packages/iSulad
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

!429 sycn patches from openeuler/iSulad

Browse Source 
From: @zh_xiaoyu 
Reviewed-by: @duguhaotian 
Signed-off-by: @duguhaotian
This commit is contained in:
openeuler-ci-bot 2022-09-07 08:24:54 +00:00 committed by Gitee
commit 9e688618bb
No known key found for this signature in database
GPG Key ID: 173E9B9CA92EEF8F
6 changed files with 974 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
0001-fix-memleak.patch
View File

@ -1,7 +1,7 @@
From 199971d61cc53ee11b16b353bcd0594abc86cb3e Mon Sep 17 00:00:00 2001
From: WangFengTu <wangfengtu@huawei.com>
Date: Fri, 26 Aug 2022 09:33:05 +0800
Subject: [PATCH 1/2] fix memleak
Subject: [PATCH 1/5] fix memleak
Signed-off-by: WangFengTu <wangfengtu@huawei.com>
---
@ -9,7 +9,7 @@ Signed-off-by: WangFengTu <wangfengtu@huawei.com>
1 file changed, 1 insertion(+)
diff --git a/src/daemon/entry/cri/websocket/service/ws_server.cc b/src/daemon/entry/cri/websocket/service/ws_server.cc
index 63afc9d..6438c4d 100644
index 63afc9dd..6438c4d7 100644
--- a/src/daemon/entry/cri/websocket/service/ws_server.cc
+++ b/src/daemon/entry/cri/websocket/service/ws_server.cc
@@ -399,6 +399,7 @@ int WebsocketServer::RegisterStreamTask(struct lws *wsi) noexcept
@ -21,5 +21,5 @@ index 63afc9d..6438c4d 100644
}
--
1.8.3.1
2.25.1

10
0002-cleancode-about-rest-register-container.patch
View File

@ -1,16 +1,16 @@
From bf50cef67ac2288bed7013c675df8d35f370dc32 Mon Sep 17 00:00:00 2001
From: zhangxiaoyu <zhangxiaoyu58@huawei.com>
Date: Sat, 27 Aug 2022 10:40:02 +0800
Subject: [PATCH 2/2] cleancode about rest register container
Subject: [PATCH 2/5] cleancode about rest register container
Signed-off-by: zhangxiaoyu <zhangxiaoyu58@huawei.com>
---
src/daemon/common/selinux_label.c | 2 +-
.../entry/connect/rest/rest_containers_service.c | 93 ++++++++++++++--------
.../connect/rest/rest_containers_service.c | 93 ++++++++++++-------
2 files changed, 62 insertions(+), 33 deletions(-)
diff --git a/src/daemon/common/selinux_label.c b/src/daemon/common/selinux_label.c
index 5242297..145e4b6 100644
index 52422970..145e4b6e 100644
--- a/src/daemon/common/selinux_label.c
+++ b/src/daemon/common/selinux_label.c
@@ -481,7 +481,7 @@ static int uniq_mcs(unsigned int range, char *mcs, size_t len)
@ -23,7 +23,7 @@ index 5242297..145e4b6 100644
ERROR("Failed to compose mcs");
return -1;
diff --git a/src/daemon/entry/connect/rest/rest_containers_service.c b/src/daemon/entry/connect/rest/rest_containers_service.c
index 53241be..397660e 100644
index 53241bef..397660e2 100644
--- a/src/daemon/entry/connect/rest/rest_containers_service.c
+++ b/src/daemon/entry/connect/rest/rest_containers_service.c
@@ -1733,8 +1733,7 @@ out:
@ -171,5 +171,5 @@ index 53241be..397660e 100644
return 0;
}
--
1.8.3.1
2.25.1

