file mode 100644 index 0000000..485f642 --- /dev/null +++ b/0050-add-testcase-for-pull-option.patch @@ -0,0 +1,38 @@ +From 55ffef15be755f2e5fbf78ec6b5b4a6e7be9b690 Mon Sep 17 00:00:00 2001 +From: WangFengTu +Date: Sat, 27 Feb 2021 11:23:53 +0800 +Subject: [PATCH 050/104] add testcase for --pull option + +Signed-off-by: WangFengTu +--- + CI/test_cases/image_cases/registry.sh | 14 ++++++++++++++ + 1 file changed, 14 insertions(+) + +diff --git a/CI/test_cases/image_cases/registry.sh b/CI/test_cases/image_cases/registry.sh +index 4e6adc28..c0a0db05 100755 +--- a/CI/test_cases/image_cases/registry.sh ++++ b/CI/test_cases/image_cases/registry.sh +@@ -60,6 +60,20 @@ function isula_pull() + isula inspect busybox + fn_check_eq "$?" "0" "isula inspect busybox" + ++ # test --pull always option ++ isula run --rm -ti --pull always busybox echo hello 2>&1 | grep pulling ++ [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - --pull always failed" && ((ret++)) ++ ++ # test --pull never option ++ isula rm -f `isula ps -a -q` ++ isula rmi busybox ++ isula run --rm -ti --pull never busybox echo hello ++ [[ $? -eq 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - --pull never failed" && ((ret++)) ++ ++ # test default --pull option (missing) ++ isula run --rm -ti busybox echo hello 2>&1 | grep pulling ++ [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - --pull missing failed" && ((ret++)) ++ + isula pull 3laho3y3.mirror.aliyuncs.com/library/busybox + fn_check_eq "$?" "0" "isula pull 3laho3y3.mirror.aliyuncs.com/library/busybox" + +-- +2.25.1 + diff --git a/0049-remove-redundant-code.patch b/0051-remove-redundant-code.patch similarity index 94% rename from 0049-remove-redundant-code.patch rename to 0051-remove-redundant-code.patch index ca2f8c9..08e8016 100644 --- a/0049-remove-redundant-code.patch +++ b/0051-remove-redundant-code.patch @@ -1,7 +1,7 @@ From 72ad417b26b17b0981cd163f42bc23d98e19b4e7 Mon Sep 17 00:00:00 2001 From: wujing Date: Mon, 1 Mar 2021 17:17:17 +0800 -Subject: [PATCH 49/53] remove redundant code +Subject: [PATCH 051/104] remove redundant code Signed-off-by: wujing --- diff --git a/0050-devicemapper-umount-when-resize2fs-command-failed.patch b/0052-devicemapper-umount-when-resize2fs-command-failed.patch similarity index 94% rename from 0050-devicemapper-umount-when-resize2fs-command-failed.patch rename to 0052-devicemapper-umount-when-resize2fs-command-failed.patch index f6d35e7..ee415ed 100644 --- a/0050-devicemapper-umount-when-resize2fs-command-failed.patch +++ b/0052-devicemapper-umount-when-resize2fs-command-failed.patch @@ -1,7 +1,7 @@ From adde17cdd844a51fa606c74a0f241c62dbf11a27 Mon Sep 17 00:00:00 2001 From: gaohuatao Date: Fri, 5 Mar 2021 23:13:31 -0500 -Subject: [PATCH 50/53] devicemapper: umount when resize2fs command failed +Subject: [PATCH 052/104] devicemapper: umount when resize2fs command failed Signed-off-by: gaohuatao --- diff --git a/0053-support-isula-exec-workdir.patch b/0053-support-isula-exec-workdir.patch new file mode 100644 index 0000000..332da54 --- /dev/null +++ b/0053-support-isula-exec-workdir.patch @@ -0,0 +1,174 @@ +From 4794f7a73a40e612c49d7c9f78fabaab0f9ab696 Mon Sep 17 00:00:00 2001 +From: WangFengTu +Date: Thu, 11 Mar 2021 11:51:37 +0800 +Subject: [PATCH 053/104] support isula exec --workdir + +Signed-off-by: WangFengTu +--- + src/api/services/containers/container.proto | 1 + + src/client/connect/grpc/grpc_containers_client.cc | 3 +++ + src/client/connect/protocol_type.c | 3 +++ + src/client/connect/protocol_type.h | 1 + + src/cmd/isula/stream/exec.c | 2 ++ + src/cmd/isula/stream/exec.h | 4 +++- + .../entry/connect/grpc/grpc_containers_service_private.cc | 3 +++ + src/daemon/modules/api/runtime_api.h | 1 + + src/daemon/modules/runtime/engines/engine.h | 1 + + src/daemon/modules/runtime/engines/lcr/lcr_rt_ops.c | 3 +++ + src/daemon/modules/service/service_container.c | 1 + + 11 files changed, 22 insertions(+), 1 deletion(-) + +diff --git a/src/api/services/containers/container.proto b/src/api/services/containers/container.proto +index efd085a1..d7adc506 100644 +--- a/src/api/services/containers/container.proto ++++ b/src/api/services/containers/container.proto +@@ -316,6 +316,7 @@ message ExecRequest { + repeated string env = 11; + string user = 12; + string suffix = 13; ++ string workdir = 14; + } + message ExecResponse { + int32 pid = 1; +diff --git a/src/client/connect/grpc/grpc_containers_client.cc b/src/client/connect/grpc/grpc_containers_client.cc +index ccde59a4..6661970b 100644 +--- a/src/client/connect/grpc/grpc_containers_client.cc ++++ b/src/client/connect/grpc/grpc_containers_client.cc +@@ -807,6 +807,9 @@ public: + grequest->set_attach_stdin(request->attach_stdin); + grequest->set_attach_stdout(request->attach_stdout); + grequest->set_attach_stderr(request->attach_stderr); ++ if (request->workdir != nullptr) { ++ grequest->set_workdir(request->workdir); ++ } + if (request->stdin != nullptr) { + grequest->set_stdin(request->stdin); + } +diff --git a/src/client/connect/protocol_type.c b/src/client/connect/protocol_type.c +index 94f682a8..3e5dafb1 100644 +--- a/src/client/connect/protocol_type.c ++++ b/src/client/connect/protocol_type.c +@@ -525,6 +525,9 @@ void isula_exec_request_free(struct isula_exec_request *request) + free(request->user); + request->user = NULL; + ++ free(request->workdir); ++ request->workdir = NULL; ++ + util_free_array_by_len(request->argv, request->argc); + request->argv = NULL; + request->argc = 0; +diff --git a/src/client/connect/protocol_type.h b/src/client/connect/protocol_type.h +index 32f55b51..62208d98 100644 +--- a/src/client/connect/protocol_type.h ++++ b/src/client/connect/protocol_type.h +@@ -332,6 +332,7 @@ struct isula_exec_request { + char **env; + int64_t timeout; + char *user; ++ char *workdir; + }; + + struct isula_exec_response { +diff --git a/src/cmd/isula/stream/exec.c b/src/cmd/isula/stream/exec.c +index d1d57268..3c8601f2 100644 +--- a/src/cmd/isula/stream/exec.c ++++ b/src/cmd/isula/stream/exec.c +@@ -65,6 +65,7 @@ static int fill_exec_request(const struct client_arguments *args, const struct c + } + + request->user = util_strdup_s(args->custom_conf.user); ++ request->workdir = util_strdup_s(args->custom_conf.workdir); + + if (util_dup_array_of_strings((const char **)args->argv, args->argc, &(request->argv), + (size_t *)(&request->argc)) != 0) { +@@ -327,6 +328,7 @@ static int remote_cmd_exec(const struct client_arguments *args, uint32_t *exit_c + request.attach_stdin = args->custom_conf.attach_stdin; + request.attach_stdout = args->custom_conf.attach_stdout; + request.attach_stderr = args->custom_conf.attach_stderr; ++ request.workdir = args->custom_conf.workdir; + + request.argc = args->argc; + request.argv = (char **)args->argv; +diff --git a/src/cmd/isula/stream/exec.h b/src/cmd/isula/stream/exec.h +index 1e54ab82..cd94d91f 100644 +--- a/src/cmd/isula/stream/exec.h ++++ b/src/cmd/isula/stream/exec.h +@@ -42,7 +42,9 @@ + 'u', \ + &(cmdargs).custom_conf.user, \ + "Username or UID (format: [:])", \ +- NULL }, ++ NULL }, \ ++ { CMD_OPT_TYPE_STRING_DUP, false, "workdir", 0, &(cmdargs).custom_conf.workdir, \ ++ "Working directory inside the container", NULL } + + extern const char g_cmd_exec_desc[]; + extern const char g_cmd_exec_usage[]; +diff --git a/src/daemon/entry/connect/grpc/grpc_containers_service_private.cc b/src/daemon/entry/connect/grpc/grpc_containers_service_private.cc +index 8e19f978..56283c8d 100644 +--- a/src/daemon/entry/connect/grpc/grpc_containers_service_private.cc ++++ b/src/daemon/entry/connect/grpc/grpc_containers_service_private.cc +@@ -359,6 +359,9 @@ int ContainerServiceImpl::exec_request_from_grpc(const ExecRequest *grequest, co + tmpreq->attach_stdout = grequest->attach_stdout(); + tmpreq->attach_stderr = grequest->attach_stderr(); + ++ if (!grequest->workdir().empty()) { ++ tmpreq->workdir = util_strdup_s(grequest->workdir().c_str()); ++ } + if (!grequest->stdin().empty()) { + tmpreq->stdin = util_strdup_s(grequest->stdin().c_str()); + } +diff --git a/src/daemon/modules/api/runtime_api.h b/src/daemon/modules/api/runtime_api.h +index dde21b91..1203cde5 100644 +--- a/src/daemon/modules/api/runtime_api.h ++++ b/src/daemon/modules/api/runtime_api.h +@@ -127,6 +127,7 @@ typedef struct _rt_exec_params_t { + const char *logpath; + const char *loglevel; + const char **console_fifos; ++ const char *workdir; + int64_t timeout; + const char *suffix; + defs_process *spec; +diff --git a/src/daemon/modules/runtime/engines/engine.h b/src/daemon/modules/runtime/engines/engine.h +index ced3cf22..7dd96f1e 100644 +--- a/src/daemon/modules/runtime/engines/engine.h ++++ b/src/daemon/modules/runtime/engines/engine.h +@@ -82,6 +82,7 @@ typedef struct _engine_exec_request_t { + + bool tty; + bool open_stdin; ++ const char *workdir; + } engine_exec_request_t; + + typedef bool (*engine_create_t)(const char *, const char *, void *); +diff --git a/src/daemon/modules/runtime/engines/lcr/lcr_rt_ops.c b/src/daemon/modules/runtime/engines/lcr/lcr_rt_ops.c +index 27c6a631..2ed2f31e 100644 +--- a/src/daemon/modules/runtime/engines/lcr/lcr_rt_ops.c ++++ b/src/daemon/modules/runtime/engines/lcr/lcr_rt_ops.c +@@ -390,6 +390,9 @@ int rt_lcr_exec(const char *id, const char *runtime, const rt_exec_params_t *par + if (params->spec != NULL) { + request.tty = params->spec->terminal; + } ++ if (params->workdir != NULL) { ++ request.workdir = params->workdir; ++ } + + if (!engine_ops->engine_exec_op(&request, exit_code)) { + const char *tmpmsg = NULL; +diff --git a/src/daemon/modules/service/service_container.c b/src/daemon/modules/service/service_container.c +index e1d698cd..ecf35821 100644 +--- a/src/daemon/modules/service/service_container.c ++++ b/src/daemon/modules/service/service_container.c +@@ -1777,6 +1777,7 @@ static int do_exec_container(const container_t *cont, const char *runtime, char + params.state = cont->state_path; + params.spec = process_spec; + params.attach_stdin = request->attach_stdin; ++ params.workdir = request->workdir; + + if (runtime_exec(cont->common_config->id, runtime, ¶ms, exit_code)) { + ERROR("Runtime exec container failed"); +-- +2.25.1 + diff --git a/0054-add-testcase-for-isula-exec-workdir.patch b/0054-add-testcase-for-isula-exec-workdir.patch new file mode 100644 index 0000000..6f3be62 --- /dev/null +++ b/0054-add-testcase-for-isula-exec-workdir.patch @@ -0,0 +1,72 @@ +From e6dfb82aaaee374f26538c11913233e4fb6037fe Mon Sep 17 00:00:00 2001 +From: WangFengTu +Date: Thu, 11 Mar 2021 15:05:46 +0800 +Subject: [PATCH 054/104] add testcase for isula exec --workdir + +Signed-off-by: WangFengTu +--- + CI/test_cases/container_cases/exec.sh | 52 +++++++++++++++++++++++++++ + 1 file changed, 52 insertions(+) + create mode 100755 CI/test_cases/container_cases/exec.sh + +diff --git a/CI/test_cases/container_cases/exec.sh b/CI/test_cases/container_cases/exec.sh +new file mode 100755 +index 00000000..28e27cfd +--- /dev/null ++++ b/CI/test_cases/container_cases/exec.sh +@@ -0,0 +1,52 @@ ++#!/bin/bash ++# ++# attributes: isulad exec ++# concurrent: YES ++# spend time: 1 ++ ++####################################################################### ++##- @Copyright (C) Huawei Technologies., Ltd. 2021. All rights reserved. ++# - iSulad licensed under the Mulan PSL v2. ++# - You can use this software according to the terms and conditions of the Mulan PSL v2. ++# - You may obtain a copy of Mulan PSL v2 at: ++# - http://license.coscl.org.cn/MulanPSL2 ++# - THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR ++# - IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR ++# - PURPOSE. ++# - See the Mulan PSL v2 for more details. ++##- @Description:CI ++##- @Author: wangfengtu ++##- @Create: 2021-03-09 ++####################################################################### ++ ++curr_path=$(dirname $(readlink -f "$0")) ++data_path=$(realpath $curr_path/../data) ++source ../helpers.sh ++test="exec test => test_exec" ++ ++function exec_workdir() ++{ ++ local ret=0 ++ ++ isula rm -f `isula ps -a -q` ++ ++ isula run -tid -n cont_workdir busybox sh ++ [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - failed to run container with --workdir" && ((ret++)) ++ ++ isula exec -ti --workdir /workdir cont_workdir pwd | grep "/workdir" ++ [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - workdir is not /workdir failed" && ((ret++)) ++ ++ isula rm -f `isula ps -a -q` ++ ++ return ${ret} ++} ++ ++declare -i ans=0 ++ ++msg_info "${test} starting..." ++ ++exec_workdir || ((ans++)) ++ ++msg_info "${test} finished with return ${ret}..." ++ ++show_result ${ans} "${curr_path}/${0}" +-- +2.25.1 + diff --git a/0051-ignore-to-create-mtab-when-runtime-is-kata-runtime.patch b/0055-ignore-to-create-mtab-when-runtime-is-kata-runtime.patch similarity index 94% rename from 0051-ignore-to-create-mtab-when-runtime-is-kata-runtime.patch rename to 0055-ignore-to-create-mtab-when-runtime-is-kata-runtime.patch index b59a934..5df92fd 100644 --- a/0051-ignore-to-create-mtab-when-runtime-is-kata-runtime.patch +++ b/0055-ignore-to-create-mtab-when-runtime-is-kata-runtime.patch @@ -1,7 +1,7 @@ From a24118b4382492e27415f25411fcaadef990b659 Mon Sep 17 00:00:00 2001 From: gaohuatao Date: Mon, 15 Mar 2021 09:49:10 -0400 -Subject: [PATCH 51/53] ignore to create mtab when runtime is kata-runtime +Subject: [PATCH 055/104] ignore to create mtab when runtime is kata-runtime Signed-off-by: gaohuatao --- diff --git a/0052-remove-unchecked-layer-ignore-rootfs-layer.patch b/0056-remove-unchecked-layer-ignore-rootfs-layer.patch similarity index 97% rename from 0052-remove-unchecked-layer-ignore-rootfs-layer.patch rename to 0056-remove-unchecked-layer-ignore-rootfs-layer.patch index 60b7ee7..e7ecb68 100644 --- a/0052-remove-unchecked-layer-ignore-rootfs-layer.patch +++ b/0056-remove-unchecked-layer-ignore-rootfs-layer.patch @@ -1,7 +1,7 @@ From 64b45885abf0c4b3563008d2be5d04b5ec8cd28d Mon Sep 17 00:00:00 2001 From: haozi007 Date: Thu, 18 Mar 2021 11:05:33 +0800 -Subject: [PATCH 52/53] remove unchecked layer ignore rootfs layer +Subject: [PATCH 056/104] remove unchecked layer ignore rootfs layer Signed-off-by: haozi007 --- diff --git a/0053-add-test-to-check-running-container-with-image-integ.patch b/0057-add-test-to-check-running-container-with-image-integ.patch similarity index 95% rename from 0053-add-test-to-check-running-container-with-image-integ.patch rename to 0057-add-test-to-check-running-container-with-image-integ.patch index fd60423..b552b22 100644 --- a/0053-add-test-to-check-running-container-with-image-integ.patch +++ b/0057-add-test-to-check-running-container-with-image-integ.patch @@ -1,7 +1,7 @@ From 19b3a0bfd08433d39a1115f2ad9ef3eaac006514 Mon Sep 17 00:00:00 2001 From: haozi007 Date: Thu, 18 Mar 2021 11:25:57 +0800 -Subject: [PATCH 53/53] add test to check running container with image +Subject: [PATCH 057/104] add test to check running container with image integration check Signed-off-by: haozi007 diff --git a/0054-fix-coredump-when-inspect-container-when-daemon-sets.patch b/0058-fix-coredump-when-inspect-container-when-daemon-sets.patch similarity index 91% rename from 0054-fix-coredump-when-inspect-container-when-daemon-sets.patch rename to 0058-fix-coredump-when-inspect-container-when-daemon-sets.patch index caa023e..e968506 100644 --- a/0054-fix-coredump-when-inspect-container-when-daemon-sets.patch +++ b/0058-fix-coredump-when-inspect-container-when-daemon-sets.patch @@ -1,8 +1,8 @@ From c720232af726a79d6c5527d8ca96f0acd9772730 Mon Sep 17 00:00:00 2001 From: wujing Date: Thu, 25 Mar 2021 16:44:45 +0800 -Subject: [PATCH] fix coredump when inspect container when daemon sets the - ulimit parameters +Subject: [PATCH 058/104] fix coredump when inspect container when daemon sets + the ulimit parameters Signed-off-by: wujing --- diff --git a/0059-Readme-add-related-resouces-in-readme.patch b/0059-Readme-add-related-resouces-in-readme.patch new file mode 100644 index 0000000..101bd32 --- /dev/null +++ b/0059-Readme-add-related-resouces-in-readme.patch @@ -0,0 +1,33 @@ +From 19b67eeb87d8c8ef2add632c6f9c3041272b67c2 Mon Sep 17 00:00:00 2001 +From: Li Feng +Date: Sat, 27 Mar 2021 10:00:03 +0800 +Subject: [PATCH 059/104] Readme: add related resouces in readme + +Signed-off-by: Li Feng +--- + README.md | 8 +++++++- + 1 file changed, 7 insertions(+), 1 deletion(-) + +diff --git a/README.md b/README.md +index 1dd3cf1a..68f35f34 100644 +--- a/README.md ++++ b/README.md +@@ -249,7 +249,13 @@ You can get more information about iSulad from our wikis, including roadmap, fea + + iSulad is licensed under the Mulan PSL v2. + ++## Related Resouces ++ ++- [bilibili videos](https://space.bilibili.com/527064077/video?keyword=iSulad) ++- [如何在openEuler树莓派镜像上部署k8s+iSula集群](https://my.oschina.net/openeuler/blog/4774838) ++- [基于openEuler搭建部署k8s](https://bbs.huaweicloud.com/forum/forum.php?mod=viewthread&tid=94271) ++ + ## Join us + You can join us on any of the following channels: + * Join our [mailing list](https://mailweb.openeuler.org/postorius/lists/isulad.openeuler.org/) +-* Join our Biweekly meeting at 16:30 pm on Tuesday (meeting link will be mailed at mailing list) ++* Join our Biweekly meeting at 16:30 pm on Tuesday (meeting link will be mailed at mailing list) +\ No newline at end of file +-- +2.25.1 + diff --git a/0060-update-docs-build_guide_zh.md.patch b/0060-update-docs-build_guide_zh.md.patch new file mode 100644 index 0000000..907223f --- /dev/null +++ b/0060-update-docs-build_guide_zh.md.patch @@ -0,0 +1,25 @@ +From 2d47bb3796bf3ff6b2cd66416fd1ae43a248b75f Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?=E8=AE=B8=E6=8C=AF=E6=B6=9B?= <970391472@qq.com> +Date: Tue, 30 Mar 2021 15:34:43 +0800 +Subject: [PATCH 060/104] update docs/build_guide_zh.md. + +--- + docs/build_guide_zh.md | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/docs/build_guide_zh.md b/docs/build_guide_zh.md +index 748701a3..d6621fcf 100644 +--- a/docs/build_guide_zh.md ++++ b/docs/build_guide_zh.md +@@ -24,7 +24,7 @@ $ sudo yum --enablerepo='*' install -y automake autoconf libtool cmake make libc + + ### Ubuntu的安装命令 + ```bash +-$ sudo apt install -y g++ libprotobuf-dev protobuf-compiler protobuf-compiler-grpc libgrpc++-dev libgrpc-dev libtool automake autoconf cmake make pkg-config libyajl-dev zlib1g-dev libselinux-dev libseccomp-dev libcap-dev libsystemd-dev git libcurl4-gnutls-dev openssl libdevmapper-dev python3 libtar libtar-dev ++$ sudo apt install -y g++ libprotobuf-dev protobuf-compiler protobuf-compiler-grpc libgrpc++-dev libgrpc-dev libtool automake autoconf cmake make pkg-config libyajl-dev zlib1g-dev libselinux-dev libseccomp-dev libcap-dev libsystemd-dev git libarchive libarchive-dev libcurl4-gnutls-dev openssl libdevmapper-dev python3 libtar libtar-dev + ``` + + ## 从源码构建和安装关键依赖 +-- +2.25.1 + diff --git a/0061-fix-health_check.sh-execute-failure.patch b/0061-fix-health_check.sh-execute-failure.patch new file mode 100644 index 0000000..4559d38 --- /dev/null +++ b/0061-fix-health_check.sh-execute-failure.patch @@ -0,0 +1,88 @@ +From 66c2bfda515a3e176cc9e65e3ef393acf1eb1502 Mon Sep 17 00:00:00 2001 +From: WangFengTu +Date: Thu, 1 Apr 2021 10:37:00 +0800 +Subject: [PATCH 061/104] fix health_check.sh execute failure + +Signed-off-by: WangFengTu +--- + CI/test_cases/container_cases/health_check.sh | 18 +++++++++--------- + 1 file changed, 9 insertions(+), 9 deletions(-) + +diff --git a/CI/test_cases/container_cases/health_check.sh b/CI/test_cases/container_cases/health_check.sh +index cc934fd8..c466b6f2 100755 +--- a/CI/test_cases/container_cases/health_check.sh ++++ b/CI/test_cases/container_cases/health_check.sh +@@ -38,20 +38,20 @@ function test_health_check_paraments() + + container_name="health_check_para" + isula run -itd -n ${container_name} --health-cmd 'echo "iSulad" ; exit 1' \ +- --health-interval 2s --health-retries 2 --health-start-period 2s --health-exit-on-unhealthy ${image} /bin/sh ++ --health-interval 5s --health-retries 2 --health-start-period 8s --health-exit-on-unhealthy ${image} /bin/sh + [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - failed to run container with image: ${image}" && ((ret++)) + + # start period : 2s => do health check => interval: 2s => do health check => exit on unhealthy + [[ $(isula inspect -f '{{.State.Status}}' ${container_name}) == "running" ]] + [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - incorrent container status: not running" && ((ret++)) + +- sleep 3 # finish first health check ++ sleep 13 # finish first health check + + # keep starting status with health check return non-zero at always until status change to unhealthy + [[ $(isula inspect -f '{{.State.Health.Status}}' ${container_name}) == "starting" ]] + [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - incorrent container health check status: not starting" && ((ret++)) + +- sleep 2 # finish second health check ++ sleep 6 # finish second health check + + [[ $(isula inspect -f '{{.State.Health.Status}}' ${container_name}) == "unhealthy" ]] + [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - incorrent container health check status: not unhealthy" && ((ret++)) +@@ -85,20 +85,20 @@ function test_health_check_normally() + [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - missing list image: ${image}" && ((ret++)) + + container_name="health_check_normally" +- isula run -itd -n ${container_name} --health-cmd 'date' --health-interval 2s ${image} /bin/sh ++ isula run -itd -n ${container_name} --health-cmd 'date' --health-interval 5s ${image} /bin/sh + [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - failed to run container with image: ${image}" && ((ret++)) + + # start period : 0s => interval: 2s => do health check => interval: 2s => do health check => ... + [[ $(isula inspect -f '{{.State.Status}}' ${container_name}) == "running" ]] + [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - incorrent container status: not running" && ((ret++)) + +- sleep 1 # Health check has been performed yet ++ sleep 2 # Health check has been performed yet + + # Initial status when the container is still starting + [[ $(isula inspect -f '{{.State.Health.Status}}' ${container_name}) == "starting" ]] + [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - incorrent container health check status: not starting" && ((ret++)) + +- sleep 2 # finish first health check ++ sleep 8 # finish first health check + # When the health check returns successfully, status immediately becomes healthy + [[ $(isula inspect -f '{{.State.Health.Status}}' ${container_name}) == "healthy" ]] + [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - incorrent container health check status: not healthy" && ((ret++)) +@@ -131,11 +131,11 @@ function test_health_check_timeout() + [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - missing list image: ${image}" && ((ret++)) + + container_name="health_check_timeout" +- isula run -itd -n ${container_name} --health-cmd 'sleep 5' --health-interval 2s --health-timeout 1s \ ++ isula run -itd -n ${container_name} --health-cmd 'sleep 5' --health-interval 5s --health-timeout 1s \ + --health-retries 1 --health-exit-on-unhealthy ${image} /bin/sh + [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - failed to run container with image: ${image}" && ((ret++)) + +- # start period : 0s => interval: 2s => do health check(1s timeout) => unhealthy(exited) ++ # start period : 0s => interval: 5s => do health check(1s timeout) => unhealthy(exited) + [[ $(isula inspect -f '{{.State.Status}}' ${container_name}) == "running" ]] + [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - incorrent container status: not running" && ((ret++)) + +@@ -145,7 +145,7 @@ function test_health_check_timeout() + [[ $(isula inspect -f '{{.State.Health.Status}}' ${container_name}) == "starting" ]] + [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - incorrent container health check status: not starting" && ((ret++)) + +- sleep 3 # finish first health check ++ sleep 7 # finish first health check + # The container process exits and the health check status becomes unhealthy + [[ $(isula inspect -f '{{.State.Health.Status}}' ${container_name}) == "unhealthy" ]] + [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - incorrent container health check status: not unhealthy" && ((ret++)) +-- +2.25.1 + diff --git a/0062-support-cgroup-v2.patch b/0062-support-cgroup-v2.patch new file mode 100644 index 0000000..e32bc4e --- /dev/null +++ b/0062-support-cgroup-v2.patch @@ -0,0 +1,488 @@ +From c00ee6acf534371c65455424d3e40d9394e96ec2 Mon Sep 17 00:00:00 2001 +From: WangFengTu +Date: Mon, 25 Jan 2021 10:14:56 +0800 +Subject: [PATCH 062/104] support cgroup v2 + +Signed-off-by: WangFengTu +--- + src/cmd/isula/extend/update.c | 4 + + src/cmd/isulad/main.c | 2 + + src/daemon/common/sysinfo.c | 312 ++++++++++++++++-- + .../executor/container_cb/execution_create.c | 2 - + src/daemon/modules/spec/verify.c | 16 +- + 5 files changed, 308 insertions(+), 28 deletions(-) + +diff --git a/src/cmd/isula/extend/update.c b/src/cmd/isula/extend/update.c +index 42cb8f21..a9b0fccf 100644 +--- a/src/cmd/isula/extend/update.c ++++ b/src/cmd/isula/extend/update.c +@@ -75,6 +75,10 @@ static isula_host_config_t *pack_update_request(const struct client_arguments *a + + host_config->cr->kernel_memory = args->cr.kernel_memory_limit; + ++ // make sure swappiness have default value -1 if not configed, so it ++ // will not fail even if kernel does not support swappiness. ++ host_config->cr->swappiness = args->cr.swappiness; ++ + return host_config; + + error_out: +diff --git a/src/cmd/isulad/main.c b/src/cmd/isulad/main.c +index cb2b71a2..47bd6e2c 100644 +--- a/src/cmd/isulad/main.c ++++ b/src/cmd/isulad/main.c +@@ -1483,6 +1483,8 @@ int main(int argc, char **argv) + + update_isulad_rlimits(); + ++ (void)get_sys_info(true); ++ + clock_gettime(CLOCK_MONOTONIC, &t_start); + + if (pre_init_daemon(argc, argv, &msg) != 0) { +diff --git a/src/daemon/common/sysinfo.c b/src/daemon/common/sysinfo.c +index 87ea47f4..bdd0dbad 100644 +--- a/src/daemon/common/sysinfo.c ++++ b/src/daemon/common/sysinfo.c +@@ -20,6 +20,9 @@ + #include + #include + #include ++#include ++#include ++#include + + #include "err_msg.h" + #include "isula_libutils/log.h" +@@ -28,7 +31,7 @@ + #include "utils_file.h" + #include "utils_string.h" + +-// Cgroup Item Definition ++// Cgroup V1 Item Definition + #define CGROUP_BLKIO_WEIGHT "blkio.weight" + #define CGROUP_BLKIO_WEIGHT_DEVICE "blkio.weight_device" + #define CGROUP_BLKIO_READ_BPS_DEVICE "blkio.throttle.read_bps_device" +@@ -49,6 +52,45 @@ + #define CGROUP_KENEL_MEMORY_LIMIT "memory.kmem.limit_in_bytes" + #define CGROUP_MEMORY_OOM_CONTROL "memory.oom_control" + ++// Cgroup V2 Item Definition ++#define CGROUP2_CPU_WEIGHT "cpu.weight" ++#define CGROUP2_CPU_MAX "cpu.max" ++#define CGROUP2_CPUSET_CPUS_EFFECTIVE "cpuset.cpus.effective" ++#define CGROUP2_CPUSET_MEMS_EFFECTIVE "cpuset.mems.effective" ++#define CGROUP2_CPUSET_CPUS "cpuset.cpus" ++#define CGROUP2_CPUSET_MEMS "cpuset.mems" ++#define CGROUP2_IO_WEIGHT "io.weight" ++#define CGROUP2_IO_BFQ_WEIGHT "io.bfq.weight" ++#define CGROUP2_IO_MAX "io.max" ++#define CGROUP2_MEMORY_MAX "memory.max" ++#define CGROUP2_MEMORY_LOW "memory.low" ++#define CGROUP2_MEMORY_SWAP_MAX "memory.swap.max" ++#define CGROUP2_HUGETLB_MAX "hugetlb.%s.max" ++#define CGROUP2_PIDS_MAX "pids.max" ++#define CGROUP2_FILES_LIMIT "files.limit" ++ ++#define CGROUP_MOUNTPOINT "/sys/fs/cgroup" ++#define CGROUP_ISULAD_PATH CGROUP_MOUNTPOINT"/isulad" ++#define DEFAULT_CGROUP_DIR_MODE 0755 ++#define DEFAULT_CGROUP_FILE_MODE 0644 ++#define CGROUP2_CONTROLLERS_PATH CGROUP_MOUNTPOINT"/cgroup.controllers" ++#define CGROUP2_SUBTREE_CONTROLLER_PATH CGROUP_MOUNTPOINT"/cgroup.subtree_control" ++#define CGROUP2_CPUSET_CPUS_EFFECTIVE_PATH CGROUP_MOUNTPOINT"/cpuset.cpus.effective" ++#define CGROUP2_CPUSET_MEMS_EFFECTIVE_PATH CGROUP_MOUNTPOINT"/cpuset.mems.effective" ++ ++#ifndef CGROUP2_SUPER_MAGIC ++#define CGROUP2_SUPER_MAGIC 0x63677270 ++#endif ++ ++#ifndef CGROUP_SUPER_MAGIC ++#define CGROUP_SUPER_MAGIC 0x27e0eb ++#endif ++ ++#define CGROUP_VERSION_1 1 ++#define CGROUP_VERSION_2 2 ++ ++static sysinfo_t *g_sysinfo = NULL; ++ + struct layer { + char **controllers; + char *mountpoint; +@@ -966,6 +1008,27 @@ free_out: + free(defaultpagesize); + } + ++static int get_cgroup_version() ++{ ++ struct statfs fs = {0}; ++ ++ if (statfs(CGROUP_MOUNTPOINT, &fs) != 0) { ++ ERROR("failed to statfs %s: %s", CGROUP_MOUNTPOINT, strerror(errno)); ++ return -1; ++ } ++ ++ if (fs.f_type == CGROUP2_SUPER_MAGIC) { ++ return CGROUP_VERSION_2; ++ } else { ++ return CGROUP_VERSION_1; ++ } ++} ++ ++static bool is_hugetlb_max(const char *name) ++{ ++ return util_has_prefix(name, "hugetlb.") && util_has_suffix(name, ".max"); ++} ++ + /* get huge page sizes */ + static char **get_huge_page_sizes() + { +@@ -975,11 +1038,17 @@ static char **get_huge_page_sizes() + char **hps = NULL; + DIR *dir = NULL; + struct dirent *info_archivo = NULL; ++ int cgroup_version = 0; + +- ret = find_cgroup_mountpoint_and_root("hugetlb", &hugetlbmp, NULL); +- if (ret != 0 || hugetlbmp == NULL) { +- ERROR("Hugetlb cgroup not supported"); +- return NULL; ++ cgroup_version = get_cgroup_version(); ++ if (cgroup_version == CGROUP_VERSION_2) { ++ hugetlbmp = util_strdup_s(CGROUP_ISULAD_PATH); ++ } else { ++ ret = find_cgroup_mountpoint_and_root("hugetlb", &hugetlbmp, NULL); ++ if (ret != 0 || hugetlbmp == NULL) { ++ ERROR("Hugetlb cgroup not supported"); ++ return NULL; ++ } + } + + dir = opendir(hugetlbmp); +@@ -994,9 +1063,15 @@ static char **get_huge_page_sizes() + char *pos = NULL; + char *dot2 = NULL; + +- contain = strstr(info_archivo->d_name, "limit_in_bytes"); +- if (contain == NULL) { +- continue; ++ if (cgroup_version == CGROUP_VERSION_2) { ++ if (!is_hugetlb_max(info_archivo->d_name)) { ++ continue; ++ } ++ } else { ++ contain = strstr(info_archivo->d_name, "limit_in_bytes"); ++ if (contain == NULL) { ++ continue; ++ } + } + + dup = util_strdup_s(info_archivo->d_name); +@@ -1151,28 +1226,16 @@ void free_sysinfo(sysinfo_t *sysinfo) + free(sysinfo); + } + +-/* get sys info */ +-sysinfo_t *get_sys_info(bool quiet) ++static int get_cgroup_info_v1(sysinfo_t *sysinfo, bool quiet) + { + struct layer **layers = NULL; +- sysinfo_t *sysinfo = NULL; +- bool ret = true; +- +- sysinfo = util_common_calloc_s(sizeof(sysinfo_t)); +- if (sysinfo == NULL) { +- ERROR("Out of memory"); +- return NULL; +- } + + layers = cgroup_layers_find(); + if (layers == NULL) { + ERROR("Failed to parse cgroup information"); +- ret = false; +- goto out; ++ return -1; + } + +- sysinfo->ncpus = get_nprocs(); +- + check_cgroup_mem(layers, quiet, &sysinfo->cgmeminfo); + check_cgroup_cpu(layers, quiet, &sysinfo->cgcpuinfo); + check_cgroup_hugetlb(layers, quiet, &sysinfo->hugetlbinfo); +@@ -1180,9 +1243,210 @@ sysinfo_t *get_sys_info(bool quiet) + check_cgroup_cpuset_info(layers, quiet, &sysinfo->cpusetinfo); + check_cgroup_pids(quiet, &sysinfo->pidsinfo); + check_cgroup_files(quiet, &sysinfo->filesinfo); +-out: ++ + free_layer(layers); +- if (!ret) { ++ ++ return 0; ++} ++ ++static int cgroup2_enable_all() ++{ ++ int ret = 0; ++ int nret = 0; ++ int n = 0; ++ size_t i = 0; ++ const char *space = ""; ++ char *controllers_str = NULL; ++ char *subtree_controller_str = NULL; ++ char **controllers = NULL; ++ char enable_controllers[PATH_MAX] = {0}; ++ ++ controllers_str = util_read_content_from_file(CGROUP2_CONTROLLERS_PATH); ++ if (controllers_str == NULL || strlen(controllers_str) == 0 || ++ strcmp(controllers_str, "\n") == 0) { ++ ERROR("read cgroup controllers failed"); ++ ret = -1; ++ goto out; ++ } ++ ++ subtree_controller_str = util_read_content_from_file(CGROUP2_SUBTREE_CONTROLLER_PATH); ++ if (subtree_controller_str != NULL && strcmp(controllers_str, subtree_controller_str) == 0) { ++ goto out; ++ } ++ ++ controllers = util_string_split(controllers_str, ' '); ++ if (controllers == NULL) { ++ ERROR("split %s failed", controllers_str); ++ ret = -1; ++ goto out; ++ } ++ ++ for (i = 0; i < util_array_len((const char **)controllers); i++) { ++ nret = snprintf(enable_controllers + n, PATH_MAX - n, "%s+%s", space, controllers[i]); ++ if (nret < 0 || (size_t)nret >= PATH_MAX - n) { ++ ERROR("Path is too long"); ++ goto out; ++ } ++ n += nret; ++ space = " "; ++ } ++ ret = util_write_file(CGROUP2_SUBTREE_CONTROLLER_PATH, enable_controllers, strlen(enable_controllers), ++ DEFAULT_CGROUP_FILE_MODE); ++ if (ret != 0) { ++ ERROR("write %s to %s failed: %s", enable_controllers, CGROUP2_SUBTREE_CONTROLLER_PATH, strerror(errno)); ++ goto out; ++ } ++ ++out: ++ util_free_array(controllers); ++ free(controllers_str); ++ free(subtree_controller_str); ++ ++ return ret; ++} ++ ++static int make_sure_cgroup2_isulad_path_exist() ++{ ++ int ret = 0; ++ ++ if (util_dir_exists(CGROUP_ISULAD_PATH)) { ++ return 0; ++ } ++ ++ if (cgroup2_enable_all() != 0) { ++ return -1; ++ } ++ ++ ret = mkdir(CGROUP_ISULAD_PATH, DEFAULT_CGROUP_DIR_MODE); ++ if (ret != 0 && (errno != EEXIST || !util_dir_exists(CGROUP_ISULAD_PATH))) { ++ return -1; ++ } ++ ++ return ret; ++} ++ ++static int get_cgroup_info_v2(sysinfo_t *sysinfo, bool quiet) ++{ ++ int ret = 0; ++ int nret = 0; ++ char *size = NULL; ++ char path[PATH_MAX] = {0}; ++ ++ if (make_sure_cgroup2_isulad_path_exist() != 0) { ++ return -1; ++ } ++ ++ // cpu cgroup ++ sysinfo->cgcpuinfo.cpu_shares = cgroup_enabled(CGROUP_ISULAD_PATH, CGROUP2_CPU_WEIGHT); ++ cgroup_do_log(quiet, !