284
0003-adapt-to-openssl-3.0.patch Normal file
View File

@ -0,0 +1,284 @@
From 194eb950ea072ac313635d75dc3913f48e300edf Mon Sep 17 00:00:00 2001
From: wujing <wujing50@huawei.com>
Date: Wed, 11 May 2022 18:25:40 +0800
Subject: [PATCH 3/5] adapt to openssl 3.0
SHA512_Init&SHA512_Update&SHA512_Final function have been deprecated since OpenSSL 3.0
Signed-off-by: wujing <wujing50@huawei.com>
---
src/daemon/entry/cri/cri_helpers.cc | 45 +++++++---------
src/daemon/entry/cri/cri_helpers.h | 2 -
src/utils/sha256/sha256.c | 79 +++++++++++++++++++++++++++++
3 files changed, 98 insertions(+), 28 deletions(-)
diff --git a/src/daemon/entry/cri/cri_helpers.cc b/src/daemon/entry/cri/cri_helpers.cc
index a5bb09a6..04e4f534 100644
--- a/src/daemon/entry/cri/cri_helpers.cc
+++ b/src/daemon/entry/cri/cri_helpers.cc
@@ -33,6 +33,7 @@
#include "utils.h"
#include "service_container_api.h"
#include "isulad_config.h"
+#include "sha256.h"
namespace CRIHelpers {
const std::string Constants::POD_NETWORK_ANNOTATION_KEY { "network.alpha.kubernetes.io/network" };
@@ -376,30 +377,6 @@ auto IsImageNotFoundError(const std::string &err) -> bool
return err.find("No such image:") != std::string::npos;
}
-auto sha256(const char *val) -> std::string
-{
- if (val == nullptr) {
- return "";
- }
-
- SHA256_CTX ctx;
- SHA256_Init(&ctx);
- SHA256_Update(&ctx, val, strlen(val));
- unsigned char hash[SHA256_DIGEST_LENGTH] = { 0 };
- SHA256_Final(hash, &ctx);
-
- char outputBuffer[(SHA256_DIGEST_LENGTH * 2) + 1] { 0 };
- for (int i = 0; i < SHA256_DIGEST_LENGTH; i++) {
- int ret = snprintf(outputBuffer + (i * 2), 3, "%02x", (unsigned int)hash[i]);
- if (ret >= 3 || ret < 0) {
- return "";
- }
- }
- outputBuffer[SHA256_DIGEST_LENGTH * 2] = 0;
-
- return outputBuffer;
-}
-
auto GetNetworkPlaneFromPodAnno(const std::map<std::string, std::string> &annotations, size_t *len, Errors &error)
-> cri_pod_network_element **
{
@@ -649,6 +626,7 @@ auto CreateCheckpoint(CRI::PodSandboxCheckpoint &checkpoint, Errors &error) -> s
};
parser_error err { nullptr };
char *jsonStr { nullptr };
+ char *digest { nullptr };
std::string result;
checkpoint.CheckpointToCStruct(&criCheckpoint, error);
@@ -662,7 +640,14 @@ auto CreateCheckpoint(CRI::PodSandboxCheckpoint &checkpoint, Errors &error) -> s
error.Errorf("Generate cri checkpoint json failed: %s", err);
goto out;
}
- checkpoint.SetCheckSum(CRIHelpers::sha256(jsonStr));
+
+ digest = sha256_digest_str(jsonStr);
+ if (digest == nullptr) {
+ error.Errorf("Failed to calculate digest");
+ goto out;
+ }
+
+ checkpoint.SetCheckSum(digest);
if (checkpoint.GetCheckSum().empty()) {
error.SetError("checksum is empty");
goto out;
@@ -678,6 +663,7 @@ auto CreateCheckpoint(CRI::PodSandboxCheckpoint &checkpoint, Errors &error) -> s
result = jsonStr;
out:
+ free(digest);
free(err);
free(jsonStr);
free_cri_checkpoint(criCheckpoint);
@@ -694,6 +680,7 @@ void GetCheckpoint(const std::string &jsonCheckPoint, CRI::PodSandboxCheckpoint
std::string tmpChecksum;
char *jsonStr { nullptr };
char *storeChecksum { nullptr };
+ char *digest { nullptr };
criCheckpoint = cri_checkpoint_parse_data(jsonCheckPoint.c_str(), &ctx, &err);
if (criCheckpoint == nullptr) {
@@ -712,7 +699,12 @@ void GetCheckpoint(const std::string &jsonCheckPoint, CRI::PodSandboxCheckpoint
goto out;
}
- if (tmpChecksum != CRIHelpers::sha256(jsonStr)) {
+ digest = sha256_digest_str(jsonStr);
+ if (digest == nullptr) {
+ error.Errorf("Failed to calculate digest");
+ goto out;
+ }
+ if (tmpChecksum != digest) {
ERROR("Checksum of checkpoint is not valid");
error.SetError("checkpoint is corrupted");
goto out;
@@ -720,6 +712,7 @@ void GetCheckpoint(const std::string &jsonCheckPoint, CRI::PodSandboxCheckpoint
checkpoint.CStructToCheckpoint(criCheckpoint, error);
out:
+ free(digest);
free(jsonStr);
free(err);
free_cri_checkpoint(criCheckpoint);
diff --git a/src/daemon/entry/cri/cri_helpers.h b/src/daemon/entry/cri/cri_helpers.h
index 5c2f6517..b3bfafe4 100644
--- a/src/daemon/entry/cri/cri_helpers.h
+++ b/src/daemon/entry/cri/cri_helpers.h
@@ -101,8 +101,6 @@ auto IsContainerNotFoundError(const std::string &err) -> bool;
auto IsImageNotFoundError(const std::string &err) -> bool;
-auto sha256(const char *val) -> std::string;
-
auto GetNetworkPlaneFromPodAnno(const std::map<std::string, std::string> &annotations, size_t *len, Errors &error)
-> cri_pod_network_element **;
diff --git a/src/utils/sha