(sysinfo->cgcpuinfo.cpu_shares), "Your kernel does not support cgroup2 cpu weight"); ++ ++ sysinfo->cgcpuinfo.cpu_cfs_period = cgroup_enabled(CGROUP_ISULAD_PATH, CGROUP2_CPU_MAX); ++ sysinfo->cgcpuinfo.cpu_cfs_quota = sysinfo->cgcpuinfo.cpu_cfs_period; ++ cgroup_do_log(quiet, !(sysinfo->cgcpuinfo.cpu_cfs_period), "Your kernel does not support cgroup2 cpu max"); ++ ++ sysinfo->cpusetinfo.cpuset = cgroup_enabled(CGROUP_ISULAD_PATH, CGROUP2_CPUSET_CPUS_EFFECTIVE) && ++ cgroup_enabled(CGROUP_ISULAD_PATH, CGROUP2_CPUSET_CPUS) && ++ cgroup_enabled(CGROUP_ISULAD_PATH, CGROUP2_CPUSET_MEMS_EFFECTIVE) && ++ cgroup_enabled(CGROUP_ISULAD_PATH, CGROUP2_CPUSET_MEMS); ++ cgroup_do_log(quiet, !(sysinfo->cpusetinfo.cpuset), "Your kernel does not support cpuset"); ++ if (sysinfo->cpusetinfo.cpuset) { ++ sysinfo->cpusetinfo.cpus = util_read_content_from_file(CGROUP2_CPUSET_CPUS_EFFECTIVE_PATH); ++ sysinfo->cpusetinfo.mems = util_read_content_from_file(CGROUP2_CPUSET_MEMS_EFFECTIVE_PATH); ++ if (sysinfo->cpusetinfo.cpus == NULL || sysinfo->cpusetinfo.mems == NULL) { ++ ERROR("read cpus or mems failed"); ++ return -1; ++ } ++ sysinfo->cpusetinfo.cpus = util_trim_space(sysinfo->cpusetinfo.cpus); ++ sysinfo->cpusetinfo.mems = util_trim_space(sysinfo->cpusetinfo.mems); ++ } ++ ++ // io cgroup ++ sysinfo->blkioinfo.blkio_weight = cgroup_enabled(CGROUP_ISULAD_PATH, CGROUP2_IO_BFQ_WEIGHT) || ++ cgroup_enabled(CGROUP_ISULAD_PATH, CGROUP2_IO_WEIGHT); ++ sysinfo->blkioinfo.blkio_weight_device = sysinfo->blkioinfo.blkio_weight; ++ cgroup_do_log(quiet, !(sysinfo->blkioinfo.blkio_weight), "Your kernel does not support cgroup2 io weight"); ++ ++ sysinfo->blkioinfo.blkio_read_bps_device = cgroup_enabled(CGROUP_ISULAD_PATH, CGROUP2_IO_MAX); ++ sysinfo->blkioinfo.blkio_write_bps_device = sysinfo->blkioinfo.blkio_read_bps_device; ++ sysinfo->blkioinfo.blkio_read_iops_device = sysinfo->blkioinfo.blkio_read_bps_device; ++ sysinfo->blkioinfo.blkio_write_iops_device = sysinfo->blkioinfo.blkio_read_bps_device; ++ cgroup_do_log(quiet, !(sysinfo->blkioinfo.blkio_read_bps_device), "Your kernel does not support cgroup2 io max"); ++ ++ // memory cgroup ++ sysinfo->cgmeminfo.limit = cgroup_enabled(CGROUP_ISULAD_PATH, CGROUP2_MEMORY_MAX); ++ cgroup_do_log(quiet, !(sysinfo->cgmeminfo.limit), "Your kernel does not support cgroup2 memory max"); ++ ++ sysinfo->cgmeminfo.reservation = cgroup_enabled(CGROUP_ISULAD_PATH, CGROUP2_MEMORY_LOW); ++ cgroup_do_log(quiet, !(sysinfo->cgmeminfo.reservation), "Your kernel does not support cgroup2 memory low"); ++ ++ sysinfo->cgmeminfo.swap = cgroup_enabled(CGROUP_ISULAD_PATH, CGROUP2_MEMORY_SWAP_MAX); ++ cgroup_do_log(quiet, !(sysinfo->cgmeminfo.swap), "Your kernel does not support cgroup2 memory swap max"); ++ ++ // pids cgroup ++ sysinfo->pidsinfo.pidslimit = cgroup_enabled(CGROUP_ISULAD_PATH, CGROUP2_PIDS_MAX); ++ cgroup_do_log(quiet, !(sysinfo->pidsinfo.pidslimit), "Your kernel does not support cgroup2 pids max"); ++ ++ // hugetlb cgroup ++ size = get_default_huge_page_size(); ++ if (size != NULL) { ++ nret = snprintf(path, sizeof(path), CGROUP2_HUGETLB_MAX, size); ++ if (nret < 0 || (size_t)nret >= sizeof(path)) { ++ WARN("Failed to print hugetlb path"); ++ ret = -1; ++ goto out; ++ } ++ sysinfo->hugetlbinfo.hugetlblimit = cgroup_enabled(CGROUP_ISULAD_PATH, path); ++ cgroup_do_log(quiet, !sysinfo->hugetlbinfo.hugetlblimit, "Your kernel does not support cgroup2 hugetlb limit"); ++ } else { ++ WARN("Your kernel does not support cgroup2 hugetlb limit"); ++ } ++ ++ // files cgroup ++ sysinfo->filesinfo.fileslimit = cgroup_enabled(CGROUP_ISULAD_PATH, CGROUP2_FILES_LIMIT); ++ cgroup_do_log(quiet, !(sysinfo->filesinfo.fileslimit), "Your kernel does not support cgroup2 files limit"); ++ ++out: ++ free(size); ++ ++ return ret; ++} ++ ++/* get sys info */ ++sysinfo_t *get_sys_info(bool quiet) ++{ ++ int cgroup_version = 0; ++ sysinfo_t *sysinfo = NULL; ++ int ret = 0; ++ ++ if (g_sysinfo != NULL) { ++ return g_sysinfo; ++ } ++ ++ sysinfo = util_common_calloc_s(sizeof(sysinfo_t)); ++ if (sysinfo == NULL) { ++ ERROR("Out of memory"); ++ return NULL; ++ } ++ ++ sysinfo->ncpus = get_nprocs(); ++ ++ cgroup_version = get_cgroup_version(); ++ if (cgroup_version < 0) { ++ ret = -1; ++ goto out; ++ } ++ ++ if (cgroup_version == CGROUP_VERSION_1) { ++ ret = get_cgroup_info_v1(sysinfo, quiet); ++ } else { ++ ret = get_cgroup_info_v2(sysinfo, quiet); ++ } ++ if (ret != 0) { ++ goto out; ++ } ++ g_sysinfo = sysinfo; ++out: ++ if (ret != 0) { + free_sysinfo(sysinfo); + sysinfo = NULL; + } +diff --git a/src/daemon/executor/container_cb/execution_create.c b/src/daemon/executor/container_cb/execution_create.c +index acad7fe3..9136348e 100644 +--- a/src/daemon/executor/container_cb/execution_create.c ++++ b/src/daemon/executor/container_cb/execution_create.c +@@ -908,7 +908,6 @@ static int adapt_host_spec(host_config *host_spec) + } + + out: +- free_sysinfo(sysinfo); + return ret; + } + +@@ -1292,7 +1291,6 @@ static int cpurt_controller_init(const char *cgroups_path) + ret = do_init_cpurt_cgroups_path(dirpath, 0, mnt_root, cpu_rt_period, cpu_rt_runtime); + + out: +- free_sysinfo(sysinfo); + free(mnt_root); + free(dup); + return ret; +diff --git a/src/daemon/modules/spec/verify.c b/src/daemon/modules/spec/verify.c +index cef95065..2a73f7c1 100644 +--- a/src/daemon/modules/spec/verify.c ++++ b/src/daemon/modules/spec/verify.c +@@ -425,6 +425,20 @@ static int verify_cpu_cfs_period(const sysinfo_t *sysinfo, int64_t cpu_cfs_perio + ret = -1; + goto out; + } ++ ++ if (cpu_cfs_period > 0 && cpu_cfs_period < 1000) { ++ ERROR("CPU cfs period can not be less than 1ms (i.e. 1000)"); ++ isulad_set_error_message("CPU cfs period can not be less than 1ms (i.e. 1000)"); ++ ret = -1; ++ goto out; ++ } ++ ++ if (cpu_cfs_period > 1000000) { ++ ERROR("CPU cfs period can not be more than 1s (i.e. 1000000)"); ++ isulad_set_error_message("CPU cfs period can not be more than 1s (i.e. 1000000)"); ++ ret = -1; ++ goto out; ++ } + out: + return ret; + } +@@ -1600,7 +1614,6 @@ int verify_container_settings(const oci_runtime_spec *container) + } + + out: +- free_sysinfo(sysinfo); + return ret; + } + +@@ -1980,7 +1993,6 @@ static int host_config_settings_with_sysinfo(host_config *hostconfig, bool updat + } + + out: +- free_sysinfo(sysinfo); + return ret; + } + +-- +2.25.1 + diff --git a/0063-add-testcases-for-cgroup-v2.patch b/0063-add-testcases-for-cgroup-v2.patch new file mode 100644 index 0000000..5aca5de --- /dev/null +++ b/0063-add-testcases-for-cgroup-v2.patch @@ -0,0 +1,785 @@ +From 4822231b594762cf3301518ef0bff0396584b493 Mon Sep 17 00:00:00 2001 +From: WangFengTu +Date: Mon, 8 Feb 2021 14:32:46 +0800 +Subject: [PATCH 063/104] add testcases for cgroup v2 + +Signed-off-by: WangFengTu +--- + CI/test_cases/manual_cases/cgroupv2.sh | 765 +++++++++++++++++++++++++ + 1 file changed, 765 insertions(+) + create mode 100755 CI/test_cases/manual_cases/cgroupv2.sh + +diff --git a/CI/test_cases/manual_cases/cgroupv2.sh b/CI/test_cases/manual_cases/cgroupv2.sh +new file mode 100755 +index 00000000..bd1dc482 +--- /dev/null ++++ b/CI/test_cases/manual_cases/cgroupv2.sh +@@ -0,0 +1,765 @@ ++#!/bin/bash ++# ++# attributes: isulad cgroupv2 ++# concurrent: YES ++# spend time: 15 ++ ++####################################################################### ++##- @Copyright (C) Huawei Technologies., Ltd. 2020. All rights reserved. ++# - iSulad licensed under the Mulan PSL v2. ++# - You can use this software according to the terms and conditions of the Mulan PSL v2. ++# - You may obtain a copy of Mulan PSL v2 at: ++# - http://license.coscl.org.cn/MulanPSL2 ++# - THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR ++# - IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR ++# - PURPOSE. ++# - See the Mulan PSL v2 for more details. ++##- @Description:CI ++##- @Author: wangfengtu ++##- @Create: 2021-01-26 ++####################################################################### ++ ++declare -r curr_path=$(dirname $(readlink -f "$0")) ++source ../helpers.sh ++test="cgroupv2 test => test_cgroupv2" ++cgroupv2=0 ++cgroup2_update="cgroup2_update" ++ ++function test_cgroup2_cpu() ++{ ++ local ret=0 ++ ++ if [[ -f /sys/fs/cgroup/isulad/cpu.weight ]];then ++ # min value ++ isula run -ti --rm --cpu-shares 2 busybox cat /sys/fs/cgroup/cpu.weight | grep ^1$'\r' ++ [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - cgroup2 cpu.weight min value failed" && ((ret++)) ++ ++ # max value ++ isula run -ti --rm --cpu-shares 262144 busybox cat /sys/fs/cgroup/cpu.weight | grep ^10000$'\r' ++ [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - cgroup2 cpu.weight max value failed" && ((ret++)) ++ ++ # invalid value ++ isula run -ti --rm --cpu-shares -1 busybox echo hello ++ [[ $? -eq 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - cgroup2 cpu.weight -1 failed" && ((ret++)) ++ ++ # default value ++ isula run -ti --rm --cpu-shares 0 busybox cat /sys/fs/cgroup/cpu.weight | grep ^100$'\r' ++ [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - cgroup2 cpu.weight default value failed" && ((ret++)) ++ fi ++ ++ if [[ -f /sys/fs/cgroup/isulad/cpu.max ]];then ++ # normal value ++ isula run -ti --rm --cpu-quota 50000 --cpu-period 12345 busybox cat /sys/fs/cgroup/cpu.max | grep ^"50000 12345"$'\r' ++ [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - cgroup2 cpu.max normal value failed" && ((ret++)) ++ ++ # invalid min period ++ isula run -ti --rm --cpu-quota 50000 --cpu-period 999 busybox echo hello ++ [[ $? -eq 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - cgroup2 cpu.max invalid min period failed" && ((ret++)) ++ ++ # invalid max period ++ isula run -ti --rm --cpu-quota 50000 --cpu-period 1000001 busybox echo hello ++ [[ $? -eq 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - cgroup2 cpu.max invalid max period failed" && ((ret++)) ++ ++ # invalid quota ++ isula run -ti --rm --cpu-quota 999 --cpu-period 1000000 busybox echo hello ++ [[ $? -eq 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - cgroup2 cpu.max invalid quota failed" && ((ret++)) ++ ++ # default 0 quota ++ isula run -ti --rm --cpu-quota 0 --cpu-period 1000000 busybox cat /sys/fs/cgroup/cpu.max | grep ^"max 1000000"$'\r' ++ [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - cgroup2 cpu.max default 0 quota failed" && ((ret++)) ++ ++ # default -1 quota ++ isula run -ti --rm --cpu-quota -1 --cpu-period 1000000 busybox cat /sys/fs/cgroup/cpu.max | grep ^"max 1000000"$'\r' ++ [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - cgroup2 cpu.max default -1 quota failed" && ((ret++)) ++ ++ # cpus 1 ++ isula run -ti --rm --cpus 1 busybox cat /sys/fs/cgroup/cpu.max | grep ^"100000 100000"$'\r' ++ [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - cgroup2 cpu.max cpus 1 failed" && ((ret++)) ++ ++ # cpus 0 ++ isula run -ti --rm --cpus 0 busybox cat /sys/fs/cgroup/cpu.max | grep ^"max 100000"$'\r' ++ [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - cgroup2 cpu.max cpus 0 failed" && ((ret++)) ++ fi ++ ++ if [[ -f /sys/fs/cgroup/isulad/cpuset.cpus.effective ]];then ++ # normal value ++ isula run -tid -n cpuset --cpuset-cpus 0 --cpuset-mems 0 busybox sh ++ [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - cgroup2 cpuset run container failed" && ((ret++)) ++ ++ isula exec -ti cpuset cat /sys/fs/cgroup/cpuset.cpus | grep ^0$'\r' ++ [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - cgroup2 cpuset value not right" && ((ret++)) ++ ++ isula exec -ti cpuset cat /sys/fs/cgroup/cpuset.mems | grep ^0$'\r' ++ [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - cgroup2 cpuset value not right" && ((ret++)) ++ ++ isula rm -f cpuset ++ [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - cgroup2 cpuset remove container failed" && ((ret++)) ++ ++ # invalid cpus -1 value ++ isula run -tid -n cpuset --cpuset-cpus -1 busybox sh ++ [[ $? -eq 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - cgroup2 cpuset cpus invalid -1 failed" && ((ret++)) ++ ++ # invalid cpus 100000 value ++ isula run -tid -n cpuset --cpuset-cpus 100000 busybox sh ++ [[ $? -eq 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - cgroup2 cpuset cpus invalid 100000 failed" && ((ret++)) ++ ++ # invalid mems -1 value ++ isula run -tid -n cpuset --cpuset-mems -1 busybox sh ++ [[ $? -eq 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - cgroup2 cpuset mems invalid -1 failed" && ((ret++)) ++ ++ # invalid mems 100000 value ++ isula run -tid -n cpuset --cpuset-mems 100000 busybox sh ++ [[ $? -eq 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - cgroup2 cpuset mems invalid 100000 failed" && ((ret++)) ++ fi ++ ++ return ${ret} ++} ++ ++function test_cgroup2_io() ++{ ++ local ret=0 ++ ++ if [[ -f "/sys/fs/cgroup/isulad/io.bfq.weight" ]];then ++ # min value ++ isula run -ti --rm --blkio-weight 10 busybox cat "/sys/fs/cgroup/io.bfq.weight" | grep 1$'\r' ++ [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - cgroup2 io.bfq.weight min value failed" && ((ret++)) ++ ++ # max value ++ isula run -ti --rm --blkio-weight 1000 busybox cat "/sys/fs/cgroup/io.bfq.weight" | grep 1000$'\r' ++ [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - cgroup2 io.bfq.weight max value failed" && ((ret++)) ++ ++ # default value ++ isula run -ti --rm --blkio-weight 0 busybox cat "/sys/fs/cgroup/io.bfq.weight" | grep 100$'\r' ++ [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - cgroup2 io.bfq.weight default value failed" && ((ret++)) ++ ++ # invalid value ++ isula run -ti --rm --blkio-weight -1 busybox echo hello ++ [[ $? -eq 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - cgroup2 io.bfq.weight -1 failed" && ((ret++)) ++ fi ++ ++ if [[ -f "/sys/fs/cgroup/isulad/io.bfq.weight_device" ]];then ++ # min value ++ isula run -ti --rm --blkio-weight-device /dev/null:10 busybox cat "/sys/fs/cgroup/io.bfq.weight_device" | grep ^"1:3 10"$'\r' ++ [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - cgroup2 io.bfq.weight_device max value failed" && ((ret++)) ++ ++ # max value ++ isula run -ti --rm --blkio-weight-device /dev/null:1000 busybox cat "/sys/fs/cgroup/io.bfq.weight_device" | grep ^"1:3 10000"$'\r' ++ [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - cgroup2 io.bfq.weight_device max value failed" && ((ret++)) ++ ++ # disable weight device ++ isula run -tid -n weight_device --rm --blkio-weight-device /dev/null:0 busybox sh ++ [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - cgroup2 io.bfq.weight_device failed" && ((ret++)) ++ ++ isula exec -ti weight_device cat "/sys/fs/cgroup/io.bfq.weight_device" | grep "1:3" ++ [[ $? -eq 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - cgroup2 io.bfq.weight_device disable failed" && ((ret++)) ++ ++ isula rm -f weight_device ++ [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - cgroup2 io.bfq.weight_device remove container failed" && ((ret++)) ++ fi ++ ++ if [[ -f "/sys/fs/cgroup/isulad/io.weight" ]];then ++ # min value ++ isula run -ti --rm --blkio-weight 10 busybox cat "/sys/fs/cgroup/io.weight" | grep ^"default 1"$'\r' ++ [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - cgroup2 io.weight min value failed" && ((ret++)) ++ ++ # max value ++ isula run -ti --rm --blkio-weight 1000 busybox cat "/sys/fs/cgroup/io.weight" | grep ^"default 10000"$'\r' ++ [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - cgroup2 io.weight max value failed" && ((ret++)) ++ ++ # default value ++ isula run -ti --rm --blkio-weight 0 busybox cat "/sys/fs/cgroup/io.weight" | grep ^"default 100"$'\r' ++ [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - cgroup2 io.weight default value failed" && ((ret++)) ++ ++ # invalid value ++ isula run -ti --rm --blkio-weight -1 busybox echo hello ++ [[ $? -eq 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - cgroup2 io.weight -1 failed" && ((ret++)) ++ fi ++ ++ if [[ -f "/sys/fs/cgroup/isulad/io.weight_device" ]];then ++ # min value ++ isula run -ti --rm --blkio-weight-device /dev/null:10 busybox cat "/sys/fs/cgroup/io.weight_device" | grep ^"1:3 10"$'\r' ++ [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - cgroup2 io.weight max value failed" && ((ret++)) ++ ++ # max value ++ isula run -ti --rm --blkio-weight-device /dev/null:1000 busybox cat "/sys/fs/cgroup/io.weight_device" | grep ^"1:3 10000"$'\r' ++ [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - cgroup2 io.weight max value failed" && ((ret++)) ++ ++ # disable weight device ++ isula run -tid -n weight_device --rm --blkio-weight-device /dev/null:0 busybox sh ++ [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - cgroup2 io.weight failed" && ((ret++)) ++ ++ isula exec -ti weight_device cat "/sys/fs/cgroup/io.weight_device" | grep ^"1:3"$'\r' ++ [[ $? -eq 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - cgroup2 io.weight disable failed" && ((ret++)) ++ ++ isula rm -f weight_device ++ [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - cgroup2 io.weight remove container failed" && ((ret++)) ++ fi ++ ++ if [[ -f /sys/fs/cgroup/isulad/io.max ]];then ++ # normal value ++ isula run -ti --rm --device-read-bps /dev/null:1g --device-read-iops /dev/null:1000 --device-write-bps /dev/null:2g --device-write-iops /dev/null:2000 busybox cat /sys/fs/cgroup/io.max | grep ^"1:3 rbps=1073741824 wbps=2147483648 riops=1000 wiops=2000"$'\r' ++ [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - cgroup2 io.max failed" && ((ret++)) ++ ++ # invalid ++ isula run -ti --rm --device-read-bps /dev/null:-1 busybox echo hello ++ [[ $? -eq 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - cgroup2 io.max -1 failed" && ((ret++)) ++ ++ # 0 is no limit ++ isula run -ti --rm --device-read-bps /dev/null:0 --device-read-iops /dev/null:0 --device-write-bps /dev/null:0 --device-write-iops /dev/null:0 busybox echo hello ++ [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - cgroup2 io.max 0 failed" && ((ret++)) ++ fi ++ ++ return ${ret} ++} ++ ++function test_cgroup2_memory() ++{ ++ local ret=0 ++ ++ if [[ -f /sys/fs/cgroup/isulad/memory.max ]];then ++ # normal value ++ isula run -ti --rm -m 10m busybox cat /sys/fs/cgroup/memory.max | grep ^10485760$'\r' ++ [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - cgroup2 memory.max run container failed" && ((ret++)) ++ ++ # 0 is max ++ isula run -ti --rm -m 0 busybox cat /sys/fs/cgroup/memory.max | grep ^max$'\r' ++ [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - cgroup2 memory.max 0 failed" && ((ret++)) ++ ++ # invalid ++ isula run -ti --rm -m -1 busybox echo hello ++ [[ $? -eq 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - cgroup2 memory.max -1 failed" && ((ret++)) ++ fi ++ ++ if [[ -f /sys/fs/cgroup/isulad/memory.low ]];then ++ # normal value ++ isula run -ti --rm --memory-reservation 10m busybox cat /sys/fs/cgroup/memory.low | grep ^10485760$'\r' ++ [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - cgroup2 memory.low normal value failed" && ((ret++)) ++ ++ # -1 is invalid ++ isula run -ti --rm --memory-reservation -1 busybox echo hello ++ [[ $? -eq 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - cgroup2 memory.low invalid failed" && ((ret++)) ++ ++ # 0 ++ isula run -ti --rm --memory-reservation 0 busybox cat /sys/fs/cgroup/memory.low | grep ^0$'\r' ++ [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - cgroup2 memory.low 0 failed" && ((ret++)) ++ fi ++ ++ if [[ -f /sys/fs/cgroup/isulad/memory.swap.max ]];then ++ # normal value ++ isula run -ti --rm --memory 10m --memory-swap 20m busybox cat /sys/fs/cgroup/memory.swap.max | grep ^10485760$'\r' ++ [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - cgroup2 memory.swap.max normal value failed" && ((ret++)) ++ ++ # invalid ++ isula run -ti --rm --memory 10m --memory-swap 5m busybox echo hello ++ [[ $? -eq 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - cgroup2 memory.swap.max invalid failed" && ((ret++)) ++ ++ # 0 is the same as memory ++ isula run -ti --rm --memory 10m --memory-swap 0 busybox cat /sys/fs/cgroup/memory.swap.max | grep ^10485760$'\r' ++ [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - cgroup2 memory.swap.max 0 failed" && ((ret++)) ++ ++ # -1 is max ++ isula run -ti --rm --memory 10m --memory-swap -1 busybox cat /sys/fs/cgroup/memory.swap.max | grep ^max$'\r' ++ [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - cgroup2 memory.swap.max -1 failed" && ((ret++)) ++ ++ # disable swap ++ isula run -ti --rm --memory 10m --memory-swap 10m busybox cat /sys/fs/cgroup/memory.swap.max | grep ^0$'\r' ++ [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - cgroup2 memory.swap.max disable swap failed" && ((ret++)) ++ fi ++ ++ return ${ret} ++} ++ ++function test_cgroup2_pids() ++{ ++ local ret=0 ++ ++ if [[ -f /sys/fs/cgroup/isulad/pids.max ]];then ++ # normal value ++ isula run -ti --rm --pids-limit 123456 busybox cat /sys/fs/cgroup/pids.max | grep ^123456$'\r' ++ [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - cgroup2 pids.max run container failed" && ((ret++)) ++ ++ # -1 is max ++ isula run -ti --rm --pids-limit -1 busybox cat /sys/fs/cgroup/pids.max | grep ^max$'\r' ++ [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - cgroup2 pids.max run container failed" && ((ret++)) ++ ++ # 0 is max ++ isula run -ti --rm --pids-limit 0 busybox cat /sys/fs/cgroup/pids.max | grep ^max$'\r' ++ [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - cgroup2 pids.max run container failed" && ((ret++)) ++ fi ++ ++ return ${ret} ++} ++ ++function test_cgroup2_hugetlb() ++{ ++ local ret=0 ++ ++ if [[ -f /sys/fs/cgroup/isulad/hugetlb.2MB.max ]];then ++ isula run -ti --rm --hugetlb-limit 2M:32M busybox cat /sys/fs/cgroup/hugetlb.2MB.max | grep ^33554432$'\r' ++ [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - cgroup2 hugetlb.2M.max run container failed" && ((ret++)) ++ fi ++ ++ return ${ret} ++} ++ ++function test_cgroup2_freeze() ++{ ++ local ret=0 ++ ++ if [[ -f /sys/fs/cgroup/isulad/cgroup.freeze ]];then ++ isula run -tid -n freeze busybox sh ++ [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - cgroup2 freeze run container failed" && ((ret++)) ++ ++ isula pause freeze ++ [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - cgroup2 freeze pause container failed" && ((ret++)) ++ ++ isula exec -ti freeze echo hello ++ [[ $? -eq 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - cgroup2 freeze pause take no effect" && ((ret++)) ++ ++ isula unpause freeze ++ [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - cgroup2 freeze unpause container failed" && ((ret++)) ++ ++ isula exec -ti freeze echo hello ++ [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - cgroup2 freeze unpause take no effect" && ((ret++)) ++ ++ isula rm -f freeze ++ [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - cgroup2 freeze remove container failed" && ((ret++)) ++ fi ++ ++ return ${ret} ++} ++ ++function test_cgroup2_files() ++{ ++ local ret=0 ++ ++ if [[ -f /sys/fs/cgroup/isulad/files.limit ]];then ++ # normal value ++ isula run -ti --rm --files-limit 123 busybox cat /sys/fs/cgroup/files.limit | grep ^123$'\r' ++ [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - cgroup2 files.limit run container failed" && ((ret++)) ++ ++ # -1 is max ++ isula run -ti --rm --files-limit -1 busybox cat /sys/fs/cgroup/files.limit | grep ^max$'\r' ++ [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - cgroup2 files.limit run container failed" && ((ret++)) ++ ++ # 0 is max ++ isula run -ti --rm --files-limit 0 busybox cat /sys/fs/cgroup/files.limit | grep ^max$'\r' ++ [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - cgroup2 files.limit run container failed" && ((ret++)) ++ fi ++ ++ return ${ret} ++} ++ ++function test_cgroup2_cpu_update() ++{ ++ local ret=0 ++ ++ if [[ -f /sys/fs/cgroup/isulad/cpu.weight ]];then ++ # min value ++ isula update --cpu-shares 2 $cgroup2_update ++ [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - cgroup2 update cpu.weight min value failed" && ((ret++)) ++ ++ isula exec -ti $cgroup2_update cat /sys/fs/cgroup/cpu.weight | grep ^1$'\r' ++ [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - cgroup2 update cpu.weight min value not right" && ((ret++)) ++ ++ # max value ++ isula update --cpu-shares 262144 $cgroup2_update ++ [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - cgroup2 update cpu.weight max value failed" && ((ret++)) ++ ++ isula exec -ti $cgroup2_update cat /sys/fs/cgroup/cpu.weight | grep ^10000$'\r' ++ [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - cgroup2 update cpu.weight max value not right" && ((ret++)) ++ ++ # 0 means not change ++ isula update --cpu-shares 0 $cgroup2_update ++ [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - cgroup2 update cpu.weight 0 failed" && ((ret++)) ++ ++ isula exec -ti $cgroup2_update cat /sys/fs/cgroup/cpu.weight | grep ^10000$'\r' ++ [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - cgroup2 update cpu.weight 0 not right" && ((ret++)) ++ ++ # invalid value ++ isula update --cpu-shares -1 $cgroup2_update ++ [[ $? -eq 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - cgroup2 update cpu.weight -1 failed" && ((ret++)) ++ fi ++ ++ if [[ -f /sys/fs/cgroup/isulad/cpu.max ]];then ++ # normal value ++ isula update --cpu-quota 50000 --cpu-period 12345 $cgroup2_update ++ [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - cgroup2 update cpu.max normal value failed" && ((ret++)) ++ ++ isula exec -ti $cgroup2_update cat /sys/fs/cgroup/cpu.max | grep ^"50000 12345"$'\r' ++ [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - cgroup2 update cpu.max normal value not right" && ((ret++)) ++ ++ # invalid min period ++ isula update --cpu-quota 50000 --cpu-period 999 $cgroup2_update ++ [[ $? -eq 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - cgroup2 update cpu.max invalid min period failed" && ((ret++)) ++ ++ # invalid max period ++ isula update --cpu-quota 50000 --cpu-period 1000001 $cgroup2_update ++ [[ $? -eq 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - cgroup2 update cpu.max invalid max period failed" && ((ret++)) ++ ++ # invalid quota ++ isula update --cpu-quota 999 --cpu-period 1000000 $cgroup2_update ++ [[ $? -eq 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - cgroup2 update cpu.max invalid quota failed" && ((ret++)) ++ ++ # default 0 quota ++ isula update --cpu-quota 0 --cpu-period 1000000 $cgroup2_update ++ [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - cgroup2 update cpu.max 0 quota failed" && ((ret++)) ++ ++ isula exec -ti $cgroup2_update cat /sys/fs/cgroup/cpu.max | grep ^"max 1000000"$'\r' ++ [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - cgroup2 update cpu.max 0 quota value not right" && ((ret++)) ++ ++ # default -1 quota ++ isula update --cpu-quota -1 --cpu-period 1000000 $cgroup2_update ++ [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - cgroup2 update cpu.max -1 quota failed" && ((ret++)) ++ ++ isula exec -ti $cgroup2_update cat /sys/fs/cgroup/cpu.max | grep ^"max 1000000"$'\r' ++ [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - cgroup2 update cpu.max -1 quota value not right" && ((ret++)) ++ ++ # cpus 1 ++ isula run -tid -n cpu_update busybox sh ++ [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - cgroup2 run cpu_update failed" && ((ret++)) ++ ++ isula update --cpus 1 cpu_update ++ [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - cgroup2 update cpu.max cpus 1 failed" && ((ret++)) ++ ++ isula exec -ti cpu_update cat /sys/fs/cgroup/cpu.max | grep ^"100000 100000"$'\r' ++ [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - cgroup2 update cpu.max cpus 1 value not right" && ((ret++)) ++ ++ # cpus 0 means not change ++ isula update --cpus 0 cpu_update ++ [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - cgroup2 update cpu.max cpus 0 failed" && ((ret++)) ++ ++ isula exec -ti cpu_update cat /sys/fs/cgroup/cpu.max | grep ^"100000 100000"$'\r' ++ [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - cgroup2 update cpu.max cpus 0 value not right" && ((ret++)) ++ ++ isula rm -f cpu_update ++ [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - cgroup2 remove cpu_update failed" && ((ret++)) ++ fi ++ ++ if [[ -f /sys/fs/cgroup/isulad/cpuset.cpus.effective ]];then ++ # normal value ++ isula update --cpuset-cpus 0 --cpuset-mems 0 $cgroup2_update ++ [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - cgroup2 update update cpuset failed" && ((ret++)) ++ ++ isula exec -ti $cgroup2_update cat /sys/fs/cgroup/cpuset.cpus | grep -E ^0$'\r' ++ [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - cgroup2 update cpuset.cpus value not right" && ((ret++)) ++ ++ isula exec -ti $cgroup2_update cat /sys/fs/cgroup/cpuset.mems | grep -E ^0$'\r' ++ [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - cgroup2 update cpuset.mems value not right" && ((ret++)) ++ ++ # invalid cpus -1 value ++ isula update --cpuset-cpus -1 $cgroup2_update ++ [[ $? -eq 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - cgroup2 update cpuset.cpus invalid -1 failed" && ((ret++)) ++ ++ # invalid cpus 100000 value ++ isula update --cpuset-cpus 100000 $cgroup2_update ++ [[ $? -eq 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - cgroup2 update cpuset.cpus invalid 100000 failed" && ((ret++)) ++ ++ # invalid mems -1 value ++ isula update --cpuset-mems -1 $cgroup2_update ++ [[ $? -eq 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - cgroup2 update cpuset.mems invalid -1 failed" && ((ret++)) ++ ++ # invalid mems 100000 value ++ isula update --cpuset-mems 100000 $cgroup2_update ++ [[ $? -eq 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - cgroup2 update cpuset.mems invalid 100000 failed" && ((ret++)) ++ fi ++ ++ return ${ret} ++} ++ ++function test_cgroup2_io_update() ++{ ++ local ret=0 ++ ++ if [[ -f "/sys/fs/cgroup/isulad/io.bfq.weight" ]];then ++ # min value ++ isula update --blkio-weight 10 $cgroup2_update ++ [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - cgroup2 update io.bfq.weight min value failed" && ((ret++)) ++ ++ isula exec -ti $cgroup2_update cat "/sys/fs/cgroup/io.bfq.weight" | grep 1$'\r' ++ [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - cgroup2 update io.bfq.weight min value not right" && ((ret++)) ++ ++ # max value ++ isula update --blkio-weight 1000 $cgroup2_update ++ [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - cgroup2 update io.bfq.weight max value failed" && ((ret++)) ++ ++ isula exec -ti $cgroup2_update cat "/sys/fs/cgroup/io.bfq.weight" | grep 1000$'\r' ++ [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - cgroup2 update io.bfq.weight max value not right" && ((ret++)) ++ ++ # 0 means value not change ++ isula update --blkio-weight 0 $cgroup2_update ++ [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - cgroup2 update io.bfq.weight 0 failed" && ((ret++)) ++ ++ isula exec -ti $cgroup2_update cat "/sys/fs/cgroup/io.bfq.weight" | grep 1000$'\r' ++ [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - cgroup2 update io.bfq.weight 0 not right" && ((ret++)) ++ ++ # invalid value ++ isula update --blkio-weight -1 $cgroup2_update echo hello ++ [[ $? -eq 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - cgroup2 update io.bfqweight -1 failed" && ((ret++)) ++ fi ++ ++ if [[ -f "/sys/fs/cgroup/isulad/io.weight" ]];then ++ # min value ++ isula update --blkio-weight 10 $cgroup2_update ++ [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - cgroup2 update io.weight min value failed" && ((ret++)) ++ ++ isula exec -ti $cgroup2_update cat "/sys/fs/cgroup/io.weight" | grep ^"default 1"$'\r' ++ [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - cgroup2 update io.weight min value not right" && ((ret++)) ++ ++ # max value ++ isula update --blkio-weight 1000 $cgroup2_update ++ [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - cgroup2 update io.weight max value failed" && ((ret++)) ++ ++ isula exec -ti $cgroup2_update cat "/sys/fs/cgroup/io.weight" | grep ^"default 10000"$'\r' ++ [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - cgroup2 update io.weight max value not right" && ((ret++)) ++ ++ # 0 means value not change ++ isula update --blkio-weight 0 $cgroup2_update ++ [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - cgroup2 update io.weight 0 failed" && ((ret++)) ++ ++ isula exec -ti $cgroup2_update cat "/sys/fs/cgroup/io.weight" | grep ^"default 10000"$'\r' ++ [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - cgroup2 update io.weight 0 not right" && ((ret++)) ++ ++ # invalid value ++ isula update --blkio-weight -1 $cgroup2_update echo hello ++ [[ $? -eq 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - cgroup2 update io.weight -1 failed" && ((ret++)) ++ fi ++ ++ return ${ret} ++} ++ ++function test_cgroup2_memory_update() ++{ ++ local ret=0 ++ ++ if [[ -f /sys/fs/cgroup/isulad/memory.max ]];then ++ # normal value ++ isula update -m 10m $cgroup2_update ++ [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - cgroup2 update memory.max 10m failed" && ((ret++)) ++ ++ isula exec -ti $cgroup2_update cat /sys/fs/cgroup/memory.max | grep ^10485760$'\r' ++ [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - cgroup2 update memory.max 10m value not right" && ((ret++)) ++ ++ # 0 is not change ++ isula update -m 0 $cgroup2_update ++ [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - cgroup2 update memory.max 0 failed" && ((ret++)) ++ ++ isula exec -ti $cgroup2_update cat /sys/fs/cgroup/memory.max | grep ^10485760$'\r' ++ [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - cgroup2 update memory.max 0 not right" && ((ret++)) ++ ++ # invalid ++ isula update -m -1 $cgroup2_update ++ [[ $? -eq 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - cgroup2 update memory.max -1 failed" && ((ret++)) ++ fi ++ ++ if [[ -f /sys/fs/cgroup/isulad/memory.low ]];then ++ # normal value ++ isula update --memory-reservation 10m $cgroup2_update ++ [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - cgroup2 update memory.low normal value failed" && ((ret++)) ++ ++ isula exec -ti $cgroup2_update cat /sys/fs/cgroup/memory.low | grep ^10485760$'\r' ++ [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - cgroup2 update memory.low normal value not right" && ((ret++)) ++ ++ # 0 means not change ++ isula update --memory-reservation 0 $cgroup2_update ++ [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - cgroup2 update memory.low 0 failed" && ((ret++)) ++ ++ isula exec -ti $cgroup2_update cat /sys/fs/cgroup/memory.low | grep ^10485760$'\r' ++ [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - cgroup2 update memory.low 0 value not right" && ((ret++)) ++ ++ # -1 is invalid ++ isula update --memory-reservation -1 $cgroup2_update ++ [[ $? -eq 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - cgroup2 update memory.low invalid failed" && ((ret++)) ++ fi ++ ++ if [[ -f /sys/fs/cgroup/isulad/memory.swap.max ]];then ++ # normal value ++ isula update --memory 10m --memory-swap 20m $cgroup2_update ++ [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - cgroup2 update memory.swap.max normal value failed" && ((ret++)) ++ ++ isula exec -ti $cgroup2_update cat /sys/fs/cgroup/memory.swap.max | grep ^10485760$'\r' ++ [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - cgroup2 update memory.swap.max normal value not right" && ((ret++)) ++ ++ # invalid ++ isula update --memory 10m --memory-swap 5m $cgroup2_update ++ [[ $? -eq 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - cgroup2 update memory.swap.max invalid failed" && ((ret++)) ++ ++ # 0 is the same as memory ++ isula update --memory 10m --memory-swap 0 $cgroup2_update ++ [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - cgroup2 update memory.swap.max 0 failed" && ((ret++)) ++ ++ isula exec -ti $cgroup2_update cat /sys/fs/cgroup/memory.swap.max | grep ^10485760$'\r' ++ [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - cgroup2 update memory.swap.max 0 value not right" && ((ret++)) ++ ++ # -1 is max ++ isula update --memory 10m --memory-swap -1 $cgroup2_update ++ [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - cgroup2 update memory.swap.max -1 failed" && ((ret++)) ++ ++ isula exec -ti $cgroup2_update cat /sys/fs/cgroup/memory.swap.max | grep ^max$'\r' ++ [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - cgroup2 update memory.swap.max -1 value not right" && ((ret++)) ++ ++ # disable swap ++ isula update --memory 10m --memory-swap 10m $cgroup2_update ++ [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - cgroup2 update memory.swap.max disable swap failed" && ((ret++)) ++ ++ isula exec -ti $cgroup2_update cat /sys/fs/cgroup/memory.swap.max | grep ^0$'\r' ++ [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - cgroup2 update memory.swap.max disable swap value not right" && ((ret++)) ++ fi ++ ++ return ${ret} ++} ++ ++function test_cgroup2_unsupported() ++{ ++ local ret=0 ++ ++ isula run -ti --rm --cpu-rt-period 1000000 --cpu-rt-runtime 1000000 busybox echo hello ++ [[ $? -eq 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - cgroup2 --cpu-rt-period and --cpu-rt-runtime should failed" && ((ret++)) ++ ++ isula run -ti --rm --kernel-memory 100m busybox echo hello ++ [[ $? -eq 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - cgroup2 --kernel-memory should failed" && ((ret++)) ++ ++ isula run -ti --rm --memory-swappiness 50 busybox echo hello ++ [[ $? -eq 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - cgroup2 --memory-swappiness should failed" && ((ret++)) ++ ++ isula run -ti --rm --oom-kill-disable busybox echo hello ++ [[ $? -eq 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - cgroup2 --oom-kill-disable should failed" && ((ret++)) ++ ++ isula update --cpu-rt-period 1000000 --cpu-rt-runtime 1000000 $cgroup2_update ++ [[ $? -eq 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - cgroup2 update --cpu-rt-period and --cpu-rt-runtime should failed" && ((ret++)) ++ ++ isula update --kernel-memory 100m $cgroup2_update ++ [[ $? -eq 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - cgroup2 update --kernel-memory should failed" && ((ret++)) ++ ++ return ${ret} ++} ++ ++function test_cgroup2_parent() ++{ ++ local ret=0 ++ ++ rmdir /sys/fs/cgroup/isulad ++ rmdir /sys/fs/cgroup/abc ++ ++ id=`isula run -tid --cgroup-parent /abc -m 10m busybox sh` ++ cat /sys/fs/cgroup/abc/$id/memory.max | grep ^10485760$ ++ [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - cgroup2 --cgroup-parent cannot work" && ((ret++)) ++ ++ return ${ret} ++} ++ ++function test_cgroup2_device() ++{ ++ local ret=0 ++ ++ dev_name=/dev/$(lsblk | grep disk | head -n 1 | awk '{print $1}') ++ dev_num=$(lsblk | grep disk | head -n 1 | awk '{print $2}') ++ mknod_num=$(echo $dev_num | sed 's/:/ /g') ++ ++ # read only ++ isula run -ti --rm --device=$dev_name:/dev/sdx:r busybox sh -c 'echo q | fdisk /dev/sdx | grep "read only"' ++ [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - cgroup2 --device r failed" && ((ret++)) ++ ++ isula run -ti --rm --device=$dev_name:/dev/sdx:rm busybox sh -c 'echo q | fdisk /dev/sdx | grep "read only"' ++ [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - cgroup2 --device rm failed" && ((ret++)) ++ ++ isula run -ti --rm --device-cgroup-rule="b $dev_num r" busybox sh -c "mknod /dev/sdx b $mknod_num && echo q | fdisk /dev/sdx | grep 'read only'" ++ [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - cgroup2 --device r failed" && ((ret++)) ++ ++ isula run -ti --rm --device-cgroup-rule="b $dev_num rm" busybox sh -c "mknod /dev/sdx b $mknod_num && echo q | fdisk /dev/sdx | grep 'read only'" ++ [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - cgroup2 --device rm failed" && ((ret++)) ++ ++ # can't read ++ isula run -ti --rm --device=$dev_name:/dev/sdx:w busybox sh -c 'echo q | fdisk /dev/sdx 2>&1 | grep "t open"' ++ [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - cgroup2 --device w failed" && ((ret++)) ++ ++ isula run -ti --rm --device=$dev_name:/dev/sdx:wm busybox sh -c 'echo q | fdisk /dev/sdx 2>&1 | grep "t open"' ++ [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - cgroup2 --device wm failed" && ((ret++)) ++ ++ isula run -ti --rm --device-cgroup-rule="b $dev_num w" busybox sh -c "mknod /dev/sdx b $mknod_num && echo q | fdisk /dev/sdx 2>&1 | grep 't open'" ++ [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - cgroup2 --device w failed" && ((ret++)) ++ ++ isula run -ti --rm --device-cgroup-rule="b $dev_num wm" busybox sh -c "mknod /dev/sdx b $mknod_num && echo q | fdisk /dev/sdx 2>&1 | grep 't open'" ++ [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - cgroup2 --device wm failed" && ((ret++)) ++ ++ # can't read write ++ isula run -ti --rm --device=$dev_name:/dev/sdx:m busybox sh -c 'echo q | fdisk /dev/sdx 2>&1 | grep "t open"' ++ [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - cgroup2 --device m" && ((ret++)) ++ ++ isula run -ti --rm --device-cgroup-rule="b $dev_num m" busybox sh -c "mknod /dev/sdx b $mknod_num && echo q | fdisk /dev/sdx 2>&1 | grep 't open'" ++ [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - cgroup2 --device wm failed" && ((ret++)) ++ ++ isula run -ti --rm --device-cgroup-rule="b *:* m" busybox sh -c "mknod /dev/sdx b $mknod_num && echo q | fdisk /dev/sdx 2>&1 | grep 't open'" ++ [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - cgroup2 --device wm failed" && ((ret++)) ++ ++ return ${ret} ++} ++ ++function prepare_test_cgroupv2() ++{ ++ local ret=0 ++ ++ cat /proc/1/mountinfo | grep "\- cgroup2" | grep "/sys/fs/cgroup rw" ++ if [ x"$?" == x"0" ];then ++ cgroupv2=1 ++ else ++ return 0 ++ fi ++ ++ all=$(cat /sys/fs/cgroup/cgroup.controllers) ++ sub=$(cat /sys/fs/cgroup/cgroup.subtree_control) ++ if [ x"$all" != x"$sub" ];then ++ echo +cpuset > /sys/fs/cgroup/cgroup.subtree_control ++ echo +cpu > /sys/fs/cgroup/cgroup.subtree_control ++ echo +io > /sys/fs/cgroup/cgroup.subtree_control ++ echo +memory > /sys/fs/cgroup/cgroup.subtree_control ++ echo +pids > /sys/fs/cgroup/cgroup.subtree_control ++ echo +hugetlb > /sys/fs/cgroup/cgroup.subtree_control ++ echo +files > /sys/fs/cgroup/cgroup.subtree_control ++ fi ++ ++ mkdir -p /sys/fs/cgroup/isulad ++ chmod 755 /sys/fs/cgroup/isulad ++ ++ isula rm -f `isula ps -a -q` ++ ++ isula run -tid -n $cgroup2_update busybox sh ++ [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - cgroup2 run container failed" && ((ret++)) ++ ++ return ${ret} ++} ++ ++function post_test_cgroupv2() ++{ ++ isula rm -f `isula ps -a -q` ++ return 0 ++} ++ ++declare -i ans=0 ++ ++msg_info "${test} starting..." ++[[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - start isulad failed" && ((ret++)) ++ ++prepare_test_cgroupv2 || ((ans++)) ++if [ "$cgroupv2" == "1" ];then ++ test_cgroup2_cpu || ((ans++)) ++ test_cgroup2_io || ((ans++)) ++ test_cgroup2_memory || ((ans++)) ++ test_cgroup2_pids || ((ans++)) ++ test_cgroup2_hugetlb || ((ans++)) ++ test_cgroup2_freeze || ((ans++)) ++ test_cgroup2_files || ((ans++)) ++ test_cgroup2_cpu_update || ((ans++)) ++ test_cgroup2_io_update || ((ans++)) ++ test_cgroup2_memory_update || ((ans++)) ++ test_cgroup2_unsupported || ((ans++)) ++ test_cgroup2_parent || ((ans++)) ++ test_cgroup2_device || ((ans++)) ++else ++ msg_info "${test} not cgroup v2 enviorment, ignore test..." ++fi ++post_test_cgroupv2 ++ ++msg_info "${test} finished with return ${ans}..." ++ ++show_result ${ans} "${curr_path}/${0}" +-- +2.25.1 + diff --git a/0064-Readme-add-configure-image-registry-address.patch b/0064-Readme-add-configure-image-registry-address.patch new file mode 100644 index 0000000..e4d6084 --- /dev/null +++ b/0064-Readme-add-configure-image-registry-address.patch @@ -0,0 +1,44 @@ +From 36912c87592d8b46aae340df9b51287c6a8ce78b Mon Sep 17 00:00:00 2001 +From: Li Feng +Date: Thu, 1 Apr 2021 20:14:05 +0800 +Subject: [PATCH 064/104] Readme: add configure image registry address + +Signed-off-by: Li Feng +--- + README.md | 17 ++++++++++++++++- + 1 file changed, 16 insertions(+), 1 deletion(-) + +diff --git a/README.md b/README.md +index 68f35f34..fdbc8757 100644 +--- a/README.md ++++ b/README.md +@@ -53,10 +53,25 @@ For more information contact your distribution or package provider. + + you should run `rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-openEuler` first + ++ ++### Configure ++ ++Configure the container image registry address, for example "docker.io" or other registry addrss. ++ ++```sh ++# cat /etc/isulad/daemon.json ++..... ++ "registry-mirrors": [ ++ "docker.io" ++ ], ++..... ++``` ++ + ### Run ++ + We provide `systemd` service to start `iSulad`: + ```sh +-systemctl start isulad # run the server with systemd command ++systemctl restart isulad # restart the server with systemd command + ``` + + You can use direct command to start `iSulad` server: +-- +2.25.1 + diff --git a/0065-add-iSulad-experiment-in-README.patch b/0065-add-iSulad-experiment-in-README.patch new file mode 100644 index 0000000..91688c8 --- /dev/null +++ b/0065-add-iSulad-experiment-in-README.patch @@ -0,0 +1,32 @@ +From 3b743b6c460869b3118a63c22f620383c234e17d Mon Sep 17 00:00:00 2001 +From: zhangxiaoyu +Date: Fri, 2 Apr 2021 15:45:45 +0800 +Subject: [PATCH 065/104] add iSulad experiment in README + +Signed-off-by: zhangxiaoyu +--- + README.md | 8 ++++++++ + 1 file changed, 8 insertions(+) + +diff --git a/README.md b/README.md +index fdbc8757..39e23de1 100644 +--- a/README.md ++++ b/README.md +@@ -249,6 +249,14 @@ base operators of CRI + | 100 * runp | 27802 | 29197 | 2398 | -91.37% | -91.79% | + | 100 * stopp | 14429 | 11173 | 1170 | -91.89% | -89.53% | + ++## Try to Use iSulad ++ ++If you want to experience iSulad right now, you can try to use it at: ++ ++- https://lab.huaweicloud.com/testdetail_498 ++ ++It is the experiment about iSulad. In this experiment you can install iSulad easily. And then you can pull image, run container, analyse iSulad's performance and compare it with performance of Docker. ++ + ## How to Contribute + + We always welcome new contributors. And we are happy to provide guidance for the new contributors. +-- +2.25.1 + diff --git a/0066-CI-add-testcase-for-long-label.patch b/0066-CI-add-testcase-for-long-label.patch new file mode 100644 index 0000000..16080b5 --- /dev/null +++ b/0066-CI-add-testcase-for-long-label.patch @@ -0,0 +1,106 @@ +From e13e14225cbdcb504268b740f171b2850b61aa88 Mon Sep 17 00:00:00 2001 +From: Li Feng +Date: Tue, 6 Apr 2021 14:41:17 +0800 +Subject: [PATCH 066/104] CI: add testcase for long label + +Signed-off-by: Li Feng +--- + CI/test_cases/container_cases/annotaion.sh | 86 ++++++++++++++++++++++ + 1 file changed, 86 insertions(+) + create mode 100755 CI/test_cases/container_cases/annotaion.sh + +diff --git a/CI/test_cases/container_cases/annotaion.sh b/CI/test_cases/container_cases/annotaion.sh +new file mode 100755 +index 00000000..b563e390 +--- /dev/null ++++ b/CI/test_cases/container_cases/annotaion.sh +@@ -0,0 +1,86 @@ ++#!/bin/bash ++# ++# attributes: isulad annotation ++# concurrent: YES ++# spend time: 15 ++ ++####################################################################### ++##- @Copyright (C) Huawei Technologies., Ltd. 2020. All rights reserved. ++# - iSulad licensed under the Mulan PSL v2. ++# - You can use this software according to the terms and conditions of the Mulan PSL v2. ++# - You may obtain a copy of Mulan PSL v2 at: ++# - http://license.coscl.org.cn/MulanPSL2 ++# - THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR ++# - IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR ++# - PURPOSE. ++# - See the Mulan PSL v2 for more details. ++##- @Description:CI ++##- @Author: lifeng ++##- @Create: 2021-04-06 ++####################################################################### ++ ++declare -r curr_path=$(dirname $(readlink -f "$0")) ++source ../helpers.sh ++test="annotation test => test_annotation" ++ ++function test_label() ++{ ++ local ret=0 ++ ++ isula run -tid --name annotation --label "test_long_label=111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111" busybox sh ++ [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - failed to run container for long label" && ((ret++)) ++ ++ isula inspect annotation ++ [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - failed to inspect container for long label" && ((ret++)) ++ ++ isula exec -ti annotation echo 1 ++ [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - failed to exec in container" && ((ret++)) ++ ++ check_valgrind_log ++ [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - stop isulad failed" && ((ret++)) ++ ++ start_isulad_with_valgrind ++ [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - start isulad failed" && ((ret++)) ++ ++ isula rm -f annotation ++ [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - failed to rm -f container" && ((ret++)) ++ ++ return ${ret} ++} ++ ++function test_annotation() ++{ ++ local ret=0 ++ ++ isula run -tid --name annotation --annotation "test_long_label=111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111" busybox sh ++ [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - failed to run container for long label" && ((ret++)) ++ ++ isula inspect annotation ++ [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - failed to inspect container for long label" && ((ret++)) ++ ++ isula exec -ti annotation echo 1 ++ [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - failed to exec in container" && ((ret++)) ++ ++ check_valgrind_log ++ [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - stop isulad failed" && ((ret++)) ++ ++ start_isulad_with_valgrind ++ [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - start isulad failed" && ((ret++)) ++ ++ isula rm -f annotation ++ [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - failed to rm -f container" && ((ret++)) ++ ++ return ${ret} ++} ++ ++declare -i ans=0 ++ ++msg_info "${test} starting..." ++[[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - start isulad failed" && ((ret++)) ++ ++test_label || ((ans++)) ++test_annotation || ((ans++)) ++ ++msg_info "${test} finished with return ${ans}..." ++ ++show_result ${ans} "${curr_path}/${0}" +-- +2.25.1 + diff --git a/0067-event-fix-memory-leak-when-pack-annotation-failed.patch b/0067-event-fix-memory-leak-when-pack-annotation-failed.patch new file mode 100644 index 0000000..6cbc874 --- /dev/null +++ b/0067-event-fix-memory-leak-when-pack-annotation-failed.patch @@ -0,0 +1,92 @@ +From 1e2ebc309064e88d0d5aac6a91b23ef8cbc0c727 Mon Sep 17 00:00:00 2001 +From: Li Feng +Date: Tue, 6 Apr 2021 15:05:59 +0800 +Subject: [PATCH 067/104] event: fix memory leak when pack annotation failed + +Signed-off-by: Li Feng +--- + .../connect/grpc/grpc_containers_client.cc | 2 +- + src/daemon/modules/events/collector.c | 18 +++--------------- + 2 files changed, 4 insertions(+), 16 deletions(-) + +diff --git a/src/client/connect/grpc/grpc_containers_client.cc b/src/client/connect/grpc/grpc_containers_client.cc +index 6661970b..bb50d811 100644 +--- a/src/client/connect/grpc/grpc_containers_client.cc ++++ b/src/client/connect/grpc/grpc_containers_client.cc +@@ -1810,8 +1810,8 @@ private: + for (const auto &iter : map) { + std::string anno = iter.first + "=" + iter.second; + (void)util_array_append(&event->annotations, anno.c_str()); +- event->annotations_len++; + } ++ event->annotations_len = util_array_len((const char **)event->annotations); + } + + auto events_request_to_grpc(const struct isula_events_request *request, EventsRequest *grequest) -> int +diff --git a/src/daemon/modules/events/collector.c b/src/daemon/modules/events/collector.c +index 3e587aeb..67a823f1 100644 +--- a/src/daemon/modules/events/collector.c ++++ b/src/daemon/modules/events/collector.c +@@ -332,44 +332,36 @@ static int supplement_labels_for_container_msg(const container_t *cont, const st + return 0; + } + +-static int supplement_annotations_for_container_msg(const container_t *cont, const struct monitord_msg *msg, +- struct isulad_events_format *format_msg) ++static void supplement_annotations_for_container_msg(const container_t *cont, const struct monitord_msg *msg, ++ struct isulad_events_format *format_msg) + { + if (supplement_pid_for_container_msg(cont, msg, format_msg) != 0) { + ERROR("Failed to supplement pid info"); +- return -1; + } + + if (supplement_exitcode_for_container_msg(cont, msg, format_msg) != 0) { + ERROR("Failed to supplement exitCode info"); +- return -1; + } + + if (supplement_image_for_container_msg(cont, msg, format_msg) != 0) { + ERROR("Failed to supplement image info"); +- return -1; + } + + if (supplement_name_for_container_msg(cont, msg, format_msg) != 0) { + ERROR("Failed to supplement name info"); +- return -1; + } + + if (supplement_labels_for_container_msg(cont, msg, format_msg) != 0) { + ERROR("Failed to supplement label info"); +- return -1; + } + + if (strlen(msg->extra_annations) != 0) { + if (util_array_append(&format_msg->annotations, msg->extra_annations) != 0) { + ERROR("Failed to supplement extra annations info"); +- return -1; + } + } + + format_msg->annotations_len = util_array_len((const char **)format_msg->annotations); +- +- return 0; + } + + static int supplement_msg_for_container(struct monitord_msg *msg, struct isulad_events_format *format_msg) +@@ -395,11 +387,7 @@ static int supplement_msg_for_container(struct monitord_msg *msg, struct isulad_ + goto out; + } + +- if (supplement_annotations_for_container_msg(cont, msg, format_msg) != 0) { +- ERROR("Failed to supplement annotations info"); +- ret = -1; +- goto out; +- } ++ supplement_annotations_for_container_msg(cont, msg, format_msg); + + out: + container_unref(cont); +-- +2.25.1 + diff --git a/0068-Readme-add-script-to-install-iSulad-on-Centos7.patch b/0068-Readme-add-script-to-install-iSulad-on-Centos7.patch new file mode 100644 index 0000000..25b6513 --- /dev/null +++ b/0068-Readme-add-script-to-install-iSulad-on-Centos7.patch @@ -0,0 +1,198 @@ +From 38b5c74dcce5fc61438ce03252c14c9b5a009d81 Mon Sep 17 00:00:00 2001 +From: Li Feng +Date: Wed, 7 Apr 2021 11:34:21 +0800 +Subject: [PATCH 068/104] Readme: add script to install iSulad on Centos7 + +Signed-off-by: Li Feng +--- + docs/build_guide.md | 9 +- + docs/build_guide_zh.md | 8 +- + docs/install_iSulad_on_Centos_7.sh | 137 +++++++++++++++++++++++++++++ + 3 files changed, 150 insertions(+), 4 deletions(-) + create mode 100644 docs/install_iSulad_on_Centos_7.sh + +diff --git a/docs/build_guide.md b/docs/build_guide.md +index d710cbbb..449767ae 100644 +--- a/docs/build_guide.md ++++ b/docs/build_guide.md +@@ -7,8 +7,13 @@ If you intend to contribute on iSulad. Thanks for your effort. Every contributio + These dependencies are required for build: + + ### install basic dependencies based on Centos distribution +-```bash +-$ sudo yum --enablerepo='*' install -y automake autoconf libtool cmake make libcap libcap-devel libselinux libselinux-devel libseccomp libseccomp-devel yajl-devel git libcgroup tar python3 python3-pip device-mapper-devel libarchive libarchive-devel libcurl-devel zlib-devel glibc-headers openssl-devel gcc gcc-c++ systemd-devel systemd-libs golang libtar libtar-devel ++ ++We provided a script to auto install iSulad on centos7, you can just execute the script to install iSulad. ++ ++```sh ++$ git clone https://gitee.com/openeuler/iSulad.git ++$ cd iSulad/docs ++$ sudo ./install_iSulad_on_Centos_7.sh + ``` + + ### install basic dependencies based on Ubuntu distribution +diff --git a/docs/build_guide_zh.md b/docs/build_guide_zh.md +index d6621fcf..2cb709e8 100644 +--- a/docs/build_guide_zh.md ++++ b/docs/build_guide_zh.md +@@ -18,8 +18,12 @@ dnf builddep iSulad.spec + + ### Centos的安装命令 + +-```bash +-$ sudo yum --enablerepo='*' install -y automake autoconf libtool cmake make libcap libcap-devel libselinux libselinux-devel libseccomp libseccomp-devel yajl-devel git libcgroup tar python3 python3-pip device-mapper-devel libarchive libarchive-devel libcurl-devel zlib-devel glibc-headers openssl-devel gcc gcc-c++ systemd-devel systemd-libs libtar libtar-devel ++我们在代码仓中提供了在Centos7上自动化安装的脚本,您只需要执行这个脚本就可以自动编译安装iSulad以及其依赖的组件。 ++ ++```sh ++$ git clone https://gitee.com/openeuler/iSulad.git ++$ cd iSulad/docs ++$ sudo ./install_iSulad_on_Centos_7.sh + ``` + + ### Ubuntu的安装命令 +diff --git a/docs/install_iSulad_on_Centos_7.sh b/docs/install_iSulad_on_Centos_7.sh +new file mode 100644 +index 00000000..48aff5cf +--- /dev/null ++++ b/docs/install_iSulad_on_Centos_7.sh +@@ -0,0 +1,137 @@ ++#!/bin/bash ++ ++ ++set -x ++set -e ++ ++# install neccessary packages ++yum install -y patch automake autoconf libtool cmake make libcap libcap-devel libselinux libselinux-devel libseccomp libseccomp-devel yajl-devel git libcgroup tar python3 python3-pip device-mapper-devel libcurl-devel zlib-devel glibc-headers openssl-devel gcc gcc-c++ systemd-devel systemd-libs golang libtar libtar-devel ++ ++# export LDFLAGS ++export PKG_CONFIG_PATH=/usr/local/lib/pkgconfig:$PKG_CONFIG_PATH ++export LD_LIBRARY_PATH=/usr/local/lib:/usr/lib:$LD_LIBRARY_PATH ++ echo "/usr/local/lib" >> /etc/ld.so.conf ++ ++BUILD_DIR=/tmp/build_isulad ++ ++rm -rf $BUILD_DIR ++mkdir -p $BUILD_DIR ++ ++# build libarchive ++cd $BUILD_DIR ++git clone https://gitee.com/src-openeuler/libarchive.git ++cd libarchive ++git checkout -b openEuler-20.03-LTS-tag openEuler-20.03-LTS-tag ++tar -zxvf libarchive-3.4.1.tar.gz ++cd libarchive-3.4.1 ++patch -p1 -F1 -s < ../libarchive-uninitialized-value.patch ++cd build ++cmake -DCMAKE_USE_SYSTEM_LIBRARIES=ON ../ ++make -j $(nproc) ++make install ++ldconfig ++ ++# build protobuf ++cd $BUILD_DIR ++git clone https://gitee.com/src-openeuler/protobuf.git ++cd protobuf ++git checkout openEuler-20.03-LTS-tag ++tar -xzvf protobuf-all-3.9.0.tar.gz ++cd protobuf-3.9.0 ++./autogen.sh ++./configure ++make -j $(nproc) ++make install ++ldconfig ++ ++# build c-ares ++cd $BUILD_DIR ++git clone https://gitee.com/src-openeuler/c-ares.git ++cd c-ares ++git checkout openEuler-20.03-LTS-tag ++tar -xzvf c-ares-1.15.0.tar.gz ++cd c-ares-1.15.0 ++autoreconf -if ++./configure --enable-shared --disable-dependency-tracking ++make -j $(nproc) ++make install ++ldconfig ++ ++# build grpc ++cd $BUILD_DIR ++git clone https://gitee.com/src-openeuler/grpc.git ++cd grpc ++git checkout openEuler-20.03-LTS-tag ++tar -xzvf grpc-1.22.0.tar.gz ++cd grpc-1.22.0 ++make -j $(nproc) ++make install ++ldconfig ++ ++# build http_parser ++cd $BUILD_DIR ++git clone https://gitee.com/src-openeuler/http-parser.git ++cd http-parser ++git checkout openEuler-20.03-LTS-tag ++tar -xzvf http-parser-2.9.2.tar.gz ++cd http-parser-2.9.2 ++make -j CFLAGS="-Wno-error" ++make CFLAGS="-Wno-error" install ++ldconfig ++ ++# build libwebsockets ++cd $BUILD_DIR ++git clone https://gitee.com/src-openeuler/libwebsockets.git ++cd libwebsockets ++git checkout openEuler-20.03-LTS-tag ++tar -xzvf libwebsockets-2.4.2.tar.gz ++cd libwebsockets-2.4.2 ++patch -p1 -F1 -s < ../libwebsockets-fix-coredump.patch ++mkdir build ++cd build ++cmake -DLWS_WITH_SSL=0 -DLWS_MAX_SMP=32 -DCMAKE_BUILD_TYPE=Debug ../ ++make -j $(nproc) ++make install ++ldconfig ++ ++# build lxc ++cd $BUILD_DIR ++git clone https://gitee.com/src-openeuler/lxc.git ++cd lxc ++tar -zxf lxc-4.0.3.tar.gz ++./apply-patches ++cd lxc-4.0.3 ++./autogen.sh ++./configure ++make -j ++make install ++ ++# build lcr ++cd $BUILD_DIR ++git clone https://gitee.com/openeuler/lcr.git ++cd lcr ++mkdir build ++cd build ++cmake .. ++make -j ++make install ++ ++# build and install clibcni ++cd $BUILD_DIR ++git clone https://gitee.com/openeuler/clibcni.git ++cd clibcni ++mkdir build ++cd build ++cmake .. ++make -j ++make install ++ ++# build and install iSulad ++cd $BUILD_DIR ++git clone https://gitee.com/openeuler/iSulad.git ++cd iSulad ++mkdir build ++cd build ++cmake .. ++make ++make install +-- +2.25.1 + diff --git a/0069-cri-fix-residual-IO-copy-thread-in-CRI-exec-operatio.patch b/0069-cri-fix-residual-IO-copy-thread-in-CRI-exec-operatio.patch new file mode 100644 index 0000000..d3c02b5 --- /dev/null +++ b/0069-cri-fix-residual-IO-copy-thread-in-CRI-exec-operatio.patch @@ -0,0 +1,1061 @@ +From e10bcde6bc507767fc0770c0a1606b6f96494d6b Mon Sep 17 00:00:00 2001 +From: wujing +Date: Sat, 27 Mar 2021 18:38:08 +0800 +Subject: [PATCH 069/104] cri: fix residual IO copy thread in CRI exec + operation + +Signed-off-by: wujing +--- + .../cri/websocket/service/attach_serve.cc | 20 +- + .../cri/websocket/service/attach_serve.h | 2 +- + .../entry/cri/websocket/service/exec_serve.cc | 24 +- + .../entry/cri/websocket/service/exec_serve.h | 2 +- + .../service/route_callback_register.h | 24 +- + .../entry/cri/websocket/service/ws_server.cc | 259 +++++++++--------- + .../entry/cri/websocket/service/ws_server.h | 53 +++- + src/daemon/modules/service/io_handler.c | 53 ++-- + src/utils/console/console.c | 38 ++- + src/utils/console/console.h | 5 +- + 10 files changed, 284 insertions(+), 196 deletions(-) + +diff --git a/src/daemon/entry/cri/websocket/service/attach_serve.cc b/src/daemon/entry/cri/websocket/service/attach_serve.cc +index 01c6b9cf..ec2edc8b 100644 +--- a/src/daemon/entry/cri/websocket/service/attach_serve.cc ++++ b/src/daemon/entry/cri/websocket/service/attach_serve.cc +@@ -16,30 +16,44 @@ + #include "attach_serve.h" + #include "utils.h" + +-int AttachServe::Execute(struct lws *wsi, const std::string &token, int read_pipe_fd) ++int AttachServe::Execute(lwsContext lws_ctx, const std::string &token, int read_pipe_fd) + { ++ prctl(PR_SET_NAME, "AttachServe"); ++ + service_executor_t *cb = get_service_executor(); + if (cb == nullptr || cb->container.attach == nullptr) { ++ sem_post(lws_ctx.sync_close_sem); + return -1; + } + + container_attach_request *container_req = nullptr; + if (GetContainerRequest(token, &container_req) != 0) { + ERROR("Failed to get contaner request"); ++ sem_post(lws_ctx.sync_close_sem); ++ return -1; ++ } ++ ++ // attach operation is non-blocking and cannot pass a local variable in ++ // free memory when close websocket session in closeWsConnect ++ lwsContext *lws_context = new (std::nothrow)lwsContext(lws_ctx); ++ if (lws_context == nullptr) { ++ ERROR("Out of memory"); ++ sem_post(lws_ctx.sync_close_sem); + return -1; + } + + struct io_write_wrapper stringWriter = { 0 }; +- stringWriter.context = (void *)wsi; ++ stringWriter.context = (void *)(lws_context); + stringWriter.write_func = WsWriteStdoutToClient; + stringWriter.close_func = closeWsConnect; + container_req->attach_stderr = false; + + container_attach_response *container_res = nullptr; + int ret = cb->container.attach(container_req, &container_res, container_req->attach_stdin ? read_pipe_fd : -1, +- &stringWriter, nullptr); ++ container_req->attach_stdout ? &stringWriter : nullptr, nullptr); + if (ret != 0) { + ERROR("Failed to attach container: %s", container_req->container_id); ++ sem_post(lws_ctx.sync_close_sem); + } + + free_container_attach_request(container_req); +diff --git a/src/daemon/entry/cri/websocket/service/attach_serve.h b/src/daemon/entry/cri/websocket/service/attach_serve.h +index 00e2b34e..0d29f35b 100644 +--- a/src/daemon/entry/cri/websocket/service/attach_serve.h ++++ b/src/daemon/entry/cri/websocket/service/attach_serve.h +@@ -33,7 +33,7 @@ public: + AttachServe(const AttachServe &) = delete; + AttachServe &operator=(const AttachServe &) = delete; + virtual ~AttachServe() = default; +- int Execute(struct lws *wsi, const std::string &token, int read_pipe_fd) override; ++ int Execute(lwsContext lws_ctx, const std::string &token, int read_pipe_fd) override; + private: + int RequestFromCri(const runtime::v1alpha2::AttachRequest &grequest, + container_attach_request **request); +diff --git a/src/daemon/entry/cri/websocket/service/exec_serve.cc b/src/daemon/entry/cri/websocket/service/exec_serve.cc +index 855d28b8..96675734 100644 +--- a/src/daemon/entry/cri/websocket/service/exec_serve.cc ++++ b/src/daemon/entry/cri/websocket/service/exec_serve.cc +@@ -17,25 +17,37 @@ + #include "io_wrapper.h" + #include "utils.h" + +-int ExecServe::Execute(struct lws *wsi, const std::string &token, int read_pipe_fd) ++int ExecServe::Execute(lwsContext lws_ctx, const std::string &token, int read_pipe_fd) + { + service_executor_t *cb = get_service_executor(); + if (cb == nullptr || cb->container.exec == nullptr) { ++ sem_post(lws_ctx.sync_close_sem); + return -1; + } + + container_exec_request *container_req = nullptr; + if (GetContainerRequest(token, &container_req) != 0) { + ERROR("Failed to get contaner request"); ++ sem_post(lws_ctx.sync_close_sem); ++ return -1; ++ } ++ ++ lwsContext *lws_context = new (std::nothrow)lwsContext(lws_ctx); ++ if (lws_context == nullptr) { ++ ERROR("Out of memory"); ++ sem_post(lws_ctx.sync_close_sem); + return -1; + } + + struct io_write_wrapper StdoutstringWriter = { 0 }; +- StdoutstringWriter.context = (void *)wsi; ++ StdoutstringWriter.context = (void *)lws_context; + StdoutstringWriter.write_func = WsWriteStdoutToClient; ++ // the close function of StderrstringWriter is preferred unless StderrstringWriter is nullptr ++ StdoutstringWriter.close_func = container_req->attach_stderr ? nullptr : closeWsStream; + struct io_write_wrapper StderrstringWriter = { 0 }; +- StderrstringWriter.context = (void *)wsi; ++ StderrstringWriter.context = (void *)lws_context; + StderrstringWriter.write_func = WsWriteStderrToClient; ++ StderrstringWriter.close_func = container_req->attach_stderr ? closeWsStream : nullptr; + + container_exec_response *container_res = nullptr; + int ret = cb->container.exec(container_req, &container_res, container_req->attach_stdin ? read_pipe_fd : -1, +@@ -48,17 +60,17 @@ int ExecServe::Execute(struct lws *wsi, const std::string &token, int read_pipe_ + } else { + message = "Failed to call exec container callback. "; + } +- WsWriteStdoutToClient(wsi, message.c_str(), message.length()); ++ WsWriteStdoutToClient(lws_context, message.c_str(), message.length()); + } + if (container_res != nullptr && container_res->exit_code != 0) { + std::string exit_info = "Exit code :" + std::to_string((int)container_res->exit_code) + "\n"; +- WsWriteStdoutToClient(wsi, exit_info.c_str(), exit_info.length()); ++ WsWriteStdoutToClient(lws_context, exit_info.c_str(), exit_info.length()); + } + + free_container_exec_request(container_req); + free_container_exec_response(container_res); + +- (void)closeWsConnect((void*)wsi, nullptr); ++ closeWsConnect((void*)lws_context, nullptr); + + return ret; + } +diff --git a/src/daemon/entry/cri/websocket/service/exec_serve.h b/src/daemon/entry/cri/websocket/service/exec_serve.h +index b29c3e1e..093f076a 100644 +--- a/src/daemon/entry/cri/websocket/service/exec_serve.h ++++ b/src/daemon/entry/cri/websocket/service/exec_serve.h +@@ -37,7 +37,7 @@ public: + ExecServe(const ExecServe &) = delete; + ExecServe &operator=(const ExecServe &) = delete; + virtual ~ExecServe() = default; +- int Execute(struct lws *wsi, const std::string &token, int read_pipe_fd) override; ++ int Execute(lwsContext lws_ctx, const std::string &token, int read_pipe_fd) override; + + private: + int RequestFromCri(const runtime::v1alpha2::ExecRequest &grequest, container_exec_request **request); +diff --git a/src/daemon/entry/cri/websocket/service/route_callback_register.h b/src/daemon/entry/cri/websocket/service/route_callback_register.h +index 5d021d17..9c6bdd64 100644 +--- a/src/daemon/entry/cri/websocket/service/route_callback_register.h ++++ b/src/daemon/entry/cri/websocket/service/route_callback_register.h +@@ -21,14 +21,21 @@ + #include + #include + #include ++#include + #include "isula_libutils/log.h" ++ ++struct lwsContext { ++ int fd; ++ sem_t *sync_close_sem; ++}; ++ + class StreamingServeInterface { + public: + StreamingServeInterface() = default; + StreamingServeInterface(const StreamingServeInterface &) = delete; + StreamingServeInterface &operator=(const StreamingServeInterface &) = delete; + virtual ~StreamingServeInterface() = default; +- virtual int Execute(struct lws *wsi, const std::string &token, int read_pipe_fd) = 0; ++ virtual int Execute(lwsContext lws_ctx, const std::string &token, int read_pipe_fd) = 0; + }; + + class RouteCallbackRegister { +@@ -42,15 +49,14 @@ public: + return static_cast(m_registeredcallbacks.count(method)); + } + +- int HandleCallback(struct lws *wsi, const std::string &method, +- const std::string &token, +- int read_pipe_fd) ++ int HandleCallback(lwsContext lws_ctx, const std::string &method, ++ const std::string &token, int read_pipe_fd) + { + auto it = m_registeredcallbacks.find(method); + if (it != m_registeredcallbacks.end()) { + std::shared_ptr callback = it->second; + if (callback) { +- return callback->Execute(wsi, token, read_pipe_fd); ++ return callback->Execute(lws_ctx, token, read_pipe_fd); + } + } + ERROR("invalid method!"); +@@ -69,21 +75,21 @@ private: + + class StreamTask { + public: +- StreamTask(RouteCallbackRegister *invoker, struct lws *wsi, ++ StreamTask(RouteCallbackRegister *invoker, lwsContext lws_ctx, + const std::string &method, + const std::string &token, int read_pipe_fd) +- : m_invoker(invoker), m_wsi(wsi), m_method(method), m_token(token), ++ : m_invoker(invoker), m_lws_ctx(lws_ctx), m_method(method), m_token(token), + m_read_pipe_fd(read_pipe_fd) {} + StreamTask(const StreamTask &) = delete; + StreamTask &operator=(const StreamTask &) = delete; + virtual ~StreamTask() = default; + int Run() + { +- return m_invoker->HandleCallback(m_wsi, m_method, m_token, m_read_pipe_fd); ++ return m_invoker->HandleCallback(m_lws_ctx, m_method, m_token, m_read_pipe_fd); + } + private: + RouteCallbackRegister *m_invoker{ nullptr }; +- struct lws *m_wsi; ++ lwsContext m_lws_ctx; + std::string m_method; + std::string m_token; + int m_read_pipe_fd; +diff --git a/src/daemon/entry/cri/websocket/service/ws_server.cc b/src/daemon/entry/cri/websocket/service/ws_server.cc +index 795d2c1e..4993e1e8 100644 +--- a/src/daemon/entry/cri/websocket/service/ws_server.cc ++++ b/src/daemon/entry/cri/websocket/service/ws_server.cc +@@ -30,7 +30,6 @@ struct lws_context *WebsocketServer::m_context = nullptr; + std::atomic WebsocketServer::m_instance; + RWMutex WebsocketServer::m_mutex; + std::unordered_map WebsocketServer::m_wsis; +-std::unordered_set WebsocketServer::m_activeSession; + + WebsocketServer *WebsocketServer::GetInstance() noexcept + { +@@ -159,12 +158,10 @@ void WebsocketServer::CloseAllWsSession() + { + WriteGuard lock(m_mutex); + for (auto it = m_wsis.begin(); it != m_wsis.end(); ++it) { +- free(it->second.buf); ++ it->second.EraseAllMessage(); + close(it->second.pipes.at(0)); + close(it->second.pipes.at(1)); +- it->second.sended = true; + delete it->second.buf_mutex; +- delete it->second.sended_mutex; + } + m_wsis.clear(); + } +@@ -173,59 +170,54 @@ void WebsocketServer::CloseWsSession(int socketID) + { + auto it = m_wsis.find(socketID); + if (it != m_wsis.end()) { +- free(it->second.buf); ++ it->second.EraseAllMessage(); ++ // close the pipe write endpoint first, make sure io copy thread exit, ++ // otherwise epoll will trigger EOF ++ if (it->second.pipes.at(1) >= 0) { ++ close(it->second.pipes.at(1)); ++ it->second.pipes.at(1) = -1; ++ } ++ (void)sem_wait(it->second.sync_close_sem); ++ (void)sem_destroy(it->second.sync_close_sem); + close(it->second.pipes.at(0)); +- close(it->second.pipes.at(1)); +- it->second.sended = true; + delete it->second.buf_mutex; +- delete it->second.sended_mutex; + m_wsis.erase(it); + } + } + +-void WebsocketServer::RecordSession(struct lws *wsi) +-{ +- m_activeSession.insert(wsi); +-} +- +-void WebsocketServer::RemoveSession(struct lws *wsi) +-{ +- m_activeSession.erase(wsi); +-} +- +-bool WebsocketServer::IsValidSession(struct lws *wsi) +-{ +- return m_activeSession.count(wsi) != 0; +-} +- +-int WebsocketServer::DumpHandshakeInfo(struct lws *wsi) noexcept ++int WebsocketServer::GenerateSessionData(session_data &session) noexcept + { + int read_pipe_fd[PIPE_FD_NUM]; + if (InitRWPipe(read_pipe_fd) < 0) { + ERROR("failed to init read/write pipe!"); ++ return -1; + } + +- session_data session; +- session.pipes = std::array { read_pipe_fd[0], read_pipe_fd[1] }; ++ std::mutex *buf_mutex = new std::mutex; ++ sem_t *sync_close_sem = new sem_t; + +- int socketID = lws_get_socket_fd(wsi); +- m_wsis.insert(std::make_pair(socketID, std::move(session))); +- m_wsis[socketID].buf = (unsigned char *)util_common_calloc_s(LWS_PRE + MAX_MSG_BUFFER_SIZE + 1); +- if (m_wsis[socketID].buf == nullptr) { +- ERROR("Out of memory"); ++ if (sem_init(sync_close_sem, 0, 0) != 0) { ++ ERROR("Semaphore initialization failed"); ++ close(read_pipe_fd[1]); ++ close(read_pipe_fd[0]); ++ delete buf_mutex; ++ delete sync_close_sem; + return -1; + } +- m_wsis[socketID].buf_mutex = new std::mutex; +- m_wsis[socketID].sended_mutex = new std::mutex; +- m_wsis[socketID].SetProcessingStatus(false); + +- int len; +- char buf[MAX_BUF_LEN] { 0 }; ++ session.pipes = std::array { read_pipe_fd[0], read_pipe_fd[1] }; ++ session.buf_mutex = buf_mutex; ++ session.sync_close_sem = sync_close_sem; + ++ return 0; ++} ++ ++int WebsocketServer::RegisterStreamTask(struct lws *wsi) noexcept ++{ ++ char buf[MAX_BUF_LEN] { 0 }; + lws_hdr_copy(wsi, buf, sizeof(buf), WSI_TOKEN_GET_URI); + if (strlen(buf) == 0) { + ERROR("invalid url"); +- CloseWsSession(socketID); + return -1; + } + +@@ -237,60 +229,68 @@ int WebsocketServer::DumpHandshakeInfo(struct lws *wsi) noexcept + !m_handler.IsValidMethod(vec.at(1)) || + !cache->IsValidToken(vec.at(2))) { + ERROR("invalid url(%s): incorrect format!", buf); +- CloseWsSession(socketID); + return -1; + } + ++ session_data session; ++ if (GenerateSessionData(session) != 0) { ++ ERROR("failed to fill generate session data"); ++ return -1; ++ } ++ ++ int socketID = lws_get_socket_fd(wsi); ++ m_wsis.insert(std::make_pair(socketID, std::move(session))); ++ ++ lwsContext lwsCtx = { ++ .fd = socketID, ++ .sync_close_sem = m_wsis[socketID].sync_close_sem, ++ }; + std::thread streamTh([ = ]() { +- StreamTask(&m_handler, wsi, vec.at(1), vec.at(2), m_wsis[socketID].pipes.at(0)).Run(); ++ StreamTask(&m_handler, lwsCtx, vec.at(1), vec.at(2), m_wsis[socketID].pipes.at(0)).Run(); + }); + streamTh.detach(); +- RecordSession(wsi); ++ ++ return 0; ++} ++ ++void WebsocketServer::DumpHandshakeInfo(struct lws *wsi) noexcept ++{ + int n = 0; + const unsigned char *c = nullptr; ++ char buf[MAX_BUF_LEN] { 0 }; ++ + do { + c = lws_token_to_string((lws_token_indexes)n); + if (c == nullptr) { + n++; + continue; + } +- len = lws_hdr_total_length(wsi, (lws_token_indexes)n); ++ int len = lws_hdr_total_length(wsi, (lws_token_indexes)n); + if (len == 0 || (static_cast(len) > sizeof(buf) - 1)) { + n++; + continue; + } ++ + lws_hdr_copy(wsi, buf, sizeof(buf), (lws_token_indexes)n); + buf[sizeof(buf) - 1] = '\0'; + DEBUG(" %s = %s", (char *)c, buf); + n++; + } while (c != nullptr); +- +- return 0; + } + +-int WebsocketServer::Wswrite(struct lws *wsi, void *in, size_t len) ++int WebsocketServer::Wswrite(struct lws *wsi, const unsigned char *message) + { + auto it = m_wsis.find(lws_get_socket_fd(wsi)); + if (it != m_wsis.end()) { +- if (it->second.close) { +- DEBUG("websocket session disconnected"); +- return -1; +- } +- it->second.buf_mutex->lock(); +- auto &buf = it->second.buf; +- if (strlen((const char *)(&buf[LWS_PRE + 1])) == 0) { +- it->second.buf_mutex->unlock(); ++ if (strlen((const char *)(&message[LWS_PRE + 1])) == 0) { + return 0; + } +- int n = lws_write(wsi, (unsigned char *)(&buf[LWS_PRE]), +- strlen((const char *)(&buf[LWS_PRE + 1])) + 1, LWS_WRITE_TEXT); ++ int n = lws_write(wsi, (unsigned char *)(&message[LWS_PRE]), ++ strlen((const char *)(&message[LWS_PRE + 1])) + 1, LWS_WRITE_TEXT); + if (n < 0) { +- it->second.buf_mutex->unlock(); + ERROR("ERROR %d writing to socket, hanging up", n); + return -1; + } +- (void)memset(buf, 0, LWS_PRE + MAX_MSG_BUFFER_SIZE + 1); +- it->second.buf_mutex->unlock(); + } + + return 0; +@@ -314,16 +314,6 @@ void WebsocketServer::Receive(int socketID, void *in, size_t len) + } + } + +-void WebsocketServer::SetLwsSendedFlag(int socketID, bool sended) +-{ +- if (m_wsis.count(socketID) == 0) { +- return; +- } +- m_wsis[socketID].sended_mutex->lock(); +- m_wsis[socketID].sended = sended; +- m_wsis[socketID].sended_mutex->unlock(); +-} +- + int WebsocketServer::Callback(struct lws *wsi, enum lws_callback_reasons reason, + void *user, void *in, size_t len) + { +@@ -334,10 +324,13 @@ int WebsocketServer::Callback(struct lws *wsi, enum lws_callback_reasons reason, + return -1; + case LWS_CALLBACK_FILTER_PROTOCOL_CONNECTION: { + WriteGuard lock(m_mutex); +- if (WebsocketServer::GetInstance()->DumpHandshakeInfo(wsi)) { ++ WebsocketServer::GetInstance()->DumpHandshakeInfo(wsi); ++ if (WebsocketServer::GetInstance()->RegisterStreamTask(wsi) != 0) { + // return non-zero here and kill the connection + return -1; + } ++ // Trigger polling in LWS_CALLBACK_SERVER_WRITEABLE ++ lws_callback_on_writable(wsi); + } + break; + case LWS_CALLBACK_ESTABLISHED: { +@@ -347,13 +340,32 @@ int WebsocketServer::Callback(struct lws *wsi, enum lws_callback_reasons reason, + case LWS_CALLBACK_SERVER_WRITEABLE: { + ReadGuard lock(m_mutex); + int socketID = lws_get_socket_fd(wsi); +- if (WebsocketServer::GetInstance()->Wswrite(wsi, in, len)) { +- WebsocketServer::GetInstance()->SetLwsSendedFlag(socketID, true); ++ auto it = m_wsis.find(socketID); ++ if (it == m_wsis.end()) { ++ DEBUG("invalid session!"); + // return nonzero from the user callback to close the connection + // and callback with the reason of LWS_CALLBACK_CLOSED + return -1; + } +- WebsocketServer::GetInstance()->SetLwsSendedFlag(socketID, true); ++ ++ while (!it->second.buffer.empty()) { ++ unsigned char *message = it->second.FrontMessage(); ++ // send success! free it and erase for list ++ if (WebsocketServer::GetInstance()->Wswrite(wsi, (const unsigned char *)message) == 0) { ++ free(message); ++ it->second.PopMessage(); ++ } else { ++ // Another case ret > 0, send fail! keep message and send it again! ++ // Or maybe the client was shut down abnormally ++ break; ++ } ++ } ++ ++ if (it->second.close) { ++ DEBUG("websocket session disconnected"); ++ return -1; ++ } ++ lws_callback_on_writable(wsi); + } + break; + case LWS_CALLBACK_RECEIVE: { +@@ -364,8 +376,8 @@ int WebsocketServer::Callback(struct lws *wsi, enum lws_callback_reasons reason, + case LWS_CALLBACK_CLOSED: { + WriteGuard lock(m_mutex); + DEBUG("connection has been closed"); +- WebsocketServer::GetInstance()->RemoveSession(wsi); +- WebsocketServer::GetInstance()->CloseWsSession(lws_get_socket_fd(wsi)); ++ int socketID = lws_get_socket_fd(wsi); ++ WebsocketServer::GetInstance()->CloseWsSession(socketID); + } + break; + default: +@@ -377,6 +389,9 @@ int WebsocketServer::Callback(struct lws *wsi, enum lws_callback_reasons reason, + void WebsocketServer::ServiceWorkThread(int threadid) + { + int n = 0; ++ ++ prctl(PR_SET_NAME, "WebsocketServer"); ++ + while (n >= 0 && !m_force_exit) { + n = lws_service(m_context, 0); + } +@@ -410,73 +425,37 @@ void WebsocketServer::Wait() + } + + namespace { +-auto PrepareWsiSession(int socketID) -> session_data * +-{ +- WebsocketServer *server = WebsocketServer::GetInstance(); +- server->ReadLockAllWsSession(); + +- auto itor = server->GetWsisData().find(socketID); +- if (itor == server->GetWsisData().end()) { +- ERROR("invalid session!"); +- server->UnlockAllWsSession(); +- return nullptr; +- } +- server->SetLwsSendedFlag(socketID, false); +- server->UnlockAllWsSession(); +- +- return &itor->second; +-} +- +-void DoWriteToClient(struct lws *wsi, session_data *session, ++void DoWriteToClient(int fd, session_data *session, + const void *data, size_t len, WebsocketChannel channel) + { +- session->buf_mutex->lock(); ++ unsigned char *buf = (unsigned char *)util_common_calloc_s(LWS_PRE + MAX_MSG_BUFFER_SIZE + 1); ++ if (buf == nullptr) { ++ ERROR("Out of memory"); ++ return; ++ } + // Determine if it is standard output channel or error channel +- (void)memset(session->buf, 0, LWS_PRE + MAX_MSG_BUFFER_SIZE + 1); +- session->buf[LWS_PRE] = channel; +- +- (void)memcpy(&session->buf[LWS_PRE + 1], (void *)data, len); ++ buf[LWS_PRE] = channel; + +- lws_callback_on_writable(wsi); ++ (void)memcpy(&buf[LWS_PRE + 1], (void *)data, len); + +- session->buf_mutex->unlock(); +-} +- +-void EnsureWrited(struct lws *wsi, session_data *session) +-{ +- const int RETRIES = 10; +- const int CHECK_PERIOD_SECOND = 1; +- const int TRIGGER_PERIOD_MS = 1; +- auto start = std::chrono::system_clock::now(); +- int count = 0; +- +- while (!session->sended && count < RETRIES) { +- auto end = std::chrono::system_clock::now(); +- auto duration = std::chrono::duration_cast(end - start); +- double spend_time = static_cast(duration.count()) * std::chrono::microseconds::period::num / +- std::chrono::microseconds::period::den; +- if (spend_time > CHECK_PERIOD_SECOND) { +- lws_callback_on_writable(wsi); +- std::this_thread::sleep_for(std::chrono::milliseconds(TRIGGER_PERIOD_MS)); +- start = std::chrono::system_clock::now(); +- count++; +- } +- std::this_thread::sleep_for(std::chrono::milliseconds(TRIGGER_PERIOD_MS)); +- } ++ // push back to message list ++ session->PushMessage(buf); + } + + ssize_t WsWriteToClient(void *context, const void *data, size_t len, WebsocketChannel channel) + { +- struct lws *wsi = static_cast(context); ++ auto *lwsCtx = static_cast(context); ++ int fd = lwsCtx->fd; + +- session_data *session = PrepareWsiSession(lws_get_socket_fd(wsi)); +- if (session == nullptr) { ++ WebsocketServer *server = WebsocketServer::GetInstance(); ++ auto itor = server->GetWsisData().find(fd); ++ if (itor == server->GetWsisData().end()) { ++ ERROR("invalid session!"); + return 0; + } + +- DoWriteToClient(wsi, session, data, len, channel); +- +- EnsureWrited(wsi, session); ++ DoWriteToClient(fd, &itor->second, data, len, channel); + + return static_cast(len); + } +@@ -495,23 +474,37 @@ ssize_t WsWriteStderrToClient(void *context, const void *data, size_t len) + int closeWsConnect(void *context, char **err) + { + (void)err; +- struct lws *wsi = static_cast(context); ++ auto *lwsCtx = static_cast(context); ++ ++ if (lwsCtx->sync_close_sem != nullptr) { ++ (void)sem_post(lwsCtx->sync_close_sem); ++ } + + WebsocketServer *server = WebsocketServer::GetInstance(); + server->ReadLockAllWsSession(); +- auto it = server->GetWsisData().find(lws_get_socket_fd(wsi)); ++ auto it = server->GetWsisData().find(lwsCtx->fd); + if (it == server->GetWsisData().end()) { + server->UnlockAllWsSession(); + ERROR("websocket session not exist"); ++ delete lwsCtx; + return -1; + } +- ++ // will close websocket session on LWS_CALLBACK_SERVER_WRITEABLE polling + it->second.close = true; +- // close websocket session +- if (server->IsValidSession(wsi)) { +- lws_callback_on_writable(wsi); +- } + server->UnlockAllWsSession(); + ++ delete lwsCtx; + return 0; + } ++ ++int closeWsStream(void *context, char **err) ++{ ++ (void)err; ++ auto *lwsCtx = static_cast(context); ++ ++ if (lwsCtx->sync_close_sem != nullptr) { ++ (void)sem_post(lwsCtx->sync_close_sem); ++ } ++ ++ return 0; ++} +\ No newline at end of file +diff --git a/src/daemon/entry/cri/websocket/service/ws_server.h b/src/daemon/entry/cri/websocket/service/ws_server.h +index cb431f7f..ebba3305 100644 +--- a/src/daemon/entry/cri/websocket/service/ws_server.h ++++ b/src/daemon/entry/cri/websocket/service/ws_server.h +@@ -22,6 +22,7 @@ + #include + #include + #include ++#include + #include + #include + #include "route_callback_register.h" +@@ -47,20 +48,45 @@ enum WebsocketChannel { + + struct session_data { + std::array pipes; +- unsigned char *buf; +- volatile bool sended { false }; + volatile bool close { false }; +- volatile bool in_processing { false }; + std::mutex *buf_mutex; +- std::mutex *sended_mutex; ++ sem_t *sync_close_sem; ++ std::list buffer; + +- void SetProcessingStatus(bool status) ++ unsigned char *FrontMessage() + { +- in_processing = status; ++ unsigned char *message = nullptr; ++ ++ buf_mutex->lock(); ++ message = buffer.front(); ++ buf_mutex->unlock(); ++ ++ return message; ++ } ++ ++ void PopMessage() ++ { ++ buf_mutex->lock(); ++ buffer.pop_front(); ++ buf_mutex->unlock(); + } +- bool GetProcessingStatus() const ++ ++ void PushMessage(unsigned char *message) ++ { ++ buf_mutex->lock(); ++ buffer.push_back(message); ++ buf_mutex->unlock(); ++ } ++ ++ void EraseAllMessage() + { +- return in_processing; ++ buf_mutex->lock(); ++ for (auto iter = buffer.begin(); iter != buffer.end();) { ++ free(*iter); ++ *iter = NULL; ++ iter = buffer.erase(iter); ++ } ++ buf_mutex->unlock(); + } + }; + +@@ -77,7 +103,6 @@ public: + void SetLwsSendedFlag(int socketID, bool sended); + void ReadLockAllWsSession(); + void UnlockAllWsSession(); +- bool IsValidSession(struct lws *wsi); + + private: + WebsocketServer(); +@@ -89,15 +114,15 @@ private: + static void EmitLog(int level, const char *line); + int CreateContext(); + inline void Receive(int socketID, void *in, size_t len); +- int Wswrite(struct lws *wsi, void *in, size_t len); +- inline int DumpHandshakeInfo(struct lws *wsi) noexcept; ++ int Wswrite(struct lws *wsi, const unsigned char *message); ++ inline void DumpHandshakeInfo(struct lws *wsi) noexcept; ++ int RegisterStreamTask(struct lws *wsi) noexcept; ++ int GenerateSessionData(session_data &session) noexcept; + static int Callback(struct lws *wsi, enum lws_callback_reasons reason, + void *user, void *in, size_t len); + void ServiceWorkThread(int threadid); + void CloseWsSession(int socketID); + void CloseAllWsSession(); +- void RecordSession(struct lws *wsi); +- void RemoveSession(struct lws *wsi); + + private: + static RWMutex m_mutex; +@@ -110,7 +135,6 @@ private: + }; + RouteCallbackRegister m_handler; + static std::unordered_map m_wsis; +- static std::unordered_set m_activeSession; + url::URLDatum m_url; + int m_listenPort; + }; +@@ -118,6 +142,7 @@ private: + ssize_t WsWriteStdoutToClient(void *context, const void *data, size_t len); + ssize_t WsWriteStderrToClient(void *context, const void *data, size_t len); + int closeWsConnect(void *context, char **err); ++int closeWsStream(void *context, char **err); + + #endif // DAEMON_ENTRY_CRI_WEBSOCKET_SERVICE_WS_SERVER_H + +diff --git a/src/daemon/modules/service/io_handler.c b/src/daemon/modules/service/io_handler.c +index 75a36483..d57894f2 100644 +--- a/src/daemon/modules/service/io_handler.c ++++ b/src/daemon/modules/service/io_handler.c +@@ -183,6 +183,7 @@ struct io_copy_arg { + io_type dsttype; + void *dst; + int dstfifoflag; ++ transfer_channel_type channel; + }; + + struct io_copy_thread_arg { +@@ -194,7 +195,7 @@ struct io_copy_thread_arg { + }; + + static void io_copy_thread_cleanup(struct io_write_wrapper *writers, struct io_copy_thread_arg *thread_arg, int *infds, +- int *outfds, int *srcfds, size_t len) ++ int *outfds, int *srcfds, transfer_channel_type *channels, size_t len) + { + size_t i = 0; + for (i = 0; i < len; i++) { +@@ -214,9 +215,11 @@ static void io_copy_thread_cleanup(struct io_write_wrapper *writers, struct io_c + free(infds); + free(outfds); + free(writers); ++ free(channels); + } + +-static int io_copy_init_fds(size_t len, int **infds, int **outfds, int **srcfds, struct io_write_wrapper **writers) ++static int io_copy_init_fds(size_t len, int **infds, int **outfds, int **srcfds, ++ struct io_write_wrapper **writers, transfer_channel_type **channels) + { + size_t i; + +@@ -252,9 +255,19 @@ static int io_copy_init_fds(size_t len, int **infds, int **outfds, int **srcfds, + ERROR("Out of memory"); + return -1; + } ++ ++ *channels = util_common_calloc_s(sizeof(transfer_channel_type) * len); ++ if (*channels == NULL) { ++ ERROR("Out of memory"); ++ return -1; ++ } ++ ++ for (i = 0; i < len; i++) { ++ (*channels)[i] = MAX_CHANNEL; ++ } + return 0; +-} + ++} + typedef int (*src_io_type_handle)(int index, struct io_copy_arg *copy_arg, int *infds, int *srcfds); + + struct src_io_copy_handler { +@@ -292,7 +305,8 @@ static int handle_src_io_max(int index, struct io_copy_arg *copy_arg, int *infds + return -1; + } + +-static int io_copy_make_srcfds(size_t len, struct io_copy_arg *copy_arg, int *infds, int *srcfds) ++static int io_copy_make_srcfds(size_t len, struct io_copy_arg *copy_arg, int *infds, ++ int *srcfds, transfer_channel_type *channels) + { + size_t i; + +@@ -307,6 +321,7 @@ static int io_copy_make_srcfds(size_t len, struct io_copy_arg *copy_arg, int *in + if (src_handler_jump_table[(int)(copy_arg[i].srctype)].handle(i, copy_arg, infds, srcfds) != 0) { + return -1; + } ++ channels[i] = copy_arg[i].channel; + } + + return 0; +@@ -412,6 +427,7 @@ static void *io_copy_thread_main(void *arg) + int *outfds = NULL; // recored fds to close + int *srcfds = NULL; + struct io_write_wrapper *writers = NULL; ++ transfer_channel_type *channels = NULL; + int sync_fd = thread_arg->sync_fd; + bool posted = false; + +@@ -426,11 +442,11 @@ static void *io_copy_thread_main(void *arg) + (void)prctl(PR_SET_NAME, "IoCopy"); + + len = thread_arg->len; +- if (io_copy_init_fds(len, &infds, &outfds, &srcfds, &writers) != 0) { ++ if (io_copy_init_fds(len, &infds, &outfds, &srcfds, &writers, &channels) != 0) { + goto err; + } + +- if (io_copy_make_srcfds(len, copy_arg, infds, srcfds) != 0) { ++ if (io_copy_make_srcfds(len, copy_arg, infds, srcfds, channels) != 0) { + goto err; + } + +@@ -440,12 +456,12 @@ static void *io_copy_thread_main(void *arg) + + sem_post(&thread_arg->wait_sem); + posted = true; +- (void)console_loop_io_copy(sync_fd, srcfds, writers, len); ++ (void)console_loop_io_copy(sync_fd, srcfds, writers, channels, len); + err: + if (!posted) { + sem_post(&thread_arg->wait_sem); + } +- io_copy_thread_cleanup(writers, thread_arg, infds, outfds, srcfds, len); ++ io_copy_thread_cleanup(writers, thread_arg, infds, outfds, srcfds, channels, len); + DAEMON_CLEAR_ERRMSG(); + return NULL; + } +@@ -480,26 +496,27 @@ static int start_io_copy_thread(int sync_fd, bool detach, struct io_copy_arg *co + } + + static void add_io_copy_element(struct io_copy_arg *element, io_type srctype, void *src, io_type dsttype, void *dst, +- int dstfifoflag) ++ int dstfifoflag, transfer_channel_type channel) + { + element->srctype = srctype; + element->src = src; + element->dsttype = dsttype; + element->dst = dst; + element->dstfifoflag = dstfifoflag; ++ element->channel = channel; + } + + /* + ----------------------------------------------------------------------------------- + | CHANNEL | iSula iSulad lxc | + ----------------------------------------------------------------------------------- +- | | fifoin fifos[0] | ++ | | fifoin | stdin_fd fifos[0] | + | IN | RDWR --------> RD RDWR --------> RD | + ----------------------------------------------------------------------------------- +- | | fifoout fifos[1] | ++ | | fifoout | stdout_handler fifos[1] | + | OUT | RD <-------- WR RD <-------- WR | + ----------------------------------------------------------------------------------- +- | | fifoerr fifos[2] | ++ | | fifoerr stderr_handler fifos[2] | + | ERR | RD <-------- WR RD <-------- WR | + ----------------------------------------------------------------------------------- + */ +@@ -513,29 +530,29 @@ int ready_copy_io_data(int sync_fd, bool detach, const char *fifoin, const char + if (fifoin != NULL) { + // fifoin : iSula -> iSulad read + // fifos[0] : iSulad -> lxc write +- add_io_copy_element(&io_copy[len++], IO_FIFO, (void *)fifoin, IO_FIFO, (void *)fifos[0], O_RDWR); ++ add_io_copy_element(&io_copy[len++], IO_FIFO, (void *)fifoin, IO_FIFO, (void *)fifos[0], O_RDWR, STDIN_CHANNEL); + } + + if (fifoout != NULL) { + // fifos[1] : lxc -> iSulad read + // fifoout : iSulad -> iSula write +- add_io_copy_element(&io_copy[len++], IO_FIFO, (void *)fifos[1], IO_FIFO, (void *)fifoout, O_WRONLY); ++ add_io_copy_element(&io_copy[len++], IO_FIFO, (void *)fifos[1], IO_FIFO, (void *)fifoout, O_WRONLY, STDOUT_CHANNEL); + } + + if (fifoerr != NULL) { +- add_io_copy_element(&io_copy[len++], IO_FIFO, (void *)fifos[2], IO_FIFO, (void *)fifoerr, O_WRONLY); ++ add_io_copy_element(&io_copy[len++], IO_FIFO, (void *)fifos[2], IO_FIFO, (void *)fifoerr, O_WRONLY, STDERR_CHANNEL); + } + + if (stdin_fd > 0) { +- add_io_copy_element(&io_copy[len++], IO_FD, &stdin_fd, IO_FIFO, (void *)fifos[0], O_RDWR); ++ add_io_copy_element(&io_copy[len++], IO_FD, &stdin_fd, IO_FIFO, (void *)fifos[0], O_RDWR, STDIN_CHANNEL); + } + + if (stdout_handler != NULL) { +- add_io_copy_element(&io_copy[len++], IO_FIFO, (void *)fifos[1], IO_FUNC, stdout_handler, O_WRONLY); ++ add_io_copy_element(&io_copy[len++], IO_FIFO, (void *)fifos[1], IO_FUNC, stdout_handler, O_WRONLY, STDOUT_CHANNEL); + } + + if (stderr_handler != NULL) { +- add_io_copy_element(&io_copy[len++], IO_FIFO, (void *)fifos[2], IO_FUNC, stderr_handler, O_WRONLY); ++ add_io_copy_element(&io_copy[len++], IO_FIFO, (void *)fifos[2], IO_FUNC, stderr_handler, O_WRONLY, STDERR_CHANNEL); + } + + if (start_io_copy_thread(sync_fd, detach, io_copy, len, tid) != 0) { +diff --git a/src/utils/console/console.c b/src/utils/console/console.c +index 1aedd0c9..b1d8b6dc 100644 +--- a/src/utils/console/console.c ++++ b/src/utils/console/console.c +@@ -328,7 +328,7 @@ out: + return ret; + } + +-static void client_console_tty_state_close(struct epoll_descr *descr, const struct tty_state *ts) ++static void console_tty_state_close(struct epoll_descr *descr, const struct tty_state *ts) + { + if (ts->stdin_reader >= 0) { + epoll_loop_del_handler(descr, ts->stdin_reader); +@@ -430,13 +430,14 @@ int console_loop_with_std_fd(int stdinfd, int stdoutfd, int stderrfd, int fifoin + ret = safe_epoll_loop(&descr); + + err_out: +- client_console_tty_state_close(&descr, &ts); ++ console_tty_state_close(&descr, &ts); + epoll_loop_close(&descr); + return ret; + } + + /* console loop copy */ +-int console_loop_io_copy(int sync_fd, const int *srcfds, struct io_write_wrapper *writers, size_t len) ++int console_loop_io_copy(int sync_fd, const int *srcfds, struct io_write_wrapper *writers, ++ transfer_channel_type *channels, size_t len) + { + int ret = 0; + size_t i = 0; +@@ -460,17 +461,35 @@ int console_loop_io_copy(int sync_fd, const int *srcfds, struct io_write_wrapper + } + + for (i = 0; i < len; i++) { +- // Reusing ts.stdout_reader and ts.stdout_writer for coping io +- ts[i].stdout_reader = srcfds[i]; +- ts[i].stdout_writer.context = writers[i].context; +- ts[i].stdout_writer.write_func = writers[i].write_func; ++ // initial tty_state ++ ts[i].stdin_reader = -1; ++ ts[i].stdout_reader = -1; ++ ts[i].stderr_reader = -1; + ts[i].sync_fd = -1; +- ret = epoll_loop_add_handler(&descr, ts[i].stdout_reader, console_cb_stdio_copy, &ts[i]); ++ if (channels[i] == STDIN_CHANNEL) { ++ ts[i].stdin_reader = srcfds[i]; ++ ts[i].stdin_writer.context = writers[i].context; ++ ts[i].stdin_writer.write_func = writers[i].write_func; ++ ret = epoll_loop_add_handler(&descr, ts[i].stdin_reader, console_cb_stdio_copy, &ts[i]); ++ } else if (channels[i] == STDOUT_CHANNEL) { ++ // Reusing ts.stdout_reader and ts.stdout_writer for coping io ++ ts[i].stdout_reader = srcfds[i]; ++ ts[i].stdout_writer.context = writers[i].context; ++ ts[i].stdout_writer.write_func = writers[i].write_func; ++ ret = epoll_loop_add_handler(&descr, ts[i].stdout_reader, console_cb_stdio_copy, &ts[i]); ++ } else { ++ // Reusing ts.stderr_reader and ts.stderr_writer for coping io ++ ts[i].stderr_reader = srcfds[i]; ++ ts[i].stderr_writer.context = writers[i].context; ++ ts[i].stderr_writer.write_func = writers[i].write_func; ++ ret = epoll_loop_add_handler(&descr, ts[i].stderr_reader, console_cb_stdio_copy, &ts[i]); ++ } + if (ret != 0) { + ERROR("Add handler for masterfd failed"); + goto err_out; + } + } ++ + if (sync_fd >= 0) { + ts[i].sync_fd = sync_fd; + epoll_loop_add_handler(&descr, ts[i].sync_fd, console_cb_stdio_copy, &ts[i]); +@@ -483,9 +502,8 @@ int console_loop_io_copy(int sync_fd, const int *srcfds, struct io_write_wrapper + ret = safe_epoll_loop(&descr); + + err_out: +- + for (i = 0; i < (len + 1); i++) { +- epoll_loop_del_handler(&descr, ts[i].stdout_reader); ++ console_tty_state_close(&descr, &ts[i]); + } + epoll_loop_close(&descr); + free(ts); +diff --git a/src/utils/console/console.h b/src/utils/console/console.h +index 0dfe19d3..63103d2b 100644 +--- a/src/utils/console/console.h ++++ b/src/utils/console/console.h +@@ -43,6 +43,8 @@ struct tty_state { + bool ignore_stdin_close; + }; + ++typedef enum { STDIN_CHANNEL, STDOUT_CHANNEL, STDERR_CHANNEL, MAX_CHANNEL} transfer_channel_type; ++ + int console_fifo_name(const char *rundir, const char *subpath, const char *stdflag, char *fifo_name, + size_t fifo_name_sz, char *fifo_path, size_t fifo_path_sz, bool do_mkdirp); + +@@ -59,7 +61,8 @@ void console_fifo_close(int fd); + int console_loop_with_std_fd(int stdinfd, int stdoutfd, int stderrfd, int fifoinfd, int fifooutfd, int fifoerrfd, + int tty_exit, bool tty); + +-int console_loop_io_copy(int sync_fd, const int *srcfds, struct io_write_wrapper *writers, size_t len); ++int console_loop_io_copy(int sync_fd, const int *srcfds, struct io_write_wrapper *writers, ++ transfer_channel_type *channels, size_t len); + + int setup_tios(int fd, struct termios *curr_tios); + +-- +2.25.1 + diff --git a/0070-CI-add-testcase-for-cri-stream.patch b/0070-CI-add-testcase-for-cri-stream.patch new file mode 100644 index 0000000..ae5fe6d --- /dev/null +++ b/0070-CI-add-testcase-for-cri-stream.patch @@ -0,0 +1,191 @@ +From b4dbbf16a6bfadbc2d09079c7b27c4af3feee6a6 Mon Sep 17 00:00:00 2001 +From: wujing +Date: Wed, 7 Apr 2021 15:35:09 +0800 +Subject: [PATCH 070/104] CI: add testcase for cri stream + +Signed-off-by: wujing +--- + CI/install_depends.sh | 8 ++ + CI/test_cases/container_cases/cri_stream.sh | 151 ++++++++++++++++++++ + 2 files changed, 159 insertions(+) + create mode 100755 CI/test_cases/container_cases/cri_stream.sh + +diff --git a/CI/install_depends.sh b/CI/install_depends.sh +index 5dd25439..f643deb8 100755 +--- a/CI/install_depends.sh ++++ b/CI/install_depends.sh +@@ -143,6 +143,14 @@ make install + cd - + ldconfig + ++# install cricli ++cd ~ ++git clone https://gitee.com/jingwoo/cricli.git ++cd cricli ++make -j $(nproc) ++cp cricli /usr/local/bin ++cd - ++ + wait + if [ -e ${buildstatus} ];then + for i in ${buildlogs[@]} +diff --git a/CI/test_cases/container_cases/cri_stream.sh b/CI/test_cases/container_cases/cri_stream.sh +new file mode 100755 +index 00000000..3107308f +--- /dev/null ++++ b/CI/test_cases/container_cases/cri_stream.sh +@@ -0,0 +1,151 @@ ++#!/bin/bash ++# ++# attributes: isulad cri websockets exec attach ++# concurrent: NA ++# spend time: 46 ++ ++curr_path=$(dirname $(readlink -f "$0")) ++data_path=$(realpath $curr_path/criconfigs) ++pause_img_path=$(realpath $curr_path/test_data) ++source ../helpers.sh ++ ++function set_up() ++{ ++ local ret=0 ++ local image="busybox" ++ local podimage="mirrorgooglecontainers/pause-amd64" ++ local test="set_up => (${FUNCNAME[@]})" ++ ++ msg_info "${test} starting..." ++ ++ cp /etc/isulad/daemon.json /etc/isulad/daemon.bak ++ sed -i "s#\"pod-sandbox-image\": \"\"#\"pod-sandbox-image\": \"mirrorgooglecontainers/pause-amd64:3.0\"#g" /etc/isulad/daemon.json ++ ++ check_valgrind_log ++ [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - failed to stop isulad" && return ${FAILURE} ++ ++ start_isulad_with_valgrind ++ [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - failed to start isulad" && return ${FAILURE} ++ ++ isula load -i ${pause_img_path}/pause.tar ++ [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - failed to load pause image" && return ${FAILURE} ++ ++ crictl pull ${image} ++ [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - failed to pull image: ${image}" && return ${FAILURE} ++ ++ crictl images | grep ${podimage} ++ [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - missing list image: ${podimage}" && ((ret++)) ++ ++ sid=$(crictl runp ${data_path}/sandbox-config.json) ++ [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - failed to run sandbox" && ((ret++)) ++ ++ cid=$(crictl create $sid ${data_path}/container-config.json ${data_path}/sandbox-config.json) ++ [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - failed to create container" && ((ret++)) ++ ++ crictl start $cid ++ [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - failed to start container" && ((ret++)) ++ ++ msg_info "${test} finished with return ${ret}..." ++ return ${ret} ++} ++ ++function test_cri_exec_fun() ++{ ++ local ret=0 ++ local test="test_cri_exec_fun => (${FUNCNAME[@]})" ++ msg_info "${test} starting..." ++ declare -a fun_pids ++ for index in $(seq 1 20); do ++ nohup cricli exec -it ${cid} date & ++ fun_pids[${#pids[@]}]=$! ++ done ++ wait ${fun_pids[*]// /|} ++ ++ declare -a abn_pids ++ for index in $(seq 1 20); do ++ nohup cricli exec -it ${cid} xxx & ++ abn_pids[${#pids[@]}]=$! ++ done ++ wait ${abn_pids[*]// /|} ++ ++ sleep 2 ++ ps -T -p $(cat /var/run/isulad.pid) | grep IoCopy ++ [[ $? -eq 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - residual IO copy thread in CRI exec operation" && ((ret++)) ++ ++ msg_info "${test} finished with return ${ret}..." ++ return ${ret} ++} ++ ++function test_cri_exec_abn ++{ ++ local ret=0 ++ local test="test_cri_exec_abn => (${FUNCNAME[@]})" ++ msg_info "${test} starting..." ++ ++ nohup cricli exec -it ${cid} sleep 100 & ++ pid=$! ++ sleep 3 ++ kill -9 $pid ++ sleep 2 ++ ++ ps -T -p $(cat /var/run/isulad.pid) | grep IoCopy ++ [[ $? -eq 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - residual IO copy thread in CRI exec operation" && ((ret++)) ++ ++ msg_info "${test} finished with return ${ret}..." ++ return ${ret} ++} ++ ++function test_cri_attach ++{ ++ local ret=0 ++ local test="test_cri_attach => (${FUNCNAME[@]})" ++ msg_info "${test} starting..." ++ ++ nohup cricli attach -i ${cid} & ++ pid=$! ++ sleep 2 ++ kill -9 $pid ++ sleep 2 ++ ++ ps -T -p $(cat /var/run/isulad.pid) | grep IoCopy ++ [[ $? -eq 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - residual IO copy thread in CRI attach operation" && ((ret++)) ++ ++ msg_info "${test} finished with return ${ret}..." ++ return ${ret} ++} ++ ++function tear_down() ++{ ++ local ret=0 ++ ++ crictl stop $cid ++ [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - failed to stop container" && ((ret++)) ++ ++ crictl rm $cid ++ [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - failed to rm container" && ((ret++)) ++ ++ crictl stopp $sid ++ [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - failed to stop sandbox" && ((ret++)) ++ ++ crictl rmp $sid ++ [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - failed to rm sandbox" && ((ret++)) ++ ++ cp -f /etc/isulad/daemon.bak /etc/isulad/daemon.json ++ check_valgrind_log ++ start_isulad_with_valgrind ++ ++ return ${ret} ++} ++ ++declare -i ans=0 ++ ++set_up || ((ans++)) ++ ++test_cri_exec_fun || ((ans++)) ++test_cri_exec_abn || ((ans++)) ++ ++test_cri_attach || ((ans++)) ++ ++tear_down || ((ans++)) ++ ++show_result ${ans} "${curr_path}/${0}" +-- +2.25.1 + diff --git a/0071-stats-show-cpu-usage-normal-when-stats-with-no-strea.patch b/0071-stats-show-cpu-usage-normal-when-stats-with-no-strea.patch new file mode 100644 index 0000000..e32613a --- /dev/null +++ b/0071-stats-show-cpu-usage-normal-when-stats-with-no-strea.patch @@ -0,0 +1,69 @@ +From 91ca85b8d8539992a6862a1a54c1e7b9d734b151 Mon Sep 17 00:00:00 2001 +From: Li Feng +Date: Thu, 8 Apr 2021 15:41:18 +0800 +Subject: [PATCH 071/104] stats: show cpu usage normal when stats with + --no-stream + +Signed-off-by: Li Feng +--- + src/cmd/isula/extend/stats.c | 22 +++++++++++++++------- + 1 file changed, 15 insertions(+), 7 deletions(-) + +diff --git a/src/cmd/isula/extend/stats.c b/src/cmd/isula/extend/stats.c +index 724cf381..b35156a6 100644 +--- a/src/cmd/isula/extend/stats.c ++++ b/src/cmd/isula/extend/stats.c +@@ -192,13 +192,15 @@ static void stats_output(const struct client_arguments *args, struct isula_stats + { + size_t i; + +- printf(TERMCLEAR); +- stats_print_header(); +- for (i = 0; i < (*response)->container_num; i++) { +- stats_print(&((*response)->container_stats[i])); +- printf("\n"); ++ if (g_oldstats != NULL) { ++ printf(TERMCLEAR); ++ stats_print_header(); ++ for (i = 0; i < (*response)->container_num; i++) { ++ stats_print(&((*response)->container_stats[i])); ++ printf("\n"); ++ } ++ fflush(stdout); + } +- fflush(stdout); + + isula_stats_response_free(g_oldstats); + g_oldstats = *response; +@@ -222,6 +224,7 @@ static int client_stats_mainloop(const struct client_arguments *args, const stru + config = get_connect_config(args); + + while (1) { ++ bool first_frame = false; + struct isula_stats_response *response = NULL; + response = util_common_calloc_s(sizeof(struct isula_stats_response)); + if (response == NULL) { +@@ -239,6 +242,10 @@ static int client_stats_mainloop(const struct client_arguments *args, const stru + goto out; + } + ++ if (g_oldstats == NULL) { ++ first_frame = true; ++ } ++ + if (args->original) { + stats_output_original(args, &response); + isula_stats_response_free(response); +@@ -247,7 +254,8 @@ static int client_stats_mainloop(const struct client_arguments *args, const stru + + stats_output(args, &response); + isula_stats_response_free(response); +- if (args->nostream) { ++ ++ if (args->nostream && !first_frame) { + goto out; + } + +-- +2.25.1 + diff --git a/0072-Readme-add-script-to-install-iSulad-on-Ubuntu-20.04-.patch b/0072-Readme-add-script-to-install-iSulad-on-Ubuntu-20.04-.patch new file mode 100644 index 0000000..e981936 --- /dev/null +++ b/0072-Readme-add-script-to-install-iSulad-on-Ubuntu-20.04-.patch @@ -0,0 +1,118 @@ +From ac38baf0a2a49b9cfeb8010393b5f8e5d8a49739 Mon Sep 17 00:00:00 2001 +From: NiGo +Date: Tue, 13 Apr 2021 19:49:14 +0800 +Subject: [PATCH 072/104] Readme: add script to install iSulad on Ubuntu 20.04 + LTS + +--- + docs/build_guide.md | 6 ++- + docs/build_guide_zh.md | 6 ++- + docs/install_iSulad_on_Ubuntu_20_04_LTS.sh | 62 ++++++++++++++++++++++ + 3 files changed, 70 insertions(+), 4 deletions(-) + create mode 100644 docs/install_iSulad_on_Ubuntu_20_04_LTS.sh + +diff --git a/docs/build_guide.md b/docs/build_guide.md +index 449767ae..1b481a11 100644 +--- a/docs/build_guide.md ++++ b/docs/build_guide.md +@@ -17,8 +17,10 @@ $ sudo ./install_iSulad_on_Centos_7.sh + ``` + + ### install basic dependencies based on Ubuntu distribution +-```bash +-$ sudo apt install -y g++ libprotobuf-dev protobuf-compiler protobuf-compiler-grpc libgrpc++-dev libgrpc-dev libtool automake autoconf cmake make pkg-config libyajl-dev zlib1g-dev libselinux-dev libseccomp-dev libcap-dev libsystemd-dev git libcurl4-gnutls-dev openssl libdevmapper-dev golang python3 libtar libtar-dev ++```sh ++$ git clone https://gitee.com/openeuler/iSulad.git ++$ cd iSulad/docs ++$ sudo ./docs/install_iSulad_on_Ubuntu_20_04_LTS.sh + ``` + + ## Build and install other dependencies from source +diff --git a/docs/build_guide_zh.md b/docs/build_guide_zh.md +index 2cb709e8..0c844816 100644 +--- a/docs/build_guide_zh.md ++++ b/docs/build_guide_zh.md +@@ -27,8 +27,10 @@ $ sudo ./install_iSulad_on_Centos_7.sh + ``` + + ### Ubuntu的安装命令 +-```bash +-$ sudo apt install -y g++ libprotobuf-dev protobuf-compiler protobuf-compiler-grpc libgrpc++-dev libgrpc-dev libtool automake autoconf cmake make pkg-config libyajl-dev zlib1g-dev libselinux-dev libseccomp-dev libcap-dev libsystemd-dev git libarchive libarchive-dev libcurl4-gnutls-dev openssl libdevmapper-dev python3 libtar libtar-dev ++```sh ++$ git clone https://gitee.com/openeuler/iSulad.git ++$ cd iSulad/docs ++$ sudo ./docs/install_iSulad_on_Ubuntu_20_04_LTS.sh + ``` + + ## 从源码构建和安装关键依赖 +diff --git a/docs/install_iSulad_on_Ubuntu_20_04_LTS.sh b/docs/install_iSulad_on_Ubuntu_20_04_LTS.sh +new file mode 100644 +index 00000000..4b0b7a85 +--- /dev/null ++++ b/docs/install_iSulad_on_Ubuntu_20_04_LTS.sh +@@ -0,0 +1,62 @@ ++#!/bin/bash ++ ++set -x ++set -e ++ ++# export LDFLAGS ++export PKG_CONFIG_PATH=/usr/local/lib/pkgconfig:$PKG_CONFIG_PATH ++export LD_LIBRARY_PATH=/usr/local/lib:/usr/lib:/lib/x86_64-linux-gnu/:$LD_LIBRARY_PATH ++echo "/usr/local/lib" >> /etc/ld.so.conf ++ ++apt install -y g++ libprotobuf-dev protobuf-compiler protobuf-compiler-grpc libgrpc++-dev libgrpc-dev libtool automake autoconf cmake make pkg-config libyajl-dev zlib1g-dev libselinux1-dev libseccomp-dev libcap-dev libsystemd-dev git libarchive libarchive-dev libcurl4-gnutls-dev openssl libdevmapper-dev python3 libtar0 libtar-dev libhttp-parser-dev libwebsockets-dev ++ ++BUILD_DIR=/tmp/build_isulad ++ ++rm -rf $BUILD_DIR ++mkdir -p $BUILD_DIR ++ ++# build lxc ++cd $BUILD_DIR ++git clone https://gitee.com/src-openeuler/lxc.git ++cd lxc ++tar -zxf lxc-4.0.3.tar.gz ++./apply-patches ++cd lxc-4.0.3 ++./autogen.sh ++./configure ++make -j $(nproc) ++make install ++ ++# build lcr ++cd $BUILD_DIR ++git clone https://gitee.com/openeuler/lcr.git ++cd lcr ++mkdir build ++cd build ++cmake .. ++make -j $(nproc) ++make install ++ ++# build and install clibcni ++cd $BUILD_DIR ++git clone https://gitee.com/openeuler/clibcni.git ++cd clibcni ++mkdir build ++cd build ++cmake .. ++make -j $(nproc) ++make install ++ ++# build and install iSulad ++cd $BUILD_DIR ++git clone https://gitee.com/openeuler/iSulad.git ++cd iSulad ++mkdir build ++cd build ++cmake .. ++make -j $(nproc) ++make install ++ ++# clean ++rm -rf $BUILD_DIR ++apt autoremove +-- +2.25.1 + diff --git a/0073-update-libarchive-requirement-to-v3.4.patch b/0073-update-libarchive-requirement-to-v3.4.patch new file mode 100644 index 0000000..ca58110 --- /dev/null +++ b/0073-update-libarchive-requirement-to-v3.4.patch @@ -0,0 +1,26 @@ +From 998835f4bca41a91b938a97d4a25e7389e24b19a Mon Sep 17 00:00:00 2001 +From: WangFengTu +Date: Thu, 15 Apr 2021 09:45:06 +0800 +Subject: [PATCH 073/104] update libarchive requirement to v3.4 + +Signed-off-by: WangFengTu +--- + cmake/checker.cmake | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/cmake/checker.cmake b/cmake/checker.cmake +index 5ba4c63d..d4337a1b 100644 +--- a/cmake/checker.cmake ++++ b/cmake/checker.cmake +@@ -57,7 +57,7 @@ find_library(LIBYAJL_LIBRARY yajl + _CHECK(LIBYAJL_LIBRARY "LIBYAJL_LIBRARY-NOTFOUND" "libyajl.so") + + # check libarchive +-pkg_check_modules(PC_LIBARCHIVE REQUIRED "libarchive>=3.2") ++pkg_check_modules(PC_LIBARCHIVE REQUIRED "libarchive>=3.4") + find_path(LIBARCHIVE_INCLUDE_DIR archive.h + HINTS ${PC_LIBARCHIVE_INCLUDEDIR} ${PC_LIBARCHIVE_INCLUDE_DIRS}) + _CHECK(LIBARCHIVE_INCLUDE_DIR "LIBARCHIVE_INCLUDE_DIR-NOTFOUND" "archive.h") +-- +2.25.1 + diff --git a/0074-correct-the-mistake-package-libarchive-dev.patch b/0074-correct-the-mistake-package-libarchive-dev.patch new file mode 100644 index 0000000..4705238 --- /dev/null +++ b/0074-correct-the-mistake-package-libarchive-dev.patch @@ -0,0 +1,26 @@ +From 8b5115b5d43cc73d41ade4e984e7ee38eb237d3a Mon Sep 17 00:00:00 2001 +From: XiyouNiGo <1275810355@qq.com> +Date: Thu, 15 Apr 2021 12:33:07 +0800 +Subject: [PATCH 074/104] correct the mistake package: libarchive-dev + +--- + docs/install_iSulad_on_Ubuntu_20_04_LTS.sh | 3 +-- + 1 file changed, 1 insertion(+), 2 deletions(-) + +diff --git a/docs/install_iSulad_on_Ubuntu_20_04_LTS.sh b/docs/install_iSulad_on_Ubuntu_20_04_LTS.sh +index 4b0b7a85..630febe1 100644 +--- a/docs/install_iSulad_on_Ubuntu_20_04_LTS.sh ++++ b/docs/install_iSulad_on_Ubuntu_20_04_LTS.sh +@@ -7,8 +7,7 @@ set -e + export PKG_CONFIG_PATH=/usr/local/lib/pkgconfig:$PKG_CONFIG_PATH + export LD_LIBRARY_PATH=/usr/local/lib:/usr/lib:/lib/x86_64-linux-gnu/:$LD_LIBRARY_PATH + echo "/usr/local/lib" >> /etc/ld.so.conf +- +-apt install -y g++ libprotobuf-dev protobuf-compiler protobuf-compiler-grpc libgrpc++-dev libgrpc-dev libtool automake autoconf cmake make pkg-config libyajl-dev zlib1g-dev libselinux1-dev libseccomp-dev libcap-dev libsystemd-dev git libarchive libarchive-dev libcurl4-gnutls-dev openssl libdevmapper-dev python3 libtar0 libtar-dev libhttp-parser-dev libwebsockets-dev ++apt install -y g++ libprotobuf-dev protobuf-compiler protobuf-compiler-grpc libgrpc++-dev libgrpc-dev libtool automake autoconf cmake make pkg-config libyajl-dev zlib1g-dev libselinux1-dev libseccomp-dev libcap-dev libsystemd-dev git libarchive-dev libcurl4-gnutls-dev openssl libdevmapper-dev python3 libtar0 libtar-dev libhttp-parser-dev libwebsockets-dev + + BUILD_DIR=/tmp/build_isulad + +-- +2.25.1 + diff --git a/0075-Added-autocomplete-in-isula-command-line-mode.patch b/0075-Added-autocomplete-in-isula-command-line-mode.patch new file mode 100644 index 0000000..4512f04 --- /dev/null +++ b/0075-Added-autocomplete-in-isula-command-line-mode.patch @@ -0,0 +1,140 @@ +From 5f1fe5416c56846da50dd88c7423e80ec8514f5f Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?=E5=B0=B9=E7=A7=80=E6=B1=9F?= +Date: Thu, 15 Apr 2021 16:23:30 +0800 +Subject: [PATCH 075/104] Added autocomplete in isula command line mode + +--- + iSulad.spec | 5 ++ + src/contrib/completion/isula | 90 ++++++++++++++++++++++++++++++++++++ + 2 files changed, 95 insertions(+) + create mode 100644 src/contrib/completion/isula + +diff --git a/iSulad.spec b/iSulad.spec +index eca7ddd8..532af2dc 100644 +--- a/iSulad.spec ++++ b/iSulad.spec +@@ -107,6 +107,8 @@ install -d $RPM_BUILD_ROOT/%{_initddir} + install -p -m 0640 ../src/contrib/init/isulad.init $RPM_BUILD_ROOT/%{_initddir}/isulad.init + %endif + ++install -d $RPM_BUILD_ROOT/usr/share/bash-completion/completions ++install -p -m 0644 ../src/contrib/completion/isula $RPM_BUILD_ROOT/usr/share/bash-completion/completions/isula + %clean + rm -rf %{buildroot} + +@@ -125,6 +127,8 @@ fi + fi + + %post ++source /usr/share/bash-completion/completions/isula ++ + if ! getent group isula > /dev/null; then + groupadd --system isula + fi +@@ -211,6 +215,7 @@ fi + %else + %config(noreplace,missingok) %{_initddir}/isulad.init + %endif ++/usr/share/bash-completion/completions/isula + + %changelog + * Tue Sep 10 2020 openEuler Buildteam - 2.0.5-20200910.140350.git72990229 +diff --git a/src/contrib/completion/isula b/src/contrib/completion/isula +new file mode 100644 +index 00000000..305c5150 +--- /dev/null ++++ b/src/contrib/completion/isula +@@ -0,0 +1,90 @@ ++#!/usr/bin/env bash ++_isula_isula() { ++ local isula_management_commands=( ++ volume ++ ) ++ ++ local isula_commands=( ++ attach ++ cp ++ create ++ events ++ exec ++ export ++ images ++ import ++ info ++ inspect ++ kill ++ load ++ login ++ logout ++ logs ++ pause ++ ps ++ pull ++ rename ++ restart ++ rm ++ rmi ++ run ++ start ++ stats ++ stop ++ tag ++ top ++ unpause ++ update ++ version ++ wait ++ ) ++ ++ local commands=(${isula_management_commands[*]} ${isula_commands[*]}) ++ local common_options=( ++ --help ++ -H --host ++ --tls ++ --tlscacert ++ --tlscert ++ --tlskey ++ --tlsverify ++ --version ++ ) ++ ++ case "$prev" in ++ #todo..... ++ esac ++ ++ case "$cur" in ++ -*) ++ COMPREPLY=( $( compgen -W "${common_options[*]}" -- "$cur" ) ) ++ ;; ++ *) ++ COMPREPLY=( $( compgen -W "${commands[*]}" -- "$cur" ) ) ++ ;; ++ esac ++} ++ ++ ++_isula() { ++ COMPREPLY=() ++ ++ #An array variable consisting of the individual words in the current command line ++ local words=(${COMP_WORDS[*]}) ++ #An index into ${word} of the word containing the current cursor position ++ local cword=$COMP_CWORD ++ local cur="${words[$cword]}" ++ local prev="${words[$cword-1]}" ++ local command='isula' ++ ++ local completions_func=_isula_${command//-/_} ++ ++ #The completion of the secondary command will be added later ++ if [ $cword -lt 2 ] ; then ++ declare -F $completions_func >/dev/null && $completions_func ++ fi ++ ++ return 0 ++} ++ ++complete -F _isula isula +-- +2.25.1 + diff --git a/0076-iSulad-fix-bugs-of-isula-runtime-ops.patch b/0076-iSulad-fix-bugs-of-isula-runtime-ops.patch new file mode 100644 index 0000000..06d7c4c --- /dev/null +++ b/0076-iSulad-fix-bugs-of-isula-runtime-ops.patch @@ -0,0 +1,27 @@ +From 2b82695e69369b2d5666f13d40e168e89248a51f Mon Sep 17 00:00:00 2001 +From: jikui +Date: Sat, 17 Apr 2021 11:49:47 +0800 +Subject: [PATCH 076/104] iSulad: fix bugs of isula runtime ops + +Signed-off-by: jikui +--- + src/daemon/modules/runtime/isula/isula_rt_ops.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/src/daemon/modules/runtime/isula/isula_rt_ops.c b/src/daemon/modules/runtime/isula/isula_rt_ops.c +index ecea2b3d..3b55ac88 100644 +--- a/src/daemon/modules/runtime/isula/isula_rt_ops.c ++++ b/src/daemon/modules/runtime/isula/isula_rt_ops.c +@@ -582,7 +582,8 @@ static int runtime_call_simple(const char *workdir, const char *runtime, const c + + runtime_exec_info_init(&rei, workdir, runtime, subcmd, opts, opts_len, id, params, PARAM_NUM); + if (!util_exec_cmd(runtime_exec_func, &rei, NULL, &stdout, &stderr)) { +- WARN("call runtime %s failed stderr %s", subcmd, stderr); ++ ERROR("call runtime %s failed stderr %s", subcmd, stderr); ++ ret = -1; + goto out; + } + +-- +2.25.1 + diff --git a/0077-Compatible-with-registry-URL-ending-in.patch b/0077-Compatible-with-registry-URL-ending-in.patch new file mode 100644 index 0000000..4b60d45 --- /dev/null +++ b/0077-Compatible-with-registry-URL-ending-in.patch @@ -0,0 +1,57 @@ +From 8ee530b4cc42114ae713fb909f52e053b274008b Mon Sep 17 00:00:00 2001 +From: wangyueliang +Date: Tue, 20 Apr 2021 10:53:58 +0800 +Subject: [PATCH 077/104] Compatible with registry URL ending in '/' + +--- + src/daemon/modules/image/oci/utils_images.c | 13 ++++++++++--- + 1 file changed, 10 insertions(+), 3 deletions(-) + +diff --git a/src/daemon/modules/image/oci/utils_images.c b/src/daemon/modules/image/oci/utils_images.c +index a909b0f3..ece37d2e 100644 +--- a/src/daemon/modules/image/oci/utils_images.c ++++ b/src/daemon/modules/image/oci/utils_images.c +@@ -142,6 +142,11 @@ char *oci_add_host(const char *host, const char *name) + return NULL; + } + ++ if (strlen(host) == 0) { ++ WARN("Invalid host"); ++ return NULL; ++ } ++ + if (strchr(name, '/') == NULL) { + need_repo_prefix = true; + } +@@ -152,7 +157,9 @@ char *oci_add_host(const char *host, const char *name) + return NULL; + } + (void)strcat(with_host, host); +- (void)strcat(with_host, "/"); ++ if (host[strlen(host) - 1] != '/') { ++ (void)strcat(with_host, "/"); ++ } + if (need_repo_prefix) { + (void)strcat(with_host, REPO_PREFIX_TO_STRIP); + } +@@ -491,7 +498,7 @@ bool oci_valid_time(char *time) + + static int makesure_path_is_dir(char *path) + { +- struct stat st = {0}; ++ struct stat st = { 0 }; + + if (lstat(path, &st) != 0) { + if (errno == ENOENT) { +@@ -542,7 +549,7 @@ char *oci_get_isulad_tmpdir(const char *root_dir) + + int makesure_isulad_tmpdir_perm_right(const char *root_dir) + { +- struct stat st = {0}; ++ struct stat st = { 0 }; + char *isulad_tmpdir = NULL; + int ret = 0; + +-- +2.25.1 + diff --git a/0078-CI-fix-CI-to-fit-run-on-2-cpu-4G-memory-environment.patch b/0078-CI-fix-CI-to-fit-run-on-2-cpu-4G-memory-environment.patch new file mode 100644 index 0000000..5e1ac41 --- /dev/null +++ b/0078-CI-fix-CI-to-fit-run-on-2-cpu-4G-memory-environment.patch @@ -0,0 +1,443 @@ +From a5b1605c8e6552aa78439fb45ff4df59f542ef27 Mon Sep 17 00:00:00 2001 +From: lifeng68 +Date: Wed, 21 Apr 2021 08:54:19 +0800 +Subject: [PATCH 078/104] CI: fix CI to fit run on 2 cpu 4G memory environment + +Signed-off-by: lifeng68 +--- + .gitignore | 1 + + CI/Dockerfile | 36 ++++++++-- + .../container_cases/bigdata_stream.sh | 70 +++++++++---------- + .../container_cases/bigdata_stream_runc.sh | 40 +++++------ + 4 files changed, 87 insertions(+), 60 deletions(-) + +diff --git a/.gitignore b/.gitignore +index 8c2dfb40..26e5010e 100644 +--- a/.gitignore ++++ b/.gitignore +@@ -12,3 +12,4 @@ compile_commands.json + tags + .clangd + iSula-libutils ++isulad_ci_test_data +diff --git a/CI/Dockerfile b/CI/Dockerfile +index e0a50f65..d25db5c9 100644 +--- a/CI/Dockerfile ++++ b/CI/Dockerfile +@@ -219,13 +219,39 @@ RUN export PKG_CONFIG_PATH=/usr/local/lib/pkgconfig:$PKG_CONFIG_PATH && \ + cd ~ && \ + git clone https://gitee.com/src-openeuler/libwebsockets.git && \ + cd libwebsockets && \ +- git checkout -b openEuler-20.03-LTS-tag openEuler-20.03-LTS-tag && \ +- tar -xzvf libwebsockets-2.4.2.tar.gz && \ +- cd libwebsockets-2.4.2 && \ +- patch -p1 -F1 -s < ../libwebsockets-fix-coredump.patch && \ ++ git checkout -b openEuler-21.03-20210330 openEuler-21.03-20210330 && \ ++ tar -xzvf libwebsockets-4.0.20.tar.gz && \ ++ cd libwebsockets-4.0.20 && \ + mkdir build && \ + cd build && \ +- cmake -DLWS_WITH_SSL=0 -DLWS_MAX_SMP=32 -DCMAKE_BUILD_TYPE=Debug ../ && \ ++ cmake \ ++ -D LWS_WITH_HTTP2=ON \ ++ -D LWS_IPV6=ON \ ++ -D LWS_WITH_ZIP_FOPS=ON \ ++ -D LWS_WITH_SOCKS5=ON \ ++ -D LWS_WITH_RANGES=ON \ ++ -D LWS_WITH_ACME=ON \ ++ -D LWS_WITH_LIBUV=OFF \ ++ -D LWS_WITH_LIBEV=OFF \ ++ -D LWS_WITH_LIBEVENT=OFF \ ++ -D LWS_WITH_FTS=ON \ ++ -D LWS_WITH_THREADPOOL=ON \ ++ -D LWS_UNIX_SOCK=ON \ ++ -D LWS_WITH_HTTP_PROXY=ON \ ++ -D LWS_WITH_DISKCACHE=ON \ ++ -D LWS_WITH_LWSAC=ON \ ++ -D LWS_LINK_TESTAPPS_DYNAMIC=ON \ ++ -D LWS_WITHOUT_BUILTIN_GETIFADDRS=ON \ ++ -D LWS_USE_BUNDLED_ZLIB=OFF \ ++ -D LWS_WITHOUT_BUILTIN_SHA1=ON \ ++ -D LWS_WITH_STATIC=OFF \ ++ -D LWS_WITHOUT_CLIENT=OFF \ ++ -D LWS_WITHOUT_SERVER=OFF \ ++ -D LWS_WITHOUT_TESTAPPS=OFF \ ++ -D LWS_WITHOUT_TEST_SERVER=ON \ ++ -D LWS_WITHOUT_TEST_SERVER_EXTPOLL=ON \ ++ -D LWS_WITHOUT_TEST_PING=ON \ ++ -D LWS_WITHOUT_TEST_CLIENT=ON .. && \ + make -j $(nproc) && \ + make install && \ + ldconfig +diff --git a/CI/test_cases/container_cases/bigdata_stream.sh b/CI/test_cases/container_cases/bigdata_stream.sh +index 768e9703..1eae3df2 100755 +--- a/CI/test_cases/container_cases/bigdata_stream.sh ++++ b/CI/test_cases/container_cases/bigdata_stream.sh +@@ -2,7 +2,7 @@ + # + # attributes: isulad basic container stream exec start attach + # concurrent: NA +-# spend time: 6 ++# spend time: 224 + + ####################################################################### + ##- @Copyright (C) Huawei Technologies., Ltd. 2020. All rights reserved. +@@ -119,16 +119,16 @@ function test_concurrent_bigdata_stream() + declare -a pids + + for index in $(seq 1 5); do +- nohup isula exec -it $CID cat test_500M > /tmp/iocopy_stream_data_500M_$index & ++ nohup isula exec -it $CID cat test_500M > /home/iocopy_stream_data_500M_$index & + pids[${#pids[@]}]=$! + done + wait ${pids[*]// /|} + + for index in $(seq 1 5); do +- ls -l /tmp/iocopy_stream_data_500M_$index +- total_size=$(stat -c"%s" /tmp/iocopy_stream_data_500M_$index) ++ ls -l /home/iocopy_stream_data_500M_$index ++ total_size=$(stat -c"%s" /home/iocopy_stream_data_500M_$index) + [[ $total_size -ne 524288000 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - stream iocopy loss data" && ((ret++)) +- rm -f /tmp/iocopy_stream_data_500M_$index ++ rm -f /home/iocopy_stream_data_500M_$index + done + + check_last_status +@@ -146,16 +146,16 @@ function test_concurrent_bigdata_stream_without_pty() + declare -a pids + + for index in $(seq 1 5); do +- nohup isula exec $CID cat test_500M > /tmp/iocopy_stream_data_500M_$index & ++ nohup isula exec $CID cat test_500M > /home/iocopy_stream_data_500M_$index & + pids[${#pids[@]}]=$! + done + wait ${pids[*]// /|} + + for index in $(seq 1 5); do +- ls -l /tmp/iocopy_stream_data_500M_$index +- total_size=$(stat -c"%s" /tmp/iocopy_stream_data_500M_$index) ++ ls -l /home/iocopy_stream_data_500M_$index ++ total_size=$(stat -c"%s" /home/iocopy_stream_data_500M_$index) + [[ $total_size -ne 524288000 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - stream iocopy loss data" && ((ret++)) +- rm -f /tmp/iocopy_stream_data_500M_$index ++ rm -f /home/iocopy_stream_data_500M_$index + done + + check_last_status +@@ -175,16 +175,16 @@ function test_more_concurrent_stream() + isula exec -it $CID dd if=/dev/zero of=test_20M bs=1M count=20 + + for index in $(seq 1 30); do +- nohup isula exec -it $CID cat test_20M > /tmp/iocopy_stream_data_20M_$index & ++ nohup isula exec -it $CID cat test_20M > /home/iocopy_stream_data_20M_$index & + pids[${#pids[@]}]=$! + done + wait ${pids[*]// /|} + + for index in $(seq 1 30); do +- ls -l /tmp/iocopy_stream_data_20M_$index +- total_size=$(stat -c"%s" /tmp/iocopy_stream_data_20M_$index) ++ ls -l /home/iocopy_stream_data_20M_$index ++ total_size=$(stat -c"%s" /home/iocopy_stream_data_20M_$index) + [[ $total_size -ne 20971520 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - stream iocopy loss data" && ((ret++)) +- rm -f /tmp/iocopy_stream_data_20M_$index ++ rm -f /home/iocopy_stream_data_20M_$index + done + + check_last_status +@@ -200,7 +200,7 @@ function test_stream_with_stop_client() + local test="test_stream_with_stop_client => (${FUNCNAME[@]})" + msg_info "${test} starting..." + +- nohup isula exec -it $CID cat test_500M > /tmp/iocopy_stream_data_500M & ++ nohup isula exec -it $CID cat test_500M > /home/iocopy_stream_data_500M & + pid=$! + sleep 2 + kill -19 $pid +@@ -209,8 +209,8 @@ function test_stream_with_stop_client() + + wait $pid + +- ls -l /tmp/iocopy_stream_data_500M +- total_size=$(stat -c"%s" /tmp/iocopy_stream_data_500M) ++ ls -l /home/iocopy_stream_data_500M ++ total_size=$(stat -c"%s" /home/iocopy_stream_data_500M) + [[ $total_size -ne 524288000 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - stream iocopy loss data" && ((ret++)) + + check_last_status +@@ -226,7 +226,7 @@ function test_stream_with_kill_client() + local test="test_stream_with_kill_client => (${FUNCNAME[@]})" + msg_info "${test} starting..." + +- nohup isula exec -it $CID cat test_500M > /tmp/iocopy_stream_data_500M & ++ nohup isula exec -it $CID cat test_500M > /home/iocopy_stream_data_500M & + pid=$! + sleep 5 + kill -9 $pid +@@ -244,7 +244,7 @@ function test_stream_with_stop_attach() + local test="test_stream_with_stop_attach => (${FUNCNAME[@]})" + msg_info "${test} starting..." + +- nohup isula exec -it $CID cat test_500M > /tmp/iocopy_stream_data_500M & ++ nohup isula exec -it $CID cat test_500M > /home/iocopy_stream_data_500M & + exec_pid=$! + sleep 2 + pid=$(ps aux | grep lxc-attach | grep $CID |grep "cat test_500M" | awk '{print $2}') +@@ -254,8 +254,8 @@ function test_stream_with_stop_attach() + + wait $exec_pid + +- ls -l /tmp/iocopy_stream_data_500M +- total_size=$(stat -c"%s" /tmp/iocopy_stream_data_500M) ++ ls -l /home/iocopy_stream_data_500M ++ total_size=$(stat -c"%s" /home/iocopy_stream_data_500M) + [[ $total_size -ne 524288000 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - stream iocopy loss data" && ((ret++)) + + check_last_status +@@ -271,7 +271,7 @@ function test_stream_with_kill_attach() + local test="test_stream_with_kill_client => (${FUNCNAME[@]})" + msg_info "${test} starting..." + +- nohup isula exec -it $CID cat test_500M > /tmp/iocopy_stream_data_500M & ++ nohup isula exec -it $CID cat test_500M > /home/iocopy_stream_data_500M & + sleep 3 + pid=$(ps aux | grep lxc-attach | grep $CID |grep "cat test_500M" | awk '{print $2}') + kill -9 $pid +@@ -289,7 +289,7 @@ function test_stream_with_stop_lxc_monitor() + local test="test_stream_with_stop_lxc_monitor => (${FUNCNAME[@]})" + msg_info "${test} starting..." + +- nohup isula exec -it $CID cat test_500M > /tmp/iocopy_stream_data_500M & ++ nohup isula exec -it $CID cat test_500M > /home/iocopy_stream_data_500M & + exec_pid=$! + sleep 2 + pid=$(ps aux | grep "lxc monitor" | grep $CID | awk '{print $2}') +@@ -299,8 +299,8 @@ function test_stream_with_stop_lxc_monitor() + + wait $exec_pid + +- ls -l /tmp/iocopy_stream_data_500M +- total_size=$(stat -c"%s" /tmp/iocopy_stream_data_500M) ++ ls -l /home/iocopy_stream_data_500M ++ total_size=$(stat -c"%s" /home/iocopy_stream_data_500M) + [[ $total_size -ne 524288000 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - stream iocopy loss data" && ((ret++)) + + check_last_status +@@ -316,7 +316,7 @@ function test_stream_with_kill_lxc_monitor() + local test="test_stream_with_kill_lxc_monitor => (${FUNCNAME[@]})" + msg_info "${test} starting..." + +- nohup isula exec -it $CID cat test_500M > /tmp/iocopy_stream_data_500M & ++ nohup isula exec -it $CID cat test_500M > /home/iocopy_stream_data_500M & + sleep 3 + pid=$(ps aux | grep "lxc monitor" | grep $CID | awk '{print $2}') + kill -9 $pid +@@ -338,7 +338,7 @@ function test_stream_with_stop_isulad() + local test="test_stream_with_stop_isulad => (${FUNCNAME[@]})" + msg_info "${test} starting..." + +- nohup isula exec -it $CID cat test_500M > /tmp/iocopy_stream_data_500M & ++ nohup isula exec -it $CID cat test_500M > /home/iocopy_stream_data_500M & + pid=$! + sleep 2 + kill -19 $(cat /var/run/isulad.pid) +@@ -347,8 +347,8 @@ function test_stream_with_stop_isulad() + + wait $pid + +- ls -l /tmp/iocopy_stream_data_500M +- total_size=$(stat -c"%s" /tmp/iocopy_stream_data_500M) ++ ls -l /home/iocopy_stream_data_500M ++ total_size=$(stat -c"%s" /home/iocopy_stream_data_500M) + [[ $total_size -ne 524288000 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - stream iocopy loss data" && ((ret++)) + + check_last_status +@@ -364,7 +364,7 @@ function test_stream_with_kill_isulad() + local test="test_stream_with_kill_isulad => (${FUNCNAME[@]})" + msg_info "${test} starting..." + +- nohup isula exec -it $CID cat test_500M > /tmp/iocopy_stream_data_500M & ++ nohup isula exec -it $CID cat test_500M > /home/iocopy_stream_data_500M & + sleep 3 + isulad_pid=$(cat /var/run/isulad.pid) + kill -9 $isulad_pid +@@ -393,16 +393,16 @@ function test_stream_with_runc() + isula exec -it $RUNCID dd if=/dev/zero of=test_500M bs=1M count=500 + [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - failed to create bigdata" && ((ret++)) + +- isula exec -it $RUNCID cat test_500M > /tmp/iocopy_stream_data_500M ++ isula exec -it $RUNCID cat test_500M > /home/iocopy_stream_data_500M + [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - failed to cat bigdata" && ((ret++)) + +- total_size=$(stat -c"%s" /tmp/iocopy_stream_data_500M) ++ total_size=$(stat -c"%s" /home/iocopy_stream_data_500M) + [[ $total_size -ne 524288000 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - stream iocopy loss data" && ((ret++)) + + isula rm -f $RUNCID + [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - failed to rm container" && ((ret++)) + +- rm -rf /tmp/iocopy_stream_data_500M ++ rm -rf /home/iocopy_stream_data_500M + + msg_info "${test} finished with return ${ret}..." + return ${ret} +@@ -414,7 +414,7 @@ function tear_down() + isula rm -f $CID + [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - failed to rm container: $CID" && ((ret++)) + +- rm -rf //tmp/iocopy_stream_data_* ++ rm -rf //home/iocopy_stream_data_* + + stop_isulad_without_valgrind + +@@ -435,10 +435,10 @@ function test_memory_leak_with_bigdata_stream() + isula exec -it $CID dd if=/dev/zero of=test_100M bs=1M count=100 + [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - failed to create bigdata" && ((ret++)) + +- isula exec -it $CID cat test_100M > /tmp/iocopy_stream_data_100M ++ isula exec -it $CID cat test_100M > /home/iocopy_stream_data_100M + [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - failed to cat bigdata from container" && ((ret++)) + +- rm -rf /tmp/iocopy_stream_data_100M ++ rm -rf /home/iocopy_stream_data_100M + + isula rm -f $CID + [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - failed to rm container" && ((ret++)) +diff --git a/CI/test_cases/container_cases/bigdata_stream_runc.sh b/CI/test_cases/container_cases/bigdata_stream_runc.sh +index 1313774e..e5ae77a2 100755 +--- a/CI/test_cases/container_cases/bigdata_stream_runc.sh ++++ b/CI/test_cases/container_cases/bigdata_stream_runc.sh +@@ -2,7 +2,7 @@ + # + # attributes: isulad basic container stream exec start attach + # concurrent: NA +-# spend time: 6 ++# spend time: 144 + + ####################################################################### + ##- @Copyright (C) Huawei Technologies., Ltd. 2020. All rights reserved. +@@ -113,16 +113,16 @@ function test_cat_bigdata() + declare -a pids + + for index in $(seq 1 5); do +- nohup isula exec -it $CID cat test_500M > /tmp/iocopy_stream_data_500M_$index & ++ nohup isula exec -it $CID cat test_500M > /home/iocopy_stream_data_500M_$index & + pids[${#pids[@]}]=$! + done + wait ${pids[*]// /|} + + for index in $(seq 1 5); do +- ls -l /tmp/iocopy_stream_data_500M_$index +- total_size=$(stat -c"%s" /tmp/iocopy_stream_data_500M_$index) ++ ls -l /home/iocopy_stream_data_500M_$index ++ total_size=$(stat -c"%s" /home/iocopy_stream_data_500M_$index) + [[ $total_size -ne 524288000 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - stream iocopy loss data" && ((ret++)) +- rm -f /tmp/iocopy_stream_data_500M_$index ++ rm -f /home/iocopy_stream_data_500M_$index + done + + check_last_status +@@ -140,16 +140,16 @@ function test_cat_bigdata_without_pty() + declare -a pids + + for index in $(seq 1 5); do +- nohup isula exec $CID cat test_500M > /tmp/iocopy_stream_data_500M_$index & ++ nohup isula exec $CID cat test_500M > /home/iocopy_stream_data_500M_$index & + pids[${#pids[@]}]=$! + done + wait ${pids[*]// /|} + + for index in $(seq 1 5); do +- ls -l /tmp/iocopy_stream_data_500M_$index +- total_size=$(stat -c"%s" /tmp/iocopy_stream_data_500M_$index) ++ ls -l /home/iocopy_stream_data_500M_$index ++ total_size=$(stat -c"%s" /home/iocopy_stream_data_500M_$index) + [[ $total_size -ne 524288000 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - stream iocopy loss data" && ((ret++)) +- rm -f /tmp/iocopy_stream_data_500M_$index ++ rm -f /home/iocopy_stream_data_500M_$index + done + + check_last_status +@@ -165,7 +165,7 @@ function test_stream_with_stop_client() + local test="test_stream_with_stop_client => (${FUNCNAME[@]})" + msg_info "${test} starting..." + +- nohup isula exec $CID cat test_500M > /tmp/iocopy_stream_data_500M & ++ nohup isula exec $CID cat test_500M > /home/iocopy_stream_data_500M & + pid=$! + sleep 2 + kill -19 $pid +@@ -174,8 +174,8 @@ function test_stream_with_stop_client() + + wait $pid + +- ls -l /tmp/iocopy_stream_data_500M +- total_size=$(stat -c"%s" /tmp/iocopy_stream_data_500M) ++ ls -l /home/iocopy_stream_data_500M ++ total_size=$(stat -c"%s" /home/iocopy_stream_data_500M) + [[ $total_size -ne 524288000 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - stream iocopy loss data" && ((ret++)) + + check_last_status +@@ -191,7 +191,7 @@ function test_stream_with_kill_client() + local test="test_stream_with_kill_client => (${FUNCNAME[@]})" + msg_info "${test} starting..." + +- nohup isula exec $CID cat test_500M > /tmp/iocopy_stream_data_500M & ++ nohup isula exec $CID cat test_500M > /home/iocopy_stream_data_500M & + pid=$! + sleep 5 + kill -9 $pid +@@ -209,7 +209,7 @@ function test_stream_with_stop_isulad() + local test="test_stream_with_stop_isulad => (${FUNCNAME[@]})" + msg_info "${test} starting..." + +- nohup isula exec $CID cat test_500M > /tmp/iocopy_stream_data_500M & ++ nohup isula exec $CID cat test_500M > /home/iocopy_stream_data_500M & + pid=$! + sleep 2 + kill -19 $(cat /var/run/isulad.pid) +@@ -218,8 +218,8 @@ function test_stream_with_stop_isulad() + + wait $pid + +- ls -l /tmp/iocopy_stream_data_500M +- total_size=$(stat -c"%s" /tmp/iocopy_stream_data_500M) ++ ls -l /home/iocopy_stream_data_500M ++ total_size=$(stat -c"%s" /home/iocopy_stream_data_500M) + [[ $total_size -ne 524288000 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - stream iocopy loss data" && ((ret++)) + + check_last_status +@@ -235,7 +235,7 @@ function test_stream_with_kill_isulad() + local test="test_stream_with_kill_isulad => (${FUNCNAME[@]})" + msg_info "${test} starting..." + +- nohup isula exec $CID cat test_500M > /tmp/iocopy_stream_data_500M & ++ nohup isula exec $CID cat test_500M > /home/iocopy_stream_data_500M & + sleep 3 + isulad_pid=$(cat /var/run/isulad.pid) + kill -9 $isulad_pid +@@ -259,7 +259,7 @@ function tear_down() + isula rm -f $CID + [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - failed to rm container: $CID" && ((ret++)) + +- rm -rf //tmp/iocopy_stream_data_* ++ rm -rf //home/iocopy_stream_data_* + + stop_isulad_without_valgrind + +@@ -280,10 +280,10 @@ function test_memory_leak_with_bigdata_stream() + isula exec -it $CID dd if=/dev/zero of=test_100M bs=1M count=100 + [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - failed to create bigdata" && ((ret++)) + +- isula exec -it $CID cat test_100M > /tmp/iocopy_stream_data_100M ++ isula exec -it $CID cat test_100M > /home/iocopy_stream_data_100M + [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - failed to cat bigdata from container" && ((ret++)) + +- rm -rf /tmp/iocopy_stream_data_100M ++ rm -rf /home/iocopy_stream_data_100M + + isula rm -f $CID + [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - failed to rm container" && ((ret++)) +-- +2.25.1 + diff --git a/0079-added-default-completion.patch b/0079-added-default-completion.patch new file mode 100644 index 0000000..237432a --- /dev/null +++ b/0079-added-default-completion.patch @@ -0,0 +1,41 @@ +From 68147c64b7dc1f9ef149781e4c10d37b0b2c59f5 Mon Sep 17 00:00:00 2001 +From: yinxiujiang +Date: Wed, 21 Apr 2021 09:33:05 +0800 +Subject: [PATCH 079/104] added default completion + +--- + src/contrib/completion/isula | 9 ++++++++- + 1 file changed, 8 insertions(+), 1 deletion(-) + +diff --git a/src/contrib/completion/isula b/src/contrib/completion/isula +index 305c5150..a12d90a5 100644 +--- a/src/contrib/completion/isula ++++ b/src/contrib/completion/isula +@@ -65,6 +65,10 @@ _isula_isula() { + esac + } + ++_isula_default() ++{ ++ COMPREPLY=( $( compgen -d -f -- $cur ) ) ++} + + _isula() { + COMPREPLY=() +@@ -81,9 +85,12 @@ _isula() { + + #The completion of the secondary command will be added later + if [ $cword -lt 2 ] ; then +- declare -F $completions_func >/dev/null && $completions_func ++ completions_func=_isula_${command//-/_} ++ else ++ completions_func=_isula_default + fi + ++ declare -F $completions_func >/dev/null && $completions_func + return 0 + } + +-- +2.25.1 + diff --git a/0080-fix-coredump-when-poweroff.patch b/0080-fix-coredump-when-poweroff.patch new file mode 100644 index 0000000..11ff7dd --- /dev/null +++ b/0080-fix-coredump-when-poweroff.patch @@ -0,0 +1,80 @@ +From 6259cabf9ae7560f64cfab86cf32b77d0ca8cd79 Mon Sep 17 00:00:00 2001 +From: WangFengTu +Date: Thu, 22 Apr 2021 17:30:06 +0800 +Subject: [PATCH 080/104] fix coredump when poweroff + +when doing poweroff cpu are downing and we may +got aviable cpus less then sysinfo->ncpus which +we got when system startup. It can cause crash. +now we use const sysinfo->ncpus to check to +avoid crash. + +Signed-off-by: WangFengTu +--- + src/daemon/modules/spec/verify.c | 20 ++++++++++++-------- + 1 file changed, 12 insertions(+), 8 deletions(-) + +diff --git a/src/daemon/modules/spec/verify.c b/src/daemon/modules/spec/verify.c +index 2a73f7c1..57501cde 100644 +--- a/src/daemon/modules/spec/verify.c ++++ b/src/daemon/modules/spec/verify.c +@@ -556,7 +556,7 @@ static bool check_cpu(const char *provided, const char *available) + } + + /* parse unit list */ +-int parse_unit_list(const char *val, bool *available_list) ++int parse_unit_list(const char *val, bool *available_list, int cpu_num) + { + int ret = -1; + char *str = NULL; +@@ -576,7 +576,7 @@ int parse_unit_list(const char *val, bool *available_list) + subchr = strchr(tmp, '-'); + if (subchr == NULL) { + int value = 0; +- if (util_safe_int(tmp, &value) || value < 0) { ++ if (util_safe_int(tmp, &value) || value < 0 || value >= cpu_num) { + goto out; + } + available_list[value] = true; +@@ -588,7 +588,7 @@ int parse_unit_list(const char *val, bool *available_list) + if (util_safe_int(tmp, &min) || min < 0) { + goto out; + } +- if (util_safe_int(subchr, &max) || max < 0) { ++ if (util_safe_int(subchr, &max) || max < 0 || max >= cpu_num) { + goto out; + } + for (i = min; i <= max; i++) { +@@ -615,12 +615,15 @@ static bool is_cpuset_list_available(const char *provided, const char *available + bool ret = false; + bool *parsed_provided = NULL; + bool *parsed_available = NULL; ++ sysinfo_t *sysinfo = NULL; + +- cpu_num = get_nprocs(); +- if (cpu_num <= 0) { +- ERROR("failed to get the number of processors configured by the operating system!"); +- goto out; ++ sysinfo = get_sys_info(true); ++ if (sysinfo == NULL) { ++ ERROR("get sysinfo failed"); ++ return false; + } ++ ++ cpu_num = sysinfo->ncpus; + if ((size_t)cpu_num > SIZE_MAX / sizeof(bool)) { + ERROR("invalid cpu num"); + goto out; +@@ -640,7 +643,8 @@ static bool is_cpuset_list_available(const char *provided, const char *available + goto out; + } + +- if (parse_unit_list(provided, parsed_provided) < 0 || parse_unit_list(available, parsed_available) < 0) { ++ if (parse_unit_list(provided, parsed_provided, cpu_num) < 0 || ++ parse_unit_list(available, parsed_available, cpu_num) < 0) { + goto out; + } + for (i = 0; i < cpu_num; i++) { +-- +2.25.1 + diff --git a/0081-CI-keep-container-when-build-failed-for-debug.patch b/0081-CI-keep-container-when-build-failed-for-debug.patch new file mode 100644 index 0000000..d1ad625 --- /dev/null +++ b/0081-CI-keep-container-when-build-failed-for-debug.patch @@ -0,0 +1,36 @@ +From d6cc390f40a2c3eb0c37a1ea13634c4c33c81362 Mon Sep 17 00:00:00 2001 +From: Li Feng +Date: Fri, 23 Apr 2021 09:40:13 +0800 +Subject: [PATCH 081/104] CI: keep container when build failed for debug + +Signed-off-by: Li Feng +--- + CI/build.sh | 12 ++++++------ + 1 file changed, 6 insertions(+), 6 deletions(-) + +diff --git a/CI/build.sh b/CI/build.sh +index 2c535c70..cf7691d9 100755 +--- a/CI/build.sh ++++ b/CI/build.sh +@@ -473,12 +473,12 @@ if [[ -e $CIDIR/${CONTAINER_NAME}.runflag ]]; then + rm -rf /var/lib/isulad/${CONTAINER_NAME}_cptemp + exit 0; + else +- for container in ${containers[@]} +- do +- docker rm -f $container +- rm -rf /var/lib/isulad/$container +- done +- rm -rf /var/lib/isulad/${CONTAINER_NAME}_cptemp ++ #for container in ${containers[@]} ++ #do ++ # docker rm -f $container ++ # rm -rf /var/lib/isulad/$container ++ #done ++ #rm -rf /var/lib/isulad/${CONTAINER_NAME}_cptemp + echo_error "Test failed!" + exit -1; + fi +-- +2.25.1 + diff --git a/0082-devmapper-decrease-log-level-of-check-dm-device.patch b/0082-devmapper-decrease-log-level-of-check-dm-device.patch new file mode 100644 index 0000000..e9a3a86 --- /dev/null +++ b/0082-devmapper-decrease-log-level-of-check-dm-device.patch @@ -0,0 +1,85 @@ +From c1f5f82a2e02597ac2c486caed1bf56b6467ad87 Mon Sep 17 00:00:00 2001 +From: gaohuatao +Date: Fri, 23 Apr 2021 14:47:34 +0800 +Subject: [PATCH 082/104] devmapper: decrease log level of check dm device + +Signed-off-by: gaohuatao +--- + .../storage/layer_store/graphdriver/devmapper/deviceset.c | 6 +++--- + .../layer_store/graphdriver/devmapper/wrapper_devmapper.c | 6 +++--- + 2 files changed, 6 insertions(+), 6 deletions(-) + +diff --git a/src/daemon/modules/image/oci/storage/layer_store/graphdriver/devmapper/deviceset.c b/src/daemon/modules/image/oci/storage/layer_store/graphdriver/devmapper/deviceset.c +index 3a271c3a..6ed546bc 100644 +--- a/src/daemon/modules/image/oci/storage/layer_store/graphdriver/devmapper/deviceset.c ++++ b/src/daemon/modules/image/oci/storage/layer_store/graphdriver/devmapper/deviceset.c +@@ -437,7 +437,7 @@ static image_devmapper_device_info *load_metadata(const struct device_set *devse + } + + if (!util_file_exists(metadata_file)) { +- ERROR("No such file:%s, need not to load", metadata_file); ++ WARN("No such file:%s, need not to load", metadata_file); + goto out; + } + +@@ -2405,6 +2405,7 @@ static int do_check_all_devices(struct device_set *devset) + struct stat st; + int nret = 0; + ++ // Equal to "dmsetup ls" . That is to say, devices_len is not zero, because isulad-thinpool exists. + if (dev_get_device_list(&devices_list, &devices_len) != 0) { + ERROR("devicemapper: failed to get device list"); + ret = -1; +@@ -2511,10 +2512,9 @@ static int do_devmapper_init(struct device_set *devset) + goto out; + } + ++ // If checking failed, we just print a log, there is no need to process the error that do not affect isulad starting + if (do_check_all_devices(devset) != 0) { + ERROR("Failed to check all devset devices"); +- ret = -1; +- goto out; + } + + if (do_init_metadate(devset) != 0) { +diff --git a/src/daemon/modules/image/oci/storage/layer_store/graphdriver/devmapper/wrapper_devmapper.c b/src/daemon/modules/image/oci/storage/layer_store/graphdriver/devmapper/wrapper_devmapper.c +index 38ed5615..07d64318 100644 +--- a/src/daemon/modules/image/oci/storage/layer_store/graphdriver/devmapper/wrapper_devmapper.c ++++ b/src/daemon/modules/image/oci/storage/layer_store/graphdriver/devmapper/wrapper_devmapper.c +@@ -556,8 +556,6 @@ out: + return ret; + } + +-// from devmapper_wrapper.go +-// FIXME: how to use dm_task_get_names directly + static char **local_dm_task_get_names(struct dm_task *dmt, size_t *size) + { + struct dm_names *ns, *ns1; +@@ -566,6 +564,7 @@ static char **local_dm_task_get_names(struct dm_task *dmt, size_t *size) + int i = 0; + + if (!(ns = dm_task_get_names(dmt))) { ++ ERROR("Failed to get device names list from dm task"); + return NULL; + } + +@@ -585,6 +584,7 @@ static char **local_dm_task_get_names(struct dm_task *dmt, size_t *size) + + result = malloc(sizeof(char *) * (*size)); + if (!result) { ++ ERROR("Out of memory"); + return NULL; + } + +@@ -624,7 +624,7 @@ int dev_get_device_list(char ***list, size_t *length) + *list = local_dm_task_get_names(dmt, length); + if (*list == NULL) { + *length = 0; +- ERROR("devicemapper: get device list failed"); ++ ERROR("devicemapper: get device list empty"); + ret = -1; + goto cleanup; + } +-- +2.25.1 + diff --git a/0083-fix-bugs-when-pulling-image.patch b/0083-fix-bugs-when-pulling-image.patch new file mode 100644 index 0000000..39c19c0 --- /dev/null +++ b/0083-fix-bugs-when-pulling-image.patch @@ -0,0 +1,206 @@ +From 3347d4d8de7599f3b186bfcd893aca89d1328563 Mon Sep 17 00:00:00 2001 +From: WangFengTu +Date: Wed, 21 Apr 2021 20:26:09 +0800 +Subject: [PATCH 083/104] fix bugs when pulling image + +1. service in Www-Authenticate may have space, do not split it +2. if url have space, we need to translate it +3. fill diffid if reuse cached layer + +Signed-off-by: WangFengTu +--- + .../modules/image/oci/registry/registry.c | 10 ++++ + .../image/oci/registry/registry_apiv2.c | 24 ++++---- + src/utils/http/http.c | 57 ++++++++++++++++++- + 3 files changed, 80 insertions(+), 11 deletions(-) + +diff --git a/src/daemon/modules/image/oci/registry/registry.c b/src/daemon/modules/image/oci/registry/registry.c +index 1bb91d0f..bd8e8fd0 100644 +--- a/src/daemon/modules/image/oci/registry/registry.c ++++ b/src/daemon/modules/image/oci/registry/registry.c +@@ -389,6 +389,7 @@ static int add_cached_layer(char *blob_digest, char *file, thread_fetch_info *in + cached_layer *cache = NULL; + struct linked_list *node = NULL; + char *src_file = NULL; ++ thread_fetch_info *src_info = NULL; + file_elem *elem = {NULL}; + pull_descriptor *desc = info->desc; + +@@ -430,6 +431,12 @@ static int add_cached_layer(char *blob_digest, char *file, thread_fetch_info *in + goto out; + } + src_file = ((file_elem*)elem)->file; ++ src_info = ((file_elem*)elem)->info; ++ if (src_info == NULL) { ++ ERROR("source info is NULL, this should never happen"); ++ ret = -1; ++ goto out; ++ } + + if (link(src_file, file) != 0) { + ERROR("link %s to %s failed: %s", src_file, file, strerror(errno)); +@@ -438,6 +445,9 @@ static int add_cached_layer(char *blob_digest, char *file, thread_fetch_info *in + } + // As layer have already downloaded, set this flag to let register thread to do register + info->notified = true; ++ if (info->diffid == NULL) { ++ info->diffid = util_strdup_s(src_info->diffid); ++ } + } else { + ERROR("cached layer have result %d", cache->result); + ret = -1; +diff --git a/src/daemon/modules/image/oci/registry/registry_apiv2.c b/src/daemon/modules/image/oci/registry/registry_apiv2.c +index 935aa4d6..b26e42ba 100644 +--- a/src/daemon/modules/image/oci/registry/registry_apiv2.c ++++ b/src/daemon/modules/image/oci/registry/registry_apiv2.c +@@ -162,27 +162,32 @@ static int parse_auth(pull_descriptor *desc, char *auth) + char *origin_tmp_auth = NULL; + char *trimmed_auth = NULL; + int ret = 0; +- char **parts = NULL; ++ char *schema = NULL; ++ char *params = NULL; + + if (auth == NULL) { + return -1; + } + ++ // auth: Bearer realm="https://auth.isula.org/token",service="isula registry" + origin_tmp_auth = util_strdup_s(auth); + util_trim_newline(origin_tmp_auth); + trimmed_auth = util_trim_space(origin_tmp_auth); +- parts = util_string_split_multi(trimmed_auth, ' '); +- if (util_array_len((const char **)parts) < 2) { +- ERROR("Split auth failed, auth: %s", trimmed_auth); ++ params = strchr(trimmed_auth, ' '); ++ if (params == NULL) { ++ ERROR("invalid auth when parse challenges, auth: %s", trimmed_auth); + ret = -1; + goto out; + } ++ // params: realm="https://auth.isula.org/token",service="isula registry" ++ params[0] = 0; ++ params += 1; ++ // schema: Bearer ++ schema = trimmed_auth; + +- // parts[0]: Bearer +- // parts[1]: realm="https://auth.isula.org/token",service="registry.isula.org" +- ret = parse_challenges(desc, parts[0], parts[1]); ++ ret = parse_challenges(desc, schema, params); + if (ret != 0) { +- ERROR("Parse challenges failed, schema: %s, params: %s", parts[0], parts[1]); ++ ERROR("Parse challenges failed, schema: %s, params: %s", schema, params); + ret = -1; + goto out; + } +@@ -190,7 +195,6 @@ static int parse_auth(pull_descriptor *desc, char *auth) + out: + free(origin_tmp_auth); + origin_tmp_auth = NULL; +- util_free_array(parts); + + return ret; + } +@@ -268,7 +272,7 @@ static int parse_ping_header(pull_descriptor *desc, char *http_head) + HTTP/1.1 401 Unauthorized + Content-Type: application/json + Docker-Distribution-Api-Version: registry/2.0 +- Www-Authenticate: Bearer realm="https://auth.isula.org/token",service="registry.isula.org" ++ Www-Authenticate: Bearer realm="https://auth.isula.org/token",service="isula registry" + Date: Mon, 16 Mar 2020 01:16:09 GMT + Content-Length: 87 + Strict-Transport-Security: max-age=31536000 +diff --git a/src/utils/http/http.c b/src/utils/http/http.c +index bf9b8ab2..e502bb83 100644 +--- a/src/utils/http/http.c ++++ b/src/utils/http/http.c +@@ -337,6 +337,53 @@ static struct curl_slist *set_custom_header(CURL *curl_handle, const struct http + return chunk; + } + ++static size_t calc_replaced_url_len(const char *url) ++{ ++ size_t i = 0; ++ size_t size = 0; ++ size_t max = 0; ++ size = strlen(url); ++ ++ for (i = 0; i < size; i++) { ++ if (url[i] != ' ') { ++ max++; ++ continue; ++ } ++ max += 3; /* ' ' to %20 so size should add 3 */ ++ } ++ ++ return max + 1; /* +1 for terminator */ ++} ++ ++static char *replace_url(const char *url) ++{ ++ size_t i = 0; ++ size_t pos = 0; ++ size_t size = 0; ++ size_t max = 0; ++ char *replaced_url = NULL; ++ ++ size = strlen(url); ++ max = calc_replaced_url_len(url); ++ replaced_url = util_common_calloc_s(max); ++ if (replaced_url == NULL) { ++ ERROR("out of memory"); ++ return NULL; ++ } ++ ++ for (i = 0; i < size; i++) { ++ if (url[i] != ' ') { ++ *(replaced_url + pos) = url[i]; ++ pos++; ++ continue; ++ } ++ (void)strcat(replaced_url + pos, "%20"); ++ pos += 3; /* ' ' to %20 so multiply 3 */ ++ } ++ ++ return replaced_url; ++} ++ + int http_request(const char *url, struct http_get_options *options, long *response_code, int recursive_len) + { + #define MAX_REDIRCT_NUMS 32 +@@ -352,6 +399,7 @@ int http_request(const char *url, struct http_get_options *options, long *respon + char *redir_url = NULL; + char *tmp = NULL; + size_t fsize = 0; ++ char *replaced_url = 0; + + if (recursive_len + 1 >= MAX_REDIRCT_NUMS) { + ERROR("reach the max redirect num"); +@@ -364,8 +412,14 @@ int http_request(const char *url, struct http_get_options *options, long *respon + return -1; + } + ++ replaced_url = replace_url(url); ++ if (replaced_url == NULL) { ++ ret = -1; ++ goto out; ++ } ++ + /* set URL to get here */ +- curl_easy_setopt(curl_handle, CURLOPT_URL, url); ++ curl_easy_setopt(curl_handle, CURLOPT_URL, replaced_url); + curl_easy_setopt(curl_handle, CURLOPT_NOSIGNAL, 1L); + /* complete connection within 30 seconds */ + curl_easy_setopt(curl_handle, CURLOPT_CONNECTTIMEOUT, 30L); +@@ -417,6 +471,7 @@ int http_request(const char *url, struct http_get_options *options, long *respon + } + + out: ++ free(replaced_url); + close_file(pagefile); + free_rpath(rpath); + +-- +2.25.1 + diff --git a/0084-add-testcase-for-pulling-image.patch b/0084-add-testcase-for-pulling-image.patch new file mode 100644 index 0000000..7a69289 --- /dev/null +++ b/0084-add-testcase-for-pulling-image.patch @@ -0,0 +1,55 @@ +From 1fb316f5e3ef84e57c40625d69a6aa900b978b83 Mon Sep 17 00:00:00 2001 +From: WangFengTu +Date: Thu, 22 Apr 2021 10:45:43 +0800 +Subject: [PATCH 084/104] add testcase for pulling image + +Signed-off-by: WangFengTu +--- + CI/test_cases/image_cases/registry.sh | 3 +++ + test/image/oci/registry/data/v1/ping_head | 2 +- + test/image/oci/registry/registry_ut.cc | 4 ++++ + 3 files changed, 8 insertions(+), 1 deletion(-) + +diff --git a/CI/test_cases/image_cases/registry.sh b/CI/test_cases/image_cases/registry.sh +index c0a0db05..332af223 100755 +--- a/CI/test_cases/image_cases/registry.sh ++++ b/CI/test_cases/image_cases/registry.sh +@@ -74,6 +74,9 @@ function isula_pull() + isula run --rm -ti busybox echo hello 2>&1 | grep pulling + [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - --pull missing failed" && ((ret++)) + ++ isula pull hub.c.163.com/public/centos:6.7-tools ++ [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - --pull hub.c.163.com/public/centos:6.7-tools failed" && ((ret++)) ++ + isula pull 3laho3y3.mirror.aliyuncs.com/library/busybox + fn_check_eq "$?" "0" "isula pull 3laho3y3.mirror.aliyuncs.com/library/busybox" + +diff --git a/test/image/oci/registry/data/v1/ping_head b/test/image/oci/registry/data/v1/ping_head +index b0a076db..0d6a01c7 100644 +--- a/test/image/oci/registry/data/v1/ping_head ++++ b/test/image/oci/registry/data/v1/ping_head +@@ -5,5 +5,5 @@ Content-Type: text/html; charset=utf-8 + Content-Length: 4 + Connection: close + Docker-Distribution-API-Version: registry/2.0 +-WWW-Authenticate: Bearer realm="https://auth.quay.io",service="quay.io" ++WWW-Authenticate: Bearer realm="https://auth.quay.io",service="quay.io registry" + +diff --git a/test/image/oci/registry/registry_ut.cc b/test/image/oci/registry/registry_ut.cc +index 182e28aa..fc944a5f 100644 +--- a/test/image/oci/registry/registry_ut.cc ++++ b/test/image/oci/registry/registry_ut.cc +@@ -143,6 +143,10 @@ int invokeHttpRequestV1(const char *url, struct http_get_options *options, long + if (token_count == 2) { + file = data_path + "token_body2"; + } else { ++ if (strstr(url, "quay.io registry") == NULL) { ++ ERROR("invalid url %s", url); ++ return -1; ++ } + file = data_path + "token_body"; + } + } else if (util_has_prefix(url, "https://quay.io/v2/coreos/etcd/blobs/sha256")) { +-- +2.25.1 + diff --git a/0085-check-return-value-to-valid-use-NULL-pointer.patch b/0085-check-return-value-to-valid-use-NULL-pointer.patch new file mode 100644 index 0000000..edc0e61 --- /dev/null +++ b/0085-check-return-value-to-valid-use-NULL-pointer.patch @@ -0,0 +1,84 @@ +From 64ba80d5f9faec9a0a6400fd5f4e21943271cf03 Mon Sep 17 00:00:00 2001 +From: WangFengTu +Date: Fri, 23 Apr 2021 15:35:13 +0800 +Subject: [PATCH 085/104] check return value to valid use NULL pointer + +Signed-off-by: WangFengTu +--- + src/cmd/isula/isula_host_spec.c | 5 +++++ + .../modules/image/oci/storage/image_store/image_store.c | 8 +++++++- + src/daemon/modules/spec/specs.c | 2 +- + src/utils/http/certificate.c | 4 ++++ + 4 files changed, 17 insertions(+), 2 deletions(-) + +diff --git a/src/cmd/isula/isula_host_spec.c b/src/cmd/isula/isula_host_spec.c +index 1a2ad4ed..85451dd4 100644 +--- a/src/cmd/isula/isula_host_spec.c ++++ b/src/cmd/isula/isula_host_spec.c +@@ -1021,6 +1021,11 @@ static int parse_security_opts(const isula_host_config_t *srcconfig, host_config + + for (i = 0; i < srcconfig->security_len; i++) { + items = util_string_split_n(srcconfig->security[i], '=', 2); ++ if (items == NULL) { ++ COMMAND_ERROR("Invalid --security-opt: %s", srcconfig->security[i]); ++ ret = -1; ++ goto out; ++ } + if (util_array_len((const char **)items) == 1) { + if (strcmp(items[0], "no-new-privileges") != 0) { + ret = -1; +diff --git a/src/daemon/modules/image/oci/storage/image_store/image_store.c b/src/daemon/modules/image/oci/storage/image_store/image_store.c +index 83345ab3..9db158d4 100644 +--- a/src/daemon/modules/image/oci/storage/image_store/image_store.c ++++ b/src/daemon/modules/image/oci/storage/image_store/image_store.c +@@ -2089,6 +2089,12 @@ static int pack_repo_digest(char ***old_repo_digests, const char **image_tags, c + continue; + } + tag_pos = util_tag_pos(ref); ++ if (tag_pos == NULL) { ++ ERROR("invalid ref %s", ref); ++ free(ref); ++ ref = NULL; ++ continue; ++ } + *tag_pos = '\0'; + + nret = asprintf(&tmp_repo_digests, "%s@%s", ref, digest); +@@ -3581,4 +3587,4 @@ out: + } + free(root_dir); + return ret; +-} +\ No newline at end of file ++} +diff --git a/src/daemon/modules/spec/specs.c b/src/daemon/modules/spec/specs.c +index d056b005..d8d05ba0 100644 +--- a/src/daemon/modules/spec/specs.c ++++ b/src/daemon/modules/spec/specs.c +@@ -1929,7 +1929,7 @@ static int generate_security_opt(host_config *hc) + + for (i = 0; i < hc->security_opt_len; i++) { + char **items = util_string_split(hc->security_opt[i], '='); +- if (*items == NULL) { ++ if (items == NULL) { + ERROR("Out of memory"); + return -1; + } +diff --git a/src/utils/http/certificate.c b/src/utils/http/certificate.c +index 117bc15c..64f35bdb 100644 +--- a/src/utils/http/certificate.c ++++ b/src/utils/http/certificate.c +@@ -49,6 +49,10 @@ static void check_algo(X509 *cert) + } + const char *sig_algo = OBJ_nid2ln(OBJ_obj2nid(cert->sig_alg->algorithm)); + #endif ++ if (sig_algo == NULL) { ++ ERROR("sig algo is NULL"); ++ return; ++ } + + for (i = 0; i < len; i++) { + if (strcmp(g_weak_algos[i], sig_algo) == 0) { +-- +2.25.1 + diff --git a/0086-move-reinstall_thinpool-to-helper.sh.patch b/0086-move-reinstall_thinpool-to-helper.sh.patch new file mode 100644 index 0000000..945c11d --- /dev/null +++ b/0086-move-reinstall_thinpool-to-helper.sh.patch @@ -0,0 +1,192 @@ +From a86e5ede7866a18c681ab95d83cc3ae875a71930 Mon Sep 17 00:00:00 2001 +From: gaohuatao +Date: Mon, 26 Apr 2021 10:09:46 +0800 +Subject: [PATCH 086/104] move reinstall_thinpool to helper.sh + +Signed-off-by: gaohuatao +--- + .../container_cases/graph_root_test.sh | 38 --------- + .../container_cases/storage_opts_dm.sh | 30 ------- + CI/test_cases/helpers.sh | 79 +++++++++++++++++++ + 3 files changed, 79 insertions(+), 68 deletions(-) + +diff --git a/CI/test_cases/container_cases/graph_root_test.sh b/CI/test_cases/container_cases/graph_root_test.sh +index 678d176e..4beb5d9e 100644 +--- a/CI/test_cases/container_cases/graph_root_test.sh ++++ b/CI/test_cases/container_cases/graph_root_test.sh +@@ -22,44 +22,6 @@ + declare -r curr_path=$(dirname $(readlink -f "$0")) + source ../helpers.sh + +-function reinstall_thinpool() +-{ +- local ret=0 +- +- cat /etc/isulad/daemon.json | grep driver | grep devicemapper +- if [[ $? -ne 0 ]]; then +- return ${ret} +- fi +- +- dev_disk=`pvs | grep isulad | awk '{print$1}'` +- rm -rf /var/lib/isulad/* +- dmsetup remove_all +- lvremove -f isulad/thinpool +- lvremove -f isulad/thinpoolmeta +- vgremove -f isulad +- pvremove -f $dev_disk +- mount | grep $dev_disk | grep /var/lib/isulad +- if [ x"$?" == x"0" ]; then +- umount /var/lib/isulad +- fi +- touch /etc/lvm/profile/isulad-thinpool.profile +- cat > /etc/lvm/profile/isulad-thinpool.profile < /etc/lvm/profile/isulad-thinpool.profile < /etc/lvm/profile/isulad-thinpool.profile < +Date: Mon, 26 Apr 2021 15:06:35 +0800 +Subject: [PATCH 087/104] CI:activate vg isulad + +Signed-off-by: gaohuatao +--- + CI/test_cases/helpers.sh | 8 +++++++- + 1 file changed, 7 insertions(+), 1 deletion(-) + +diff --git a/CI/test_cases/helpers.sh b/CI/test_cases/helpers.sh +index 7f4a286d..c8e7bb8a 100755 +--- a/CI/test_cases/helpers.sh ++++ b/CI/test_cases/helpers.sh +@@ -196,6 +196,10 @@ function do_install_thinpool() + { + local ret=0 + ++ systemctl restart lvm2-lvmetad.service ++ systemctl restart systemd-udevd.service ++ udevadm control --reload-rules && udevadm trigger ++ + dev_disk=`pvs | grep isulad | awk '{print$1}'` + rm -rf /var/lib/isulad/* + dmsetup remove_all +@@ -240,6 +244,8 @@ EOF + lvconvert -y --zero n -c 512K --thinpool isulad/thinpool --poolmetadata isulad/thinpoolmeta + [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - lvconvert failed" && ((ret++)) + ++ lvchange --activate ay isulad ++ + lvchange --metadataprofile isulad-thinpool isulad/thinpool + [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - lvchange failed" && ((ret++)) + +@@ -251,7 +257,7 @@ EOF + # Delete all containers and stop isulad before executing this func + function reinstall_thinpool() + { +- retry_limit=3 ++ retry_limit=10 + retry_interval=2 + state="fail" + +-- +2.25.1 + diff --git a/0088-CI-devicemapper-add-filter.patch b/0088-CI-devicemapper-add-filter.patch new file mode 100644 index 0000000..723d15d --- /dev/null +++ b/0088-CI-devicemapper-add-filter.patch @@ -0,0 +1,31 @@ +From 4e9f8ec1f3229e6992ab2750fac61a062bae64ed Mon Sep 17 00:00:00 2001 +From: gaohuatao +Date: Tue, 27 Apr 2021 16:31:08 +0800 +Subject: [PATCH 088/104] CI devicemapper add filter + +Signed-off-by: gaohuatao +--- + CI/test_cases/helpers.sh | 7 ++++--- + 1 file changed, 4 insertions(+), 3 deletions(-) + +diff --git a/CI/test_cases/helpers.sh b/CI/test_cases/helpers.sh +index c8e7bb8a..d40e61d9 100755 +--- a/CI/test_cases/helpers.sh ++++ b/CI/test_cases/helpers.sh +@@ -196,9 +196,10 @@ function do_install_thinpool() + { + local ret=0 + +- systemctl restart lvm2-lvmetad.service +- systemctl restart systemd-udevd.service +- udevadm control --reload-rules && udevadm trigger ++ cat /etc/isulad/daemon.json | grep driver | grep devicemapper ++ if [[ $? -ne 0 ]]; then ++ return ${ret} ++ fi + + dev_disk=`pvs | grep isulad | awk '{print$1}'` + rm -rf /var/lib/isulad/* +-- +2.25.1 + diff --git a/0089-syslog-tag-support-dynamic-tag-values.patch b/0089-syslog-tag-support-dynamic-tag-values.patch new file mode 100644 index 0000000..101e6e1 --- /dev/null +++ b/0089-syslog-tag-support-dynamic-tag-values.patch @@ -0,0 +1,555 @@ +From 8048944dcc7a23be2a449dc597abe8f82c02fa05 Mon Sep 17 00:00:00 2001 +From: haozi007 +Date: Thu, 21 Jan 2021 11:12:49 +0800 +Subject: [PATCH 089/104] syslog tag support dynamic tag values + +1. {{.ID}} : first 12 character of the container id +2. {{.FullID}} : full container id +3. {{.Name}} : container name +4. {{.ImageID}} : first 12 character of container's image id +5. {{.ImageFullID}} : container's image id +6. {{.ImageName}} : container's image name +7. {{.DaemonName}} : name of isulad program 'iSulad' + +Signed-off-by: haozi007 +--- + src/cmd/options/opt_log.c | 68 +++++ + src/cmd/options/opt_log.h | 13 + + .../executor/container_cb/execution_create.c | 247 +++++++++++++++--- + .../graphdriver/devmapper/deviceset.c | 2 +- + 4 files changed, 289 insertions(+), 41 deletions(-) + +diff --git a/src/cmd/options/opt_log.c b/src/cmd/options/opt_log.c +index f6c18b23..c11792f3 100644 +--- a/src/cmd/options/opt_log.c ++++ b/src/cmd/options/opt_log.c +@@ -25,6 +25,7 @@ + #include "utils_array.h" + #include "utils_convert.h" + #include "utils_string.h" ++#include "buffer.h" + + #define DRIVER_MAX 2 + +@@ -160,6 +161,7 @@ bool parse_container_log_opt(const char *key, const char *val, json_map_string_s + } + } + nret = append_json_map_string_string(opts, support_parsers[i].real_key, parsed_val); ++ free(parsed_val); + return true; + } + } +@@ -274,3 +276,69 @@ bool check_opt_container_log_driver(const char *driver) + return false; + } + ++int parse_container_log_opt_syslog_tag(const char *tag, tag_parser op, map_t *tag_maps, char **parsed_tag) ++{ ++ Buffer *bf = NULL; ++ char *work_tag = NULL; ++ char *prefix = NULL; ++ char *curr = NULL; ++ int ret = 0; ++ ++ if (tag == NULL || op == NULL || parsed_tag == NULL) { ++ ERROR("Invalid arguments"); ++ return -1; ++ } ++ bf = buffer_alloc(strlen(tag)); ++ if (bf == NULL) { ++ ERROR("Out of memory"); ++ return -1; ++ } ++ ++ work_tag = util_strdup_s(tag); ++ prefix = work_tag; ++ while (prefix != NULL && strlen(prefix) != 0) { ++ char *parsed_item = NULL; ++ curr = strstr(prefix, "{{"); ++ if (curr == NULL) { ++ ret = buffer_append(bf, prefix, strlen(prefix)); ++ break; ++ } ++ *curr = '\0'; ++ ret = buffer_append(bf, prefix, strlen(prefix)); ++ if (ret != 0) { ++ ERROR("OUt of memory"); ++ goto out; ++ } ++ *curr = '{'; ++ ++ curr = curr + 2; ++ prefix = strstr(curr, "}}"); ++ if (prefix == NULL) { ++ ERROR("invalid tag item: %s", tag); ++ ret = -1; ++ goto out; ++ } ++ // get item in '{{' and '}}', to parse to expected string ++ *prefix = '\0'; ++ if (op(curr, tag_maps, &parsed_item) != 0) { ++ ERROR("invalid tag item: %s", tag); ++ ret = -1; ++ goto out; ++ } ++ DEBUG("parse syslog tag item: %s --> %s", curr, parsed_item); ++ *prefix = '}'; ++ ret = buffer_append(bf, parsed_item, strlen(parsed_item)); ++ free(parsed_item); ++ if (ret != 0) { ++ ERROR("OUt of memory"); ++ goto out; ++ } ++ prefix = prefix + 2; ++ } ++ ++ *parsed_tag = util_strdup_s(bf->contents); ++out: ++ buffer_free(bf); ++ free(work_tag); ++ return ret; ++} +\ No newline at end of file +diff --git a/src/cmd/options/opt_log.h b/src/cmd/options/opt_log.h +index f9daa02d..d87851b0 100644 +--- a/src/cmd/options/opt_log.h ++++ b/src/cmd/options/opt_log.h +@@ -17,11 +17,22 @@ + + #include + #include ++#include "map.h" + + #ifdef __cplusplus + extern "C" { + #endif + ++struct logger_info { ++ char *id; ++ char *name; ++ char *img_id; ++ char *img_name; ++ char *daemon_name; ++}; ++ ++typedef int (*tag_parser)(const char *, map_t *, char **); ++ + bool check_raw_log_opt(const char *key); + + bool check_opt_container_log_opt(const char *driver, const char *opt); +@@ -32,6 +43,8 @@ bool parse_container_log_opt(const char *key, const char *val, json_map_string_s + + bool parse_container_log_opts(json_map_string_string **opts); + ++int parse_container_log_opt_syslog_tag(const char *tag, tag_parser op, map_t *tag_maps, char **parsed_tag); ++ + #ifdef __cplusplus + } + #endif +diff --git a/src/daemon/executor/container_cb/execution_create.c b/src/daemon/executor/container_cb/execution_create.c +index 9136348e..71d29b2c 100644 +--- a/src/daemon/executor/container_cb/execution_create.c ++++ b/src/daemon/executor/container_cb/execution_create.c +@@ -257,8 +257,7 @@ static int merge_container_log_config_opts(const char *daemon_driver, const json + return 0; + } + +-static int do_set_default_log_path_for_json_file(const char *id, const char *root, bool file_found, +- container_config *spec) ++static int do_set_default_log_path_for_json_file(const char *id, const char *root, container_config *spec) + { + int nret = 0; + char default_path[PATH_MAX] = { 0 }; +@@ -277,10 +276,150 @@ static int do_set_default_log_path_for_json_file(const char *id, const char *roo + return 0; + } + +-static int do_check_container_log_config_opts(const char *id, const char *root, container_config *spec) ++int syslog_tag_parser(const char *tag, map_t *tag_maps, char **parsed) ++{ ++ char *tmp_tag = NULL; ++ int ret = 0; ++ char *target = NULL; ++ ++ if (tag == NULL) { ++ ERROR("empty tag is invalid."); ++ return -1; ++ } ++ ++ tmp_tag = util_strdup_s(tag); ++ tmp_tag = util_trim_space(tmp_tag); ++ target = map_search(tag_maps, (void *)tmp_tag); ++ if (target == NULL) { ++ ERROR("Invalid tag: %s", tag); ++ ret = -1; ++ goto out; ++ } ++ ++ *parsed = util_strdup_s(target); ++ ++out: ++ free(tmp_tag); ++ return ret; ++} ++ ++static int do_update_container_log_config_syslog_tag(map_t *tag_maps, const char *driver, size_t idx, ++ json_map_string_string *annotations) ++{ ++ char *parsed_tag = NULL; ++ ++ if (driver == NULL || strcmp(driver, CONTAINER_LOG_CONFIG_SYSLOG_DRIVER) != 0) { ++ return 0; ++ } ++ ++ if (annotations->keys[idx] == NULL || strcmp(annotations->keys[idx], CONTAINER_LOG_CONFIG_KEY_SYSLOG_TAG) != 0) { ++ return 0; ++ } ++ ++ if (parse_container_log_opt_syslog_tag(annotations->values[idx], syslog_tag_parser, tag_maps, &parsed_tag) != 0) { ++ return -1; ++ } ++ DEBUG("new syslog tag: %s", parsed_tag); ++ ++ free(annotations->values[idx]); ++ annotations->values[idx] = parsed_tag; ++ return 0; ++} ++ ++static map_t *make_tag_mappings(const struct logger_info *p_info) ++{ ++#define SHORT_ID_LEN 12 ++ map_t *tag_maps = NULL; ++ char *short_id = NULL; ++ char *short_img_id = NULL; ++ ++ tag_maps = map_new(MAP_STR_STR, MAP_DEFAULT_CMP_FUNC, MAP_DEFAULT_FREE_FUNC); ++ if (tag_maps == NULL) { ++ ERROR("Out of memory"); ++ return NULL; ++ } ++ ++ short_id = util_sub_string(p_info->id, 0, SHORT_ID_LEN); ++ if (short_id == NULL) { ++ goto err_out; ++ } ++ if (!map_replace(tag_maps, (void *)".ID", (void *)short_id)) { ++ goto err_out; ++ } ++ if (!map_replace(tag_maps, (void *)".FullID", (void *)p_info->id)) { ++ goto err_out; ++ } ++ if (!map_replace(tag_maps, (void *)".Name", (void *)p_info->name)) { ++ goto err_out; ++ } ++ ++ if (p_info->img_id != NULL) { ++ short_img_id = util_sub_string(p_info->img_id, 0, SHORT_ID_LEN); ++ if (short_img_id == NULL) { ++ goto err_out; ++ } ++ if (!map_replace(tag_maps, (void *)".ImageID", (void *)short_img_id)) { ++ goto err_out; ++ } ++ if (!map_replace(tag_maps, (void *)".ImageFullID", (void *)p_info->img_id)) { ++ goto err_out; ++ } ++ } else { ++ WARN("Empty image id"); ++ } ++ ++ if (p_info->img_name != NULL) { ++ if (!map_replace(tag_maps, (void *)".ImageName", (void *)p_info->img_name)) { ++ goto err_out; ++ } ++ } else { ++ WARN("Empty image name"); ++ } ++ ++ if (!map_replace(tag_maps, (void *)".DaemonName", (void *)p_info->daemon_name)) { ++ goto err_out; ++ } ++ ++ free(short_img_id); ++ free(short_id); ++ return tag_maps; ++err_out: ++ free(short_img_id); ++ free(short_id); ++ map_free(tag_maps); ++ return NULL; ++} ++ ++static int do_set_default_container_log_opts(bool set_file, bool set_rotate, bool set_size, const char *id, ++ const char *root, container_config *spec) ++{ ++ if (!set_rotate && append_json_map_string_string(spec->annotations, CONTAINER_LOG_CONFIG_KEY_ROTATE, "7") != 0) { ++ return -1; ++ } ++ if (!set_size && append_json_map_string_string(spec->annotations, CONTAINER_LOG_CONFIG_KEY_SIZE, "1MB") != 0) { ++ return -1; ++ } ++ if (set_file) { ++ return 0; ++ } ++ return do_set_default_log_path_for_json_file(id, root, spec); ++} ++ ++static int do_parse_container_log_config_opts(const struct logger_info *p_info, const char *root, ++ container_config *spec) + { + size_t i; +- bool file_found = false; ++ bool set_file = false; ++ bool set_rotate = false; ++ bool set_size = false; ++ map_t *tag_maps = NULL; ++ int ret = 0; ++ ++ tag_maps = make_tag_mappings(p_info); ++ if (tag_maps == NULL) { ++ ERROR("Out of memory"); ++ return -1; ++ } + + // check log opts is support by driver + for (i = 0; i < spec->annotations->len; i++) { +@@ -292,23 +431,40 @@ static int do_check_container_log_config_opts(const char *id, const char *root, + DEBUG("check log opt key: %s for driver: %s", tmp_key, spec->log_driver); + if (!check_opt_container_log_opt(spec->log_driver, tmp_key)) { + isulad_set_error_message("container log driver: %s, unsupport: %s", spec->log_driver, tmp_key); +- return -1; ++ ERROR("container log driver: %s, unsupport: %s", spec->log_driver, tmp_key); ++ ret = -1; ++ goto out; ++ } ++ ++ if (do_update_container_log_config_syslog_tag(tag_maps, spec->log_driver, i, spec->annotations) != 0) { ++ isulad_set_error_message("container syslog tag: unsupport: %s", spec->annotations->values[i]); ++ ERROR("container syslog tag: unsupport: %s", spec->annotations->values[i]); ++ ret = -1; ++ goto out; + } + + if (strcmp(CONTAINER_LOG_CONFIG_KEY_FILE, tmp_key) == 0) { +- file_found = true; ++ set_file = true; ++ } ++ if (strcmp(CONTAINER_LOG_CONFIG_KEY_ROTATE, tmp_key) == 0) { ++ set_rotate = true; ++ } ++ if (strcmp(CONTAINER_LOG_CONFIG_KEY_SIZE, tmp_key) == 0) { ++ set_size = true; + } + } + +- if (!file_found && strcmp(spec->log_driver, CONTAINER_LOG_CONFIG_JSON_FILE_DRIVER) == 0) { +- return do_set_default_log_path_for_json_file(id, root, file_found, spec); ++ if (strcmp(spec->log_driver, CONTAINER_LOG_CONFIG_JSON_FILE_DRIVER) == 0) { ++ ret = do_set_default_container_log_opts(set_file, set_rotate, set_size, p_info->id, root, spec); + } + +- return 0; ++out: ++ map_free(tag_maps); ++ return ret; + } + +-static int set_container_log_config_to_container_spec(const char *id, const char *runtime_root, +- container_config *container_spec) ++static int update_container_log_config_to_container_spec(const struct logger_info *p_info, const char *runtime_root, ++ container_config *spec) + { + int ret = 0; + isulad_daemon_configs_container_log *daemon_container_opts = NULL; +@@ -317,30 +473,42 @@ static int set_container_log_config_to_container_spec(const char *id, const char + return -1; + } + +- set_container_log_config_driver(daemon_container_opts, container_spec); ++ set_container_log_config_driver(daemon_container_opts, spec); + +- if (container_spec->annotations == NULL) { +- container_spec->annotations = util_common_calloc_s(sizeof(json_map_string_string)); ++ if (spec->annotations == NULL) { ++ spec->annotations = util_common_calloc_s(sizeof(json_map_string_string)); + } +- if (container_spec->annotations == NULL) { ++ if (spec->annotations == NULL) { + ERROR("Out of memory"); + ret = -1; + goto out; + } + +- ret = merge_container_log_config_opts(daemon_container_opts->driver, daemon_container_opts->opts, container_spec); ++ ret = merge_container_log_config_opts(daemon_container_opts->driver, daemon_container_opts->opts, spec); + if (ret != 0) { + goto out; + } +- ret = do_check_container_log_config_opts(id, runtime_root, container_spec); ++ ret = do_parse_container_log_config_opts(p_info, runtime_root, spec); + + out: + free_isulad_daemon_configs_container_log(daemon_container_opts); + return ret; + } + +-static container_config *get_container_spec(const char *id, const char *runtime_root, +- const container_create_request *request) ++static int do_update_container_log_configs(char *id, char *name, char *image_name, char *image_id, ++ const char *runtime_root, container_config *spec) ++{ ++ struct logger_info l_info = { 0 }; ++ l_info.id = id; ++ l_info.name = name; ++ l_info.img_name = image_name; ++ l_info.img_id = image_id != NULL ? image_id : image_name; ++ l_info.daemon_name = "iSulad"; ++ ++ return update_container_log_config_to_container_spec(&l_info, runtime_root, spec); ++} ++ ++static container_config *get_container_spec(const container_create_request *request) + { + container_config *container_spec = NULL; + +@@ -349,15 +517,7 @@ static container_config *get_container_spec(const char *id, const char *runtime_ + return NULL; + } + +- if (set_container_log_config_to_container_spec(id, runtime_root, container_spec)) { +- goto error_out; +- } +- + return container_spec; +- +-error_out: +- free_container_config(container_spec); +- return NULL; + } + + static oci_runtime_spec *generate_oci_config(host_config *host_spec, const char *real_rootfs, +@@ -542,14 +702,13 @@ out: + return ret; + } + +-static int register_new_container(const char *id, const char *runtime, host_config *host_spec, ++static int register_new_container(const char *id, const char *image_id, const char *runtime, host_config *host_spec, + container_config_v2_common_config *v2_spec) + { + int ret = -1; + bool registered = false; + char *runtime_root = NULL; + char *runtime_stat = NULL; +- char *image_id = NULL; + container_t *cont = NULL; + + runtime_root = conf_get_routine_rootdir(runtime); +@@ -562,11 +721,6 @@ static int register_new_container(const char *id, const char *runtime, host_conf + goto out; + } + +- if (strcmp(v2_spec->image_type, IMAGE_TYPE_OCI) == 0) { +- if (conf_get_image_id(v2_spec->image, &image_id) != 0) { +- goto out; +- } +- } + cont = container_new(runtime, runtime_root, runtime_stat, image_id, host_spec, v2_spec, NULL); + if (cont == NULL) { + ERROR("Failed to create container '%s'", id); +@@ -589,7 +743,6 @@ static int register_new_container(const char *id, const char *runtime, host_conf + out: + free(runtime_root); + free(runtime_stat); +- free(image_id); + if (ret != 0) { + /* fail, do not use the input v2 spec and host spec, the memeory will be free by caller*/ + if (cont != NULL) { +@@ -911,8 +1064,8 @@ out: + return ret; + } + +-static int get_basic_spec(const container_create_request *request, const char *id, const char *runtime_root, +- host_config **host_spec, container_config **container_spec) ++static int get_basic_spec(const container_create_request *request, host_config **host_spec, ++ container_config **container_spec) + { + *host_spec = get_host_spec(request); + if (*host_spec == NULL) { +@@ -923,7 +1076,7 @@ static int get_basic_spec(const container_create_request *request, const char *i + return -1; + } + +- *container_spec = get_container_spec(id, runtime_root, request); ++ *container_spec = get_container_spec(request); + if (*container_spec == NULL) { + return -1; + } +@@ -1309,6 +1462,7 @@ int container_create_cb(const container_create_request *request, container_creat + char *real_rootfs = NULL; + char *image_type = NULL; + char *runtime_root = NULL; ++ char *image_id = NULL; + char *oci_config_data = NULL; + char *runtime = NULL; + char *name = NULL; +@@ -1340,7 +1494,7 @@ int container_create_cb(const container_create_request *request, container_creat + goto clean_nameindex; + } + +- if (get_basic_spec(request, id, runtime_root, &host_spec, &container_spec) != 0) { ++ if (get_basic_spec(request, &host_spec, &container_spec) != 0) { + cc = ISULAD_ERR_INPUT; + goto clean_container_root_dir; + } +@@ -1390,6 +1544,18 @@ int container_create_cb(const container_create_request *request, container_creat + goto clean_rootfs; + } + ++ if (strcmp(v2_spec->image_type, IMAGE_TYPE_OCI) == 0) { ++ if (conf_get_image_id(v2_spec->image, &image_id) != 0) { ++ cc = ISULAD_ERR_EXEC; ++ goto clean_rootfs; ++ } ++ } ++ ++ if (do_update_container_log_configs(id, name, image_name, image_id, runtime_root, v2_spec->config)) { ++ cc = ISULAD_ERR_EXEC; ++ goto clean_rootfs; ++ } ++ + if (verify_container_config(v2_spec->config) != 0) { + cc = ISULAD_ERR_EXEC; + goto clean_rootfs; +@@ -1453,7 +1619,7 @@ int container_create_cb(const container_create_request *request, container_creat + goto umount_channel; + } + +- if (register_new_container(id, runtime, host_spec, v2_spec)) { ++ if (register_new_container(id, image_id, runtime, host_spec, v2_spec)) { + ERROR("Failed to register new container"); + cc = ISULAD_ERR_EXEC; + goto umount_channel; +@@ -1490,6 +1656,7 @@ pack_response: + free(image_type); + free(image_name); + free(name); ++ free(image_id); + free(id); + free_oci_runtime_spec(oci_spec); + free_host_config(host_spec); +diff --git a/src/daemon/modules/image/oci/storage/layer_store/graphdriver/devmapper/deviceset.c b/src/daemon/modules/image/oci/storage/layer_store/graphdriver/devmapper/deviceset.c +index 6ed546bc..2b54634d 100644 +--- a/src/daemon/modules/image/oci/storage/layer_store/graphdriver/devmapper/deviceset.c ++++ b/src/daemon/modules/image/oci/storage/layer_store/graphdriver/devmapper/deviceset.c +@@ -2405,7 +2405,7 @@ static int do_check_all_devices(struct device_set *devset) + struct stat st; + int nret = 0; + +- // Equal to "dmsetup ls" . That is to say, devices_len is not zero, because isulad-thinpool exists. ++ // Equal to "dmsetup ls" . That is to say, devices_len is not zero, because isulad-thinpool exists. + if (dev_get_device_list(&devices_list, &devices_len) != 0) { + ERROR("devicemapper: failed to get device list"); + ret = -1; +-- +2.25.1 + diff --git a/0090-add-testcase-for-contailer-log-opts.patch b/0090-add-testcase-for-contailer-log-opts.patch new file mode 100644 index 0000000..725fd44 --- /dev/null +++ b/0090-add-testcase-for-contailer-log-opts.patch @@ -0,0 +1,218 @@ +From 62b09ccf7a3a20694d906020fe6e02c61c75bcac Mon Sep 17 00:00:00 2001 +From: haozi007 +Date: Wed, 28 Apr 2021 19:25:42 +0800 +Subject: [PATCH 090/104] add testcase for contailer log opts + +Signed-off-by: haozi007 +--- + CI/test_cases/container_cases/log_test.sh | 133 ++++++++++++++++-- + .../container_cases/test_data/daemon.json | 1 + + 2 files changed, 125 insertions(+), 9 deletions(-) + +diff --git a/CI/test_cases/container_cases/log_test.sh b/CI/test_cases/container_cases/log_test.sh +index 08abf212..119a005a 100755 +--- a/CI/test_cases/container_cases/log_test.sh ++++ b/CI/test_cases/container_cases/log_test.sh +@@ -12,6 +12,7 @@ function do_pre() + { + mv /etc/isulad/daemon.json /etc/isulad/daemon.bak + cp ${data_path}/daemon.json /etc/isulad/daemon.json ++ TC_RET_T=0 + } + + function do_post() +@@ -23,8 +24,9 @@ function do_post() + + function do_check_item() + { +- cat ${ISULAD_ROOT_PATH}/engine/lcr/$1/config | grep console | grep "$2" ++ cat ${ISULAD_ROOT_PATH}/engines/lcr/$1/config | grep console | grep "$2" + if [ $? -ne 0 ]; then ++ cat ${ISULAD_ROOT_PATH}/engines/lcr/$1/config | grep console + msg_err "expect $2" + TC_RET_T=$(($TC_RET_T+1)) + fi +@@ -61,6 +63,112 @@ function do_test_syslog_helper() + return $TC_RET_T + } + ++function do_test_syslog_tag() ++{ ++ local cid ++ msg_info "this is $0 do_test" ++ ++ crictl pull busybox ++ if [ $? -ne 0 ]; then ++ msg_err "Failed to pull busybox image" ++ TC_RET_T=$(($TC_RET_T+1)) ++ fi ++ ++ isula run -ti --log-opt="syslog-tag={{.xxx}}" busybox date ++ if [ $? -eq 0 ]; then ++ msg_err "run container success with invalid syslog-tag" ++ TC_RET_T=$(($TC_RET_T+1)) ++ fi ++ ++ isula run -ti --log-opt="syslog-tag={{" busybox date ++ if [ $? -eq 0 ]; then ++ msg_err "run container success with invalid syslog-tag" ++ TC_RET_T=$(($TC_RET_T+1)) ++ fi ++ ++ isula run -ti --log-opt="syslog-tag=aab{{cd" busybox date ++ if [ $? -eq 0 ]; then ++ msg_err "run container success with invalid syslog-tag" ++ TC_RET_T=$(($TC_RET_T+1)) ++ fi ++ ++ cid=$(isula run -tid --log-opt="syslog-tag={{.DaemonName}}" busybox sh) ++ if [ $? -ne 0 ]; then ++ msg_err "Failed to run container" ++ TC_RET_T=$(($TC_RET_T+1)) ++ fi ++ do_check_item ${cid} "logdriver = syslog" ++ do_check_item ${cid} "syslog_tag = iSulad" ++ ++ cid=`isula run -tid --log-opt="syslog-tag={{.ID}}" busybox sh` ++ if [ $? -ne 0 ]; then ++ msg_err "Failed to run container" ++ TC_RET_T=$(($TC_RET_T+1)) ++ fi ++ do_check_item ${cid} "logdriver = syslog" ++ do_check_item ${cid} "syslog_tag = ${cid: 0: 12}" ++ ++ cid=`isula run -tid --name=haozi --log-opt="syslog-tag={{.ID}}xx{{.Name}}" busybox sh` ++ if [ $? -ne 0 ]; then ++ msg_err "Failed to run container" ++ TC_RET_T=$(($TC_RET_T+1)) ++ fi ++ do_check_item ${cid} "logdriver = syslog" ++ do_check_item ${cid} "syslog_tag = ${cid: 0: 12}xxhaozi" ++ isula rm -f haozi ++ ++ cid=`isula run -tid --log-opt="syslog-tag={{.FullID}}" busybox sh` ++ if [ $? -ne 0 ]; then ++ msg_err "Failed to run container" ++ TC_RET_T=$(($TC_RET_T+1)) ++ fi ++ do_check_item ${cid} "logdriver = syslog" ++ do_check_item ${cid} "syslog_tag = ${cid}" ++ ++ cid=`isula run -tid --name haozi --log-opt="syslog-tag={{.Name}}" busybox sh` ++ if [ $? -ne 0 ]; then ++ msg_err "Failed to run container" ++ TC_RET_T=$(($TC_RET_T+1)) ++ fi ++ do_check_item ${cid} "logdriver = syslog" ++ do_check_item ${cid} "syslog_tag = haozi" ++ isula rm -f haozi ++ ++ cid=`isula run -tid --name haozi --log-opt="syslog-tag=xx{{.Name}}yy" busybox sh` ++ if [ $? -ne 0 ]; then ++ msg_err "Failed to run container" ++ TC_RET_T=$(($TC_RET_T+1)) ++ fi ++ do_check_item ${cid} "logdriver = syslog" ++ do_check_item ${cid} "syslog_tag = xxhaoziyy" ++ isula rm -f haozi ++ ++ cid=`isula run -tid --log-opt="syslog-tag={{.ImageName}}" busybox sh` ++ if [ $? -ne 0 ]; then ++ msg_err "Failed to run container" ++ TC_RET_T=$(($TC_RET_T+1)) ++ fi ++ do_check_item ${cid} "logdriver = syslog" ++ do_check_item ${cid} "syslog_tag = busybox" ++ ++ cid=`isula run -tid --log-opt="syslog-tag={{.ImageID}}" busybox sh` ++ if [ $? -ne 0 ]; then ++ msg_err "Failed to run container" ++ TC_RET_T=$(($TC_RET_T+1)) ++ fi ++ img_id=`isula inspect -f '{{.image.id}}' busybox` ++ do_check_item ${cid} "logdriver = syslog" ++ do_check_item ${cid} "syslog_tag = sha256:${img_id:0:5}" ++ ++ isula rm -f `isula ps -aq` ++ if [ $? -ne 0 ]; then ++ msg_err "Failed to remove container" ++ TC_RET_T=$(($TC_RET_T+1)) ++ fi ++ ++ return $TC_RET_T ++} ++ + function do_test_json_file_helper() + { + msg_info "this is $0 do_test" +@@ -96,6 +204,8 @@ function do_test_json_file_helper() + function do_test_container_log() + { + msg_info "this is $0 do_test" ++ cat /etc/isulad/daemon.json ++ ps aux | grep -i isulad + + cid=`isula run -tid --log-driver=json-file busybox sh` + if [ $? -ne 0 ]; then +@@ -129,7 +239,7 @@ function do_test_container_log() + msg_err "Failed to run container" + TC_RET_T=$(($TC_RET_T+1)) + fi +- cat ${ISULAD_ROOT_PATH}/engine/lcr/${cid}/config | grep console | grep "logfile =" ++ cat ${ISULAD_ROOT_PATH}/engines/lcr/${cid}/config | grep console | grep "logfile =" + if [ $? -eq 0 ]; then + msg_err "Failed to disable log" + TC_RET_T=$(($TC_RET_T+1)) +@@ -139,14 +249,20 @@ function do_test_container_log() + return $TC_RET_T + } + ++function do_test_container_syslog() { ++ do_test_syslog_helper "xxxx" ++ ++ do_test_syslog_tag ++} ++ + function do_test() { + check_valgrind_log +- start_isulad_with_valgrind --log-opts="syslog-tag=xxxx" ++ start_isulad_with_valgrind --container-log-opts="syslog-tag=xxxx" + +- do_test_syslog_helper "xxxx" ++ do_test_container_syslog + + check_valgrind_log +- start_isulad_with_valgrind --log-driver=json-file --log-opts="max-size=10MB" --log-opts="max-file=3" ++ start_isulad_with_valgrind --container-log-driver=json-file --container-log-opts="max-size=10MB" --container-log-opts="max-file=3" + do_test_json_file_helper "3" "10MB" + + check_valgrind_log +@@ -157,10 +273,9 @@ function do_test() { + ret=0 + + do_pre +-if [ $? -ne 0 ];then +- let "ret=$ret + 1" +-fi ++ ++do_test + + do_post + +-show_result $ret "cni base test" ++show_result $TC_RET_T "container log test" +diff --git a/CI/test_cases/container_cases/test_data/daemon.json b/CI/test_cases/container_cases/test_data/daemon.json +index f8914ed4..aa88c9da 100644 +--- a/CI/test_cases/container_cases/test_data/daemon.json ++++ b/CI/test_cases/container_cases/test_data/daemon.json +@@ -23,6 +23,7 @@ + "overlay2.override_kernel_check=true" + ], + "registry-mirrors": [ ++ "docker.io" + ], + "insecure-registries": [ + ], +-- +2.25.1 + diff --git a/0091-CI-run-the-containers-one-by-one.patch b/0091-CI-run-the-containers-one-by-one.patch new file mode 100644 index 0000000..c1d3cad --- /dev/null +++ b/0091-CI-run-the-containers-one-by-one.patch @@ -0,0 +1,40 @@ +From 8003284bbf9d679e2d3f52cb55cdd4ee70d22977 Mon Sep 17 00:00:00 2001 +From: lifeng68 +Date: Thu, 29 Apr 2021 12:38:44 +0800 +Subject: [PATCH 091/104] CI: run the containers one by one + +Signed-off-by: lifeng68 +--- + CI/build.sh | 9 ++++----- + 1 file changed, 4 insertions(+), 5 deletions(-) + +diff --git a/CI/build.sh b/CI/build.sh +index cf7691d9..5ebe8ea3 100755 +--- a/CI/build.sh ++++ b/CI/build.sh +@@ -415,18 +415,17 @@ rm -rf ${cptemp} + # wait for copy files become effective + sleep 3 + ++docker exec ${copycontainer} tail -f --retry /tmp/runflag/${CONTAINER_NAME}.scripts.log 2>/dev/null & ++tailpid=$! ++ + for container in ${containers[@]} + do + { + exec_script ${container} ${testcase_script} +- }& +- pids="$! $pids" ++ } + done + +-docker exec ${copycontainer} tail -f --retry /tmp/runflag/${CONTAINER_NAME}.scripts.log 2>/dev/null & +-tailpid=$! + trap "kill -9 $tailpid; exit 0" 15 2 +-wait $pids + + pid_dev="NULL" + if [[ "x$disk" != "xNULL" ]] && [[ "x${enable_gcov}" == "xON" ]]; then +-- +2.25.1 + diff --git a/0092-completion-isula-images.patch b/0092-completion-isula-images.patch new file mode 100644 index 0000000..2768d65 --- /dev/null +++ b/0092-completion-isula-images.patch @@ -0,0 +1,102 @@ +From 03f7d19ef75af75cdc8cb15cb022e5fe367c4760 Mon Sep 17 00:00:00 2001 +From: yin-xiujiang +Date: Thu, 6 May 2021 14:32:32 +0800 +Subject: [PATCH 092/104] completion isula images + +--- + src/contrib/completion/isula | 64 ++++++++++++++++++++++++++---------- + 1 file changed, 47 insertions(+), 17 deletions(-) + +diff --git a/src/contrib/completion/isula b/src/contrib/completion/isula +index a12d90a5..a2adc083 100644 +--- a/src/contrib/completion/isula ++++ b/src/contrib/completion/isula +@@ -1,5 +1,7 @@ + #!/usr/bin/env bash +-_isula_isula() { ++ ++_isula_isula() ++{ + local isula_management_commands=( + volume + ) +@@ -65,32 +67,60 @@ _isula_isula() { + esac + } + +-_isula_default() ++_isula_default() + { + COMPREPLY=( $( compgen -d -f -- $cur ) ) + } + +-_isula() { ++_isula_isula_list_images_with_tag() ++{ ++ local images_with_tag=() ++ case "$cur" in ++ *:*) ++ front=${cur%:*} ++ #先去掉第一行,然后过滤指定镜像名 ++ images_with_tag=($(isula images |awk 'NR>1'|grep -w "$front"| awk '{print $2}')) ++ cur=${cur##*:} ++ ;; ++ *) ++ images_with_tag=($(isula images |awk 'NR>1{printf "%s:%s\n",$1,$2}')) ++ ;; ++ esac ++ ++ COMPREPLY=( $( compgen -W "${images_with_tag[*]}" -- "$cur" ) ) ++} ++ ++_isula_isula_rmi() ++{ ++ _isula_isula_list_images_with_tag ++} ++ ++_isula_isula_tag() ++{ ++ _isula_isula_list_images_with_tag ++} ++ ++_isula_isula_images() ++{ ++ _isula_isula_list_images_with_tag ++} ++ ++_isula() ++{ + COMPREPLY=() + +- #An array variable consisting of the individual words in the current command line +- local words=(${COMP_WORDS[*]}) +- #An index into ${word} of the word containing the current cursor position +- local cword=$COMP_CWORD +- local cur="${words[$cword]}" +- local prev="${words[$cword-1]}" ++ local cur prev words cword ++ _get_comp_words_by_ref -n : cur prev words cword + local command='isula' +- ++ if [ $cword -gt 1 ] ; then ++ command="isula_${words[1]}" ++ fi + local completions_func=_isula_${command//-/_} +- +- #The completion of the secondary command will be added later +- if [ $cword -lt 2 ] ; then +- completions_func=_isula_${command//-/_} ++ if declare -F $completions_func >/dev/null; then ++ $completions_func + else +- completions_func=_isula_default ++ _isula_default + fi +- +- declare -F $completions_func >/dev/null && $completions_func + return 0 + } + +-- +2.25.1 + diff --git a/0093-fix-memory-leak-when-pulling-image.patch b/0093-fix-memory-leak-when-pulling-image.patch new file mode 100644 index 0000000..920ef5f --- /dev/null +++ b/0093-fix-memory-leak-when-pulling-image.patch @@ -0,0 +1,110 @@ +From 90b3ae01ff05140cb00baeaf63491bba19ceade6 Mon Sep 17 00:00:00 2001 +From: WangFengTu +Date: Thu, 6 May 2021 16:22:17 +0800 +Subject: [PATCH 093/104] fix memory leak when pulling image + +Signed-off-by: WangFengTu +--- + .../modules/image/oci/registry/http_request.c | 5 +++++ + src/daemon/modules/image/oci/registry/registry.c | 14 ++++++++++++++ + src/daemon/modules/image/oci/registry_type.c | 3 +++ + src/daemon/modules/image/oci/registry_type.h | 2 ++ + 4 files changed, 24 insertions(+) + +diff --git a/src/daemon/modules/image/oci/registry/http_request.c b/src/daemon/modules/image/oci/registry/http_request.c +index 2127795e..e86f37f0 100644 +--- a/src/daemon/modules/image/oci/registry/http_request.c ++++ b/src/daemon/modules/image/oci/registry/http_request.c +@@ -23,6 +23,7 @@ + #include + #include + #include ++#include + + #include "isula_libutils/log.h" + #include "buffer.h" +@@ -371,8 +372,10 @@ static int setup_auth_challenges(pull_descriptor *desc, char ***custom_headers) + goto out; + } + } else if (!strcasecmp(desc->challenges[i].schema, "Bearer")) { ++ (void)pthread_mutex_lock(&desc->challenges_mutex); + ret = get_bearer_token(desc, &desc->challenges[i]); + if (ret != 0) { ++ (void)pthread_mutex_unlock(&desc->challenges_mutex); + ERROR("get bearer token failed"); + isulad_try_set_error_message("authentication failed"); + goto out; +@@ -380,9 +383,11 @@ static int setup_auth_challenges(pull_descriptor *desc, char ***custom_headers) + + auth_header = auth_header_str("Bearer", desc->challenges[i].cached_token); + if (auth_header == NULL) { ++ (void)pthread_mutex_unlock(&desc->challenges_mutex); + ret = -1; + goto out; + } ++ (void)pthread_mutex_unlock(&desc->challenges_mutex); + } else { + WARN("Unsupported schema %s", desc->challenges[i].schema); + continue; +diff --git a/src/daemon/modules/image/oci/registry/registry.c b/src/daemon/modules/image/oci/registry/registry.c +index bd8e8fd0..cc5f6805 100644 +--- a/src/daemon/modules/image/oci/registry/registry.c ++++ b/src/daemon/modules/image/oci/registry/registry.c +@@ -1910,6 +1910,13 @@ static int prepare_pull_desc(pull_descriptor *desc, registry_pull_options *optio + } + desc->mutex_inited = true; + ++ ret = pthread_mutex_init(&desc->challenges_mutex, NULL); ++ if (ret != 0) { ++ ERROR("Failed to init challenges mutex for pull"); ++ goto out; ++ } ++ desc->challenges_mutex_inited = true; ++ + ret = pthread_cond_init(&desc->cond, NULL); + if (ret != 0) { + ERROR("Failed to init cond for pull"); +@@ -2166,6 +2173,13 @@ int registry_login(registry_login_options *options) + desc->username = util_strdup_s(options->auth.username); + desc->password = util_strdup_s(options->auth.password); + ++ ret = pthread_mutex_init(&desc->challenges_mutex, NULL); ++ if (ret != 0) { ++ ERROR("Failed to init challenges mutex for login"); ++ goto out; ++ } ++ desc->challenges_mutex_inited = true; ++ + ret = login_to_registry(desc); + if (ret != 0) { + ERROR("login to registry failed"); +diff --git a/src/daemon/modules/image/oci/registry_type.c b/src/daemon/modules/image/oci/registry_type.c +index 3e0c5e19..51fc1697 100644 +--- a/src/daemon/modules/image/oci/registry_type.c ++++ b/src/daemon/modules/image/oci/registry_type.c +@@ -150,6 +150,9 @@ void free_pull_desc(pull_descriptor *desc) + if (desc->mutex_inited) { + pthread_mutex_destroy(&desc->mutex); + } ++ if (desc->challenges_mutex_inited) { ++ pthread_mutex_destroy(&desc->challenges_mutex); ++ } + + free(desc); + +diff --git a/src/daemon/modules/image/oci/registry_type.h b/src/daemon/modules/image/oci/registry_type.h +index 86449543..11135250 100644 +--- a/src/daemon/modules/image/oci/registry_type.h ++++ b/src/daemon/modules/image/oci/registry_type.h +@@ -102,6 +102,8 @@ typedef struct { + bool skip_tls_verify; + bool insecure_registry; + char *scope; ++ pthread_mutex_t challenges_mutex; ++ bool challenges_mutex_inited; + challenge challenges[CHALLENGE_MAX]; + // This is temporary field. Once http request is performed, it is cleared + char **headers; +-- +2.25.1 + diff --git a/0094-isula-fix-help-xx-coredump.patch b/0094-isula-fix-help-xx-coredump.patch new file mode 100644 index 0000000..dfd663c --- /dev/null +++ b/0094-isula-fix-help-xx-coredump.patch @@ -0,0 +1,51 @@ +From db774e5fc3f6c12d302ef643feec9403b07da47f Mon Sep 17 00:00:00 2001 +From: zhangxiaoyu +Date: Thu, 6 May 2021 18:45:41 +0800 +Subject: [PATCH 094/104] isula: fix --help=xx coredump + +Signed-off-by: zhangxiaoyu +--- + src/cmd/command_parser.c | 4 ++++ + src/cmd/isula/client_arguments.h | 4 +++- + 2 files changed, 7 insertions(+), 1 deletion(-) + +diff --git a/src/cmd/command_parser.c b/src/cmd/command_parser.c +index f900ceac..e925aa32 100644 +--- a/src/cmd/command_parser.c ++++ b/src/cmd/command_parser.c +@@ -360,6 +360,10 @@ static int command_parse_long_arg(command_t *self, const char *arg) + if (command_get_option_data(self, opt, &opt_arg)) { + return -1; + } ++ if (strcmp(opt->large, "help") == 0 && *(bool *)opt->data) { ++ command_help(self); ++ exit(0); ++ } + return 0; + } + COMMAND_ERROR("Unknown flag found:'--%s'\n", arg); +diff --git a/src/cmd/isula/client_arguments.h b/src/cmd/isula/client_arguments.h +index a155b863..6bd99cb0 100644 +--- a/src/cmd/isula/client_arguments.h ++++ b/src/cmd/isula/client_arguments.h +@@ -256,6 +256,8 @@ struct client_arguments { + + char *host_channel; + ++ bool help; ++ + // lcr create + char *external_rootfs; + char *create_rootfs; +@@ -387,7 +389,7 @@ struct client_arguments { + &(cmdargs).key_file, \ + "Path to TLS key file (default \"/root/.iSulad/key.pem\")", \ + NULL }, \ +- { CMD_OPT_TYPE_STRING, false, "help", 0, NULL, "Print usage", NULL }, ++ { CMD_OPT_TYPE_BOOL, false, "help", 0, &(cmdargs).help, "Print usage", NULL }, + + #define VERSION_OPTIONS(cmdargs) \ + { CMD_OPT_TYPE_BOOL, false, "version", 0, NULL, "Print version information and quit", NULL }, +-- +2.25.1 + diff --git a/0095-workdir-must-be-absolute-path.patch b/0095-workdir-must-be-absolute-path.patch new file mode 100644 index 0000000..8d3709f --- /dev/null +++ b/0095-workdir-must-be-absolute-path.patch @@ -0,0 +1,30 @@ +From d2de6b5d8607f50c2b9b324197d670922bc94fbe Mon Sep 17 00:00:00 2001 +From: WangFengTu +Date: Fri, 7 May 2021 16:13:11 +0800 +Subject: [PATCH 095/104] workdir must be absolute path + +Signed-off-by: WangFengTu +--- + src/cmd/isula/stream/exec.c | 6 ++++++ + 1 file changed, 6 insertions(+) + +diff --git a/src/cmd/isula/stream/exec.c b/src/cmd/isula/stream/exec.c +index 3c8601f2..aa702b90 100644 +--- a/src/cmd/isula/stream/exec.c ++++ b/src/cmd/isula/stream/exec.c +@@ -434,6 +434,12 @@ int cmd_exec_main(int argc, const char **argv) + custom_cfg->open_stdin = false; + } + ++ if (custom_cfg->workdir != NULL && util_validate_absolute_path(custom_cfg->workdir) != 0) { ++ COMMAND_ERROR("exec failed: workdir is not validate absolute path"); ++ ret = ECOMMON; ++ goto out; ++ } ++ + g_cmd_exec_args.exec_suffix = generate_exec_suffix(); + if (g_cmd_exec_args.exec_suffix == NULL) { + ERROR("Failed to generate exec suffix"); +-- +2.25.1 + diff --git a/0096-check-if-pull-option-is-valid.patch b/0096-check-if-pull-option-is-valid.patch new file mode 100644 index 0000000..ca6f6a5 --- /dev/null +++ b/0096-check-if-pull-option-is-valid.patch @@ -0,0 +1,42 @@ +From 160a8a6660e1839f72ea625ebe2b30b5bebb46c3 Mon Sep 17 00:00:00 2001 +From: WangFengTu +Date: Fri, 7 May 2021 18:46:32 +0800 +Subject: [PATCH 096/104] check if pull option is valid + +Signed-off-by: WangFengTu +--- + src/cmd/isula/base/create.c | 11 ++++++----- + 1 file changed, 6 insertions(+), 5 deletions(-) + +diff --git a/src/cmd/isula/base/create.c b/src/cmd/isula/base/create.c +index 48dc29be..2083dcf5 100644 +--- a/src/cmd/isula/base/create.c ++++ b/src/cmd/isula/base/create.c +@@ -1568,11 +1568,6 @@ int cmd_create_main(int argc, const char **argv) + exit(ECOMMON); + } + +- if (!valid_pull_option(g_cmd_create_args.pull)) { +- COMMAND_ERROR("invalid --pull option, only \"always\"|\"missing\"|\"never\" is allowed"); +- exit(ECOMMON); +- } +- + ret = client_create(&g_cmd_create_args); + if (ret != 0) { + ERROR("Container \"%s\" create failed", g_cmd_create_args.name); +@@ -2177,6 +2172,12 @@ int create_checker(struct client_arguments *args) + goto out; + } + ++ if (!valid_pull_option(args->pull)) { ++ COMMAND_ERROR("invalid --pull option, only \"always\"|\"missing\"|\"never\" is allowed"); ++ ret = -1; ++ goto out; ++ } ++ + if (create_check_rootfs(args)) { + ret = -1; + goto out; +-- +2.25.1 + diff --git a/0097-fix-memory-usage-of-stats-not-right-when-runtime-is-.patch b/0097-fix-memory-usage-of-stats-not-right-when-runtime-is-.patch new file mode 100644 index 0000000..a1f03ed --- /dev/null +++ b/0097-fix-memory-usage-of-stats-not-right-when-runtime-is-.patch @@ -0,0 +1,28 @@ +From e61687773922c3aaae63a8cd7b4f488bf6c967b6 Mon Sep 17 00:00:00 2001 +From: WangFengTu +Date: Wed, 12 May 2021 11:31:01 +0800 +Subject: [PATCH 097/104] fix memory usage of stats not right when runtime is + kata + +Signed-off-by: WangFengTu +--- + src/daemon/modules/runtime/isula/isula_rt_ops.c | 3 +++ + 1 file changed, 3 insertions(+) + +diff --git a/src/daemon/modules/runtime/isula/isula_rt_ops.c b/src/daemon/modules/runtime/isula/isula_rt_ops.c +index 3b55ac88..f6067ca1 100644 +--- a/src/daemon/modules/runtime/isula/isula_rt_ops.c ++++ b/src/daemon/modules/runtime/isula/isula_rt_ops.c +@@ -562,6 +562,9 @@ static int runtime_call_stats(const char *workdir, const char *runtime, const ch + info->mem_used = stats->data->memory->usage->usage; + info->mem_limit = stats->data->memory->usage->limit; + } ++ if (stats != NULL && stats->data != NULL && stats->data->memory != NULL && stats->data->memory->raw) { ++ info->inactive_file_total = stats->data->memory->raw->total_inactive_file; ++ } + + out: + free_shim_client_runtime_stats(stats); +-- +2.25.1 + diff --git a/0098-log-adjust-log-level-to-reduce-log.patch b/0098-log-adjust-log-level-to-reduce-log.patch new file mode 100644 index 0000000..c31246d --- /dev/null +++ b/0098-log-adjust-log-level-to-reduce-log.patch @@ -0,0 +1,207 @@ +From 3b05de4f3ecbe8e9fd8c37b61aa20273a9477127 Mon Sep 17 00:00:00 2001 +From: Li Feng +Date: Thu, 13 May 2021 15:07:03 +0800 +Subject: [PATCH 098/104] log: adjust log level to reduce log + +Signed-off-by: Li Feng +--- + src/daemon/entry/connect/grpc/runtime_runtime_service.cc | 8 ++++---- + src/daemon/executor/container_cb/execution_extend.c | 6 +++--- + src/daemon/modules/events/collector.c | 4 ++-- + src/daemon/modules/image/image.c | 4 ++-- + src/daemon/modules/image/image_rootfs_handler.c | 5 +++-- + src/daemon/modules/image/oci/oci_common_operators.c | 4 ++-- + src/daemon/modules/service/service_container.c | 4 ++-- + src/utils/cutils/utils_file.c | 2 +- + 8 files changed, 19 insertions(+), 18 deletions(-) + +diff --git a/src/daemon/entry/connect/grpc/runtime_runtime_service.cc b/src/daemon/entry/connect/grpc/runtime_runtime_service.cc +index c9702401..7cceefc9 100644 +--- a/src/daemon/entry/connect/grpc/runtime_runtime_service.cc ++++ b/src/daemon/entry/connect/grpc/runtime_runtime_service.cc +@@ -260,7 +260,7 @@ grpc::Status RuntimeRuntimeServiceImpl::ExecSync(grpc::ServerContext *context, + { + Errors error; + +- EVENT("Event: {Object: CRI, Type: sync execing Container: %s}", request->container_id().c_str()); ++ WARN("Event: {Object: CRI, Type: sync execing Container: %s}", request->container_id().c_str()); + + rService->ExecSync(request->container_id(), request->cmd(), request->timeout(), reply, error); + if (!error.Empty()) { +@@ -268,7 +268,7 @@ grpc::Status RuntimeRuntimeServiceImpl::ExecSync(grpc::ServerContext *context, + return grpc::Status(grpc::StatusCode::UNKNOWN, error.GetMessage()); + } + +- EVENT("Event: {Object: CRI, Type: sync execed Container: %s}", request->container_id().c_str()); ++ WARN("Event: {Object: CRI, Type: sync execed Container: %s}", request->container_id().c_str()); + + return grpc::Status::OK; + } +@@ -390,7 +390,7 @@ RuntimeRuntimeServiceImpl::UpdateContainerResources(grpc::ServerContext *context + { + Errors error; + +- EVENT("Event: {Object: CRI, Type: Updating container resources: %s}", request->container_id().c_str()); ++ WARN("Event: {Object: CRI, Type: Updating container resources: %s}", request->container_id().c_str()); + + rService->UpdateContainerResources(request->container_id(), request->linux(), error); + if (error.NotEmpty()) { +@@ -399,7 +399,7 @@ RuntimeRuntimeServiceImpl::UpdateContainerResources(grpc::ServerContext *context + return grpc::Status(grpc::StatusCode::UNKNOWN, error.GetMessage()); + } + +- EVENT("Event: {Object: CRI, Type: Updated container resources: %s}", request->container_id().c_str()); ++ WARN("Event: {Object: CRI, Type: Updated container resources: %s}", request->container_id().c_str()); + + return grpc::Status::OK; + } +diff --git a/src/daemon/executor/container_cb/execution_extend.c b/src/daemon/executor/container_cb/execution_extend.c +index 77f29fe8..028a3dea 100644 +--- a/src/daemon/executor/container_cb/execution_extend.c ++++ b/src/daemon/executor/container_cb/execution_extend.c +@@ -1223,15 +1223,15 @@ static int container_update_cb(const container_update_request *request, containe + + id = cont->common_config->id; + isula_libutils_set_log_prefix(id); +- EVENT("Event: {Object: %s, Type: updating}", id); ++ WARN("Event: {Object: %s, Type: updating}", id); + + if (do_update_resources(request, cont) != 0) { + cc = ISULAD_ERR_EXEC; + goto pack_response; + } + +- EVENT("Event: {Object: %s, Type: updated}", id); +- (void)isulad_monitor_send_container_event(id, CREATE, -1, 0, NULL, NULL); ++ WARN("Event: {Object: %s, Type: updated}", id); ++ (void)isulad_monitor_send_container_event(id, UPDATE, -1, 0, NULL, NULL); + + pack_response: + pack_update_response(*response, cc, id); +diff --git a/src/daemon/modules/events/collector.c b/src/daemon/modules/events/collector.c +index 67a823f1..1a867354 100644 +--- a/src/daemon/modules/events/collector.c ++++ b/src/daemon/modules/events/collector.c +@@ -481,7 +481,7 @@ static int write_events_log(const struct isulad_events_format *events) + + len = calculate_annaotation_info_len(events); + if (len == 1) { +- EVENT("Event: {Object: %s, Type: %s}", events->id, events->opt); ++ WARN("Event: {Object: %s, Type: %s}", events->id, events->opt); + } else { + annotation = (char *)util_common_calloc_s(len); + if (annotation == NULL) { +@@ -499,7 +499,7 @@ static int write_events_log(const struct isulad_events_format *events) + } + (void)strcat(annotation, ")"); + +- EVENT("Event: {Object: %s, Type: %s %s}", events->id, events->opt, annotation); ++ WARN("Event: {Object: %s, Type: %s %s}", events->id, events->opt, annotation); + } + + out: +diff --git a/src/daemon/modules/image/image.c b/src/daemon/modules/image/image.c +index 8e663863..6832aec3 100644 +--- a/src/daemon/modules/image/image.c ++++ b/src/daemon/modules/image/image.c +@@ -842,7 +842,7 @@ int im_list_images(const im_list_request *ctx, im_list_response **response) + return -1; + } + +- EVENT("Event: {Object: list images, Type: listing}"); ++ WARN("Event: {Object: list images, Type: listing}"); + + for (i = 0; i < g_numbims; i++) { + if (g_bims[i].ops->list_ims == NULL) { +@@ -862,7 +862,7 @@ int im_list_images(const im_list_request *ctx, im_list_response **response) + images_tmp = NULL; + } + +- EVENT("Event: {Object: list images, Type: listed}"); ++ WARN("Event: {Object: list images, Type: listed}"); + + if (g_isulad_errmsg != NULL) { + (*response)->errmsg = util_strdup_s(g_isulad_errmsg); +diff --git a/src/daemon/modules/image/image_rootfs_handler.c b/src/daemon/modules/image/image_rootfs_handler.c +index f9250a8d..f7bc9bc9 100644 +--- a/src/daemon/modules/image/image_rootfs_handler.c ++++ b/src/daemon/modules/image/image_rootfs_handler.c +@@ -275,7 +275,8 @@ static int append_additional_groups(const struct group *grp, struct group **grou + struct group *new_groups = NULL; + size_t new_len = *len + 1; + +- ret = util_mem_realloc((void **)&new_groups, new_len * sizeof(struct group), *groups, (*len) * sizeof(struct group)); ++ ret = util_mem_realloc((void **)&new_groups, new_len * sizeof(struct group), *groups, ++ (*len) * sizeof(struct group)); + if (ret != 0) { + ERROR("Out of memory"); + return -1; +@@ -414,7 +415,7 @@ static int read_user_file(const char *basefs, const char *user_path, FILE **stre + + *stream = util_fopen(real_path, "r"); + if (*stream == NULL) { +- ERROR("Failed to open %s: %s", real_path, strerror(errno)); ++ WARN("Failed to open %s: %s", real_path, strerror(errno)); + ret = 0; + goto out; + } +diff --git a/src/daemon/modules/image/oci/oci_common_operators.c b/src/daemon/modules/image/oci/oci_common_operators.c +index 845e1fde..09405651 100644 +--- a/src/daemon/modules/image/oci/oci_common_operators.c ++++ b/src/daemon/modules/image/oci/oci_common_operators.c +@@ -488,7 +488,7 @@ int oci_status_image(im_status_request *request, im_status_response *response) + goto pack_response; + } + +- EVENT("Event: {Object: %s, Type: statusing image}", resolved_name); ++ WARN("Event: {Object: %s, Type: statusing image}", resolved_name); + + image_info = storage_img_get(resolved_name); + if (image_info == NULL) { +@@ -501,7 +501,7 @@ int oci_status_image(im_status_request *request, im_status_response *response) + response->image_info->image = image_info; + image_info = NULL; + +- EVENT("Event: {Object: %s, Type: statused image}", resolved_name); ++ WARN("Event: {Object: %s, Type: statused image}", resolved_name); + + pack_response: + free(resolved_name); +diff --git a/src/daemon/modules/service/service_container.c b/src/daemon/modules/service/service_container.c +index 561f24eb..c8e2b1d8 100644 +--- a/src/daemon/modules/service/service_container.c ++++ b/src/daemon/modules/service/service_container.c +@@ -1926,7 +1926,7 @@ int exec_container(const container_t *cont, const container_exec_request *reques + } + + id = cont->common_config->id; +- EVENT("Event: {Object: %s, Type: execing}", id); ++ WARN("Event: {Object: %s, Type: execing}", id); + + get_exec_command(request, exec_command, sizeof(exec_command)); + (void)isulad_monitor_send_container_event(id, EXEC_CREATE, -1, 0, exec_command, NULL); +@@ -1984,7 +1984,7 @@ int exec_container(const container_t *cont, const container_exec_request *reques + goto pack_response; + } + +- EVENT("Event: {Object: %s, Type: execed}", id); ++ WARN("Event: {Object: %s, Type: execed with exit code %d}", id, exit_code); + (void)isulad_monitor_send_container_event(id, EXEC_DIE, -1, 0, NULL, NULL); + + pack_response: +diff --git a/src/utils/cutils/utils_file.c b/src/utils/cutils/utils_file.c +index d2e342a5..302e4e32 100644 +--- a/src/utils/cutils/utils_file.c ++++ b/src/utils/cutils/utils_file.c +@@ -862,7 +862,7 @@ int64_t util_file_size(const char *filename) + } + + if (stat(filename, &st)) { +- ERROR("stat file %s failed: %s", filename, strerror(errno)); ++ WARN("stat file %s failed: %s", filename, strerror(errno)); + return -1; + } + +-- +2.25.1 + diff --git a/0099-CI-use-ali-registry-instead-of-docker.io.patch b/0099-CI-use-ali-registry-instead-of-docker.io.patch new file mode 100644 index 0000000..8654778 --- /dev/null +++ b/0099-CI-use-ali-registry-instead-of-docker.io.patch @@ -0,0 +1,26 @@ +From 65a13abeb6315985cf43522597ec3494d762e029 Mon Sep 17 00:00:00 2001 +From: Li Feng +Date: Fri, 14 May 2021 09:21:10 +0800 +Subject: [PATCH 099/104] CI: use ali registry instead of docker.io + +Signed-off-by: Li Feng +--- + CI/test_cases/container_cases/test_data/daemon.json | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/CI/test_cases/container_cases/test_data/daemon.json b/CI/test_cases/container_cases/test_data/daemon.json +index aa88c9da..27b0e7ce 100644 +--- a/CI/test_cases/container_cases/test_data/daemon.json ++++ b/CI/test_cases/container_cases/test_data/daemon.json +@@ -23,7 +23,7 @@ + "overlay2.override_kernel_check=true" + ], + "registry-mirrors": [ +- "docker.io" ++ "https://3laho3y3.mirror.aliyuncs.com" + ], + "insecure-registries": [ + ], +-- +2.25.1 + diff --git a/0100-do-not-check-key-s-case-when-parse-http-header.patch b/0100-do-not-check-key-s-case-when-parse-http-header.patch new file mode 100644 index 0000000..0ae7e8d --- /dev/null +++ b/0100-do-not-check-key-s-case-when-parse-http-header.patch @@ -0,0 +1,60 @@ +From 7311814a1cbe1fbb767ab3879e26e06a4837bfff Mon Sep 17 00:00:00 2001 +From: WangFengTu +Date: Sat, 15 May 2021 11:18:53 +0800 +Subject: [PATCH 100/104] do not check key's case when parse http header + +fix pull docker.io/library/busybox:latest failed. +It seems that docker.io registry changes it's +http response header to be all lower case. + +Signed-off-by: WangFengTu +--- + .../modules/image/oci/registry/registry_apiv2.c | 11 ++++------- + src/utils/http/parser.c | 2 +- + 2 files changed, 5 insertions(+), 8 deletions(-) + +diff --git a/src/daemon/modules/image/oci/registry/registry_apiv2.c b/src/daemon/modules/image/oci/registry/registry_apiv2.c +index b26e42ba..ea9e8dc5 100644 +--- a/src/daemon/modules/image/oci/registry/registry_apiv2.c ++++ b/src/daemon/modules/image/oci/registry/registry_apiv2.c +@@ -205,7 +205,7 @@ static int parse_auths(pull_descriptor *desc, struct parsed_http_message *m) + int ret = 0; + + for (i = 0; i < m->num_headers; i++) { +- if (!strcmp(m->headers[i][0], "Www-Authenticate") || !strcmp(m->headers[i][0], "WWW-Authenticate")) { ++ if (!strcasecmp(m->headers[i][0], "Www-Authenticate")) { + ret = parse_auth(desc, (char *)m->headers[i][1]); + if (ret != 0) { + WARN("parse auth %s failed", (char *)m->headers[i][1]); +@@ -294,12 +294,9 @@ static int parse_ping_header(pull_descriptor *desc, char *http_head) + + version = get_header_value(message, "Docker-Distribution-Api-Version"); + if (version == NULL) { +- version = get_header_value(message, "Docker-Distribution-API-Version"); +- if (version == NULL) { +- ERROR("Docker-Distribution-Api-Version not found in header, registry may can not support registry API V2"); +- ret = -1; +- goto out; +- } ++ ERROR("Docker-Distribution-Api-Version not found in header, registry may can not support registry API V2"); ++ ret = -1; ++ goto out; + } + + if (!util_strings_contains_word(version, "registry/2.0")) { +diff --git a/src/utils/http/parser.c b/src/utils/http/parser.c +index eb626485..5ea1677c 100644 +--- a/src/utils/http/parser.c ++++ b/src/utils/http/parser.c +@@ -320,7 +320,7 @@ char *get_header_value(const struct parsed_http_message *m, const char *header) + char *ret = NULL; + + for (i = 0; i < m->num_headers; i++) { +- if (strcmp(m->headers[i][0], header) == 0) { ++ if (strcasecmp(m->headers[i][0], header) == 0) { + ret = (char *)m->headers[i][1]; + break; + } +-- +2.25.1 + diff --git a/0101-CI-use-docker.io-registry.patch b/0101-CI-use-docker.io-registry.patch new file mode 100644 index 0000000..58b7259 --- /dev/null +++ b/0101-CI-use-docker.io-registry.patch @@ -0,0 +1,57 @@ +From af1622cb04ffdbfd489a1c9ae2a692b9f61a0db9 Mon Sep 17 00:00:00 2001 +From: WangFengTu +Date: Sat, 15 May 2021 14:06:46 +0800 +Subject: [PATCH 101/104] CI: use docker.io registry + +Now we can pull images from docker.io again + +Signed-off-by: WangFengTu +--- + CI/test_cases/container_cases/test_data/daemon.json | 2 +- + CI/test_cases/image_cases/integration_check.sh | 2 +- + CI/test_cases/image_cases/registry.sh | 3 +++ + 3 files changed, 5 insertions(+), 2 deletions(-) + +diff --git a/CI/test_cases/container_cases/test_data/daemon.json b/CI/test_cases/container_cases/test_data/daemon.json +index 27b0e7ce..aa88c9da 100644 +--- a/CI/test_cases/container_cases/test_data/daemon.json ++++ b/CI/test_cases/container_cases/test_data/daemon.json +@@ -23,7 +23,7 @@ + "overlay2.override_kernel_check=true" + ], + "registry-mirrors": [ +- "https://3laho3y3.mirror.aliyuncs.com" ++ "docker.io" + ], + "insecure-registries": [ + ], +diff --git a/CI/test_cases/image_cases/integration_check.sh b/CI/test_cases/image_cases/integration_check.sh +index fe342cc2..7c2af949 100755 +--- a/CI/test_cases/image_cases/integration_check.sh ++++ b/CI/test_cases/image_cases/integration_check.sh +@@ -27,7 +27,7 @@ image="busybox" + function test_image_info() + { + local ret=0 +- local uimage="nats" ++ local uimage="docker.io/library/nats" + local test="list && inspect image info test => (${FUNCNAME[@]})" + local lid + local cid +diff --git a/CI/test_cases/image_cases/registry.sh b/CI/test_cases/image_cases/registry.sh +index 332af223..36990f30 100755 +--- a/CI/test_cases/image_cases/registry.sh ++++ b/CI/test_cases/image_cases/registry.sh +@@ -77,6 +77,9 @@ function isula_pull() + isula pull hub.c.163.com/public/centos:6.7-tools + [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - --pull hub.c.163.com/public/centos:6.7-tools failed" && ((ret++)) + ++ isula pull docker.io/library/busybox:latest ++ [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - --pull docker.io/library/busybox:latest failed" && ((ret++)) ++ + isula pull 3laho3y3.mirror.aliyuncs.com/library/busybox + fn_check_eq "$?" "0" "isula pull 3laho3y3.mirror.aliyuncs.com/library/busybox" + +-- +2.25.1 + diff --git a/0102-CI-fix-integration_check.sh.patch b/0102-CI-fix-integration_check.sh.patch new file mode 100644 index 0000000..ea74526 --- /dev/null +++ b/0102-CI-fix-integration_check.sh.patch @@ -0,0 +1,45 @@ +From 1e76bdb3a7adc95631b692e9068a6131aa0ed622 Mon Sep 17 00:00:00 2001 +From: Li Feng +Date: Sat, 15 May 2021 17:21:16 +0800 +Subject: [PATCH 102/104] CI: fix integration_check.sh + +Signed-off-by: Li Feng +--- + CI/test_cases/image_cases/integration_check.sh | 7 +++---- + 1 file changed, 3 insertions(+), 4 deletions(-) + +diff --git a/CI/test_cases/image_cases/integration_check.sh b/CI/test_cases/image_cases/integration_check.sh +index 7c2af949..01f683c5 100755 +--- a/CI/test_cases/image_cases/integration_check.sh ++++ b/CI/test_cases/image_cases/integration_check.sh +@@ -46,9 +46,6 @@ function test_image_info() + isula images | grep busybox + [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - missing list image: ${image}" && ((ret++)) + +- isula images | grep ${uimage} +- [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - missing list image: ${uimage}" && ((ret++)) +- + lid=$(isula inspect -f '{{.image.top_layer}}' ${image}) + [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - invalid image top layer: ${image}" && ((ret++)) + +@@ -83,7 +80,7 @@ function test_image_info() + isula images | grep busybox + [[ $? -eq 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - invalid image: ${image} exist" && ((ret++)) + +- isula images | grep ${uimage} ++ isula images | grep nats + [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - valid image: ${uimage} do not exist" && ((ret++)) + + isula rm ${ucid} +@@ -98,6 +95,8 @@ function test_image_info() + isula rm ${ucid} + [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - remove container failed" && ((ret++)) + ++ isula rm -f `isula ps -aq` ++ + msg_info "${test} finished with return ${ret}..." + return ${ret} + } +-- +2.25.1 + diff --git a/0103-optimize-token-generation.patch b/0103-optimize-token-generation.patch new file mode 100644 index 0000000..ae55641 --- /dev/null +++ b/0103-optimize-token-generation.patch @@ -0,0 +1,83 @@ +From e98585c5a8e890eb27bebe0acc8d113b4a326019 Mon Sep 17 00:00:00 2001 +From: wujing +Date: Mon, 17 May 2021 20:33:14 +0800 +Subject: [PATCH 103/104] optimize token generation + +Signed-off-by: wujing +--- + src/daemon/entry/cri/request_cache.cc | 41 +++++++++------------------ + 1 file changed, 14 insertions(+), 27 deletions(-) + +diff --git a/src/daemon/entry/cri/request_cache.cc b/src/daemon/entry/cri/request_cache.cc +index b502715a..71984289 100644 +--- a/src/daemon/entry/cri/request_cache.cc ++++ b/src/daemon/entry/cri/request_cache.cc +@@ -18,10 +18,10 @@ + #include + #include + #include +-#include + #include +-#include + #include "isula_libutils/log.h" ++#include "utils.h" ++#include "utils_base64.h" + + std::atomic RequestCache::m_instance; + std::mutex RequestCache::m_mutex; +@@ -93,40 +93,27 @@ void RequestCache::GarbageCollection() + std::string RequestCache::UniqueToken() + { + const int maxTries { 50 }; +- std::random_device r; +- std::default_random_engine e1(r()); +- std::uniform_int_distribution uniform_dist(1, 254); + // Number of bytes to be TokenLen when base64 encoded. +- const int tokenSize = ceil(static_cast(TokenLen) * 6 / 8); +- char rawToken[tokenSize + 1]; +- (void)memset(rawToken, 0, sizeof(rawToken)); ++ const int rawTokenSize = ceil(static_cast(TokenLen) * 6 / 8); + for (int i {}; i < maxTries; ++i) { +- char buf[TokenLen + 1]; +- (void)memset(buf, 0, sizeof(buf)); +- for (int j {}; j < tokenSize; ++j) { +- rawToken[j] = (char)uniform_dist(e1); +- } +- lws_b64_encode_string(rawToken, (int)strlen(rawToken), buf, (int)sizeof(buf)); +- buf[sizeof(buf) - 1] = '\0'; +- if (strlen(buf) < TokenLen) { ++ char rawToken[rawTokenSize + 1] = { 0x00 }; ++ if (util_generate_random_str(rawToken, (size_t)rawTokenSize)) { ++ ERROR("Generate rawToken failed"); + continue; + } +- std::string token(buf, buf + TokenLen); +- if (token.length() != TokenLen) { ++ ++ char *b64_encode_buf = nullptr; ++ if (util_base64_encode((unsigned char *)rawToken, strlen(rawToken), &b64_encode_buf) < 0) { ++ ERROR("Encode raw token to base64 failed"); + continue; + } + +- bool ok { true }; +- std::string subDelims { R"(-._:~!$&'()*+,;/=%@)" }; +- for (const auto &t : token) { +- if ((subDelims.find(t) != std::string::npos)) { +- ok = false; +- break; +- } +- } +- if (!ok) { ++ std::string token(b64_encode_buf); ++ free(b64_encode_buf); ++ if (token.length() != TokenLen) { + continue; + } ++ + auto it = m_tokens.find(token); + if (it == m_tokens.end()) { + return token; +-- +2.25.1 + diff --git a/0104-fix-string-array-initialization-failure.patch b/0104-fix-string-array-initialization-failure.patch new file mode 100644 index 0000000..ce57b54 --- /dev/null +++ b/0104-fix-string-array-initialization-failure.patch @@ -0,0 +1,35 @@ +From 8c7599117d7da3e97e0d9a937243a0dee44d83ac Mon Sep 17 00:00:00 2001 +From: wujing +Date: Tue, 18 May 2021 09:29:20 +0800 +Subject: [PATCH 104/104] fix string array initialization failure + +Signed-off-by: wujing +--- + src/daemon/entry/cri/request_cache.cc | 4 +++- + 1 file changed, 3 insertions(+), 1 deletion(-) + +diff --git a/src/daemon/entry/cri/request_cache.cc b/src/daemon/entry/cri/request_cache.cc +index 71984289..46fef289 100644 +--- a/src/daemon/entry/cri/request_cache.cc ++++ b/src/daemon/entry/cri/request_cache.cc +@@ -96,7 +96,8 @@ std::string RequestCache::UniqueToken() + // Number of bytes to be TokenLen when base64 encoded. + const int rawTokenSize = ceil(static_cast(TokenLen) * 6 / 8); + for (int i {}; i < maxTries; ++i) { +- char rawToken[rawTokenSize + 1] = { 0x00 }; ++ char rawToken[rawTokenSize + 1]; ++ (void)memset(rawToken, 0, sizeof(rawToken)); + if (util_generate_random_str(rawToken, (size_t)rawTokenSize)) { + ERROR("Generate rawToken failed"); + continue; +@@ -110,6 +111,7 @@ std::string RequestCache::UniqueToken() + + std::string token(b64_encode_buf); + free(b64_encode_buf); ++ b64_encode_buf = nullptr; + if (token.length() != TokenLen) { + continue; + } +-- +2.25.1 + diff --git a/iSulad.spec b/iSulad.spec index 5db3290..8b4739b 100644 --- a/iSulad.spec +++ b/iSulad.spec @@ -1,5 +1,5 @@ %global _version 2.0.8 -%global _release 20210326.094027.gitac974aa6 +%global _release 20210518.144540.git5288ed92 %global is_systemd 1 Name: iSulad @@ -60,12 +60,62 @@ Patch45: 0045-rollback-setuped-network-if-mult-network-failed.patch Patch46: 0046-add-testcase-for-rollback-mutlnetworks.patch Patch47: 0047-log-adjust-log-level-from-EVENT-to-WARN-to-reduce-lo.patch Patch48: 0048-isulad-shim-fix-shim-exit-bug.patch -Patch49: 0049-remove-redundant-code.patch -Patch50: 0050-devicemapper-umount-when-resize2fs-command-failed.patch -Patch51: 0051-ignore-to-create-mtab-when-runtime-is-kata-runtime.patch -Patch52: 0052-remove-unchecked-layer-ignore-rootfs-layer.patch -Patch53: 0053-add-test-to-check-running-container-with-image-integ.patch -Patch54: 0054-fix-coredump-when-inspect-container-when-daemon-sets.patch +Patch49: 0049-support-pull-option-when-create-run-container.patch +Patch50: 0050-add-testcase-for-pull-option.patch +Patch51: 0051-remove-redundant-code.patch +Patch52: 0052-devicemapper-umount-when-resize2fs-command-failed.patch +Patch53: 0053-support-isula-exec-workdir.patch +Patch54: 0054-add-testcase-for-isula-exec-workdir.patch +Patch55: 0055-ignore-to-create-mtab-when-runtime-is-kata-runtime.patch +Patch56: 0056-remove-unchecked-layer-ignore-rootfs-layer.patch +Patch57: 0057-add-test-to-check-running-container-with-image-integ.patch +Patch58: 0058-fix-coredump-when-inspect-container-when-daemon-sets.patch +Patch59: 0059-Readme-add-related-resouces-in-readme.patch +Patch60: 0060-update-docs-build_guide_zh.md.patch +Patch61: 0061-fix-health_check.sh-execute-failure.patch +Patch62: 0062-support-cgroup-v2.patch +Patch63: 0063-add-testcases-for-cgroup-v2.patch +Patch64: 0064-Readme-add-configure-image-registry-address.patch +Patch65: 0065-add-iSulad-experiment-in-README.patch +Patch66: 0066-CI-add-testcase-for-long-label.patch +Patch67: 0067-event-fix-memory-leak-when-pack-annotation-failed.patch +Patch68: 0068-Readme-add-script-to-install-iSulad-on-Centos7.patch +Patch69: 0069-cri-fix-residual-IO-copy-thread-in-CRI-exec-operatio.patch +Patch70: 0070-CI-add-testcase-for-cri-stream.patch +Patch71: 0071-stats-show-cpu-usage-normal-when-stats-with-no-strea.patch +Patch72: 0072-Readme-add-script-to-install-iSulad-on-Ubuntu-20.04-.patch +Patch73: 0073-update-libarchive-requirement-to-v3.4.patch +Patch74: 0074-correct-the-mistake-package-libarchive-dev.patch +Patch75: 0075-Added-autocomplete-in-isula-command-line-mode.patch +Patch76: 0076-iSulad-fix-bugs-of-isula-runtime-ops.patch +Patch77: 0077-Compatible-with-registry-URL-ending-in.patch +Patch78: 0078-CI-fix-CI-to-fit-run-on-2-cpu-4G-memory-environment.patch +Patch79: 0079-added-default-completion.patch +Patch80: 0080-fix-coredump-when-poweroff.patch +Patch81: 0081-CI-keep-container-when-build-failed-for-debug.patch +Patch82: 0082-devmapper-decrease-log-level-of-check-dm-device.patch +Patch83: 0083-fix-bugs-when-pulling-image.patch +Patch84: 0084-add-testcase-for-pulling-image.patch +Patch85: 0085-check-return-value-to-valid-use-NULL-pointer.patch +Patch86: 0086-move-reinstall_thinpool-to-helper.sh.patch +Patch87: 0087-CI-activate-vg-isulad.patch +Patch88: 0088-CI-devicemapper-add-filter.patch +Patch89: 0089-syslog-tag-support-dynamic-tag-values.patch +Patch90: 0090-add-testcase-for-contailer-log-opts.patch +Patch91: 0091-CI-run-the-containers-one-by-one.patch +Patch92: 0092-completion-isula-images.patch +Patch93: 0093-fix-memory-leak-when-pulling-image.patch +Patch94: 0094-isula-fix-help-xx-coredump.patch +Patch95: 0095-workdir-must-be-absolute-path.patch +Patch96: 0096-check-if-pull-option-is-valid.patch +Patch97: 0097-fix-memory-usage-of-stats-not-right-when-runtime-is-.patch +Patch98: 0098-log-adjust-log-level-to-reduce-log.patch +Patch99: 0099-CI-use-ali-registry-instead-of-docker.io.patch +Patch100: 0100-do-not-check-key-s-case-when-parse-http-header.patch +Patch101: 0101-CI-use-docker.io-registry.patch +Patch102: 0102-CI-fix-integration_check.sh.patch +Patch103: 0103-optimize-token-generation.patch +Patch104: 0104-fix-string-array-initialization-failure.patch %ifarch x86_64 aarch64 Provides: libhttpclient.so()(64bit) @@ -268,6 +318,12 @@ fi %endif %changelog +* Tue May 18 2021 wangfengtu - 2.0.8-20210518.144540.git5288ed92 +- Type: sync from upstream +- ID: NA +- SUG: NA +- DESC: update from master + * Fri Mar 26 2021 zhangxiaoyu - 2.0.8-20210326.094027.gitac974aa6 - Type: sync from upstream - ID: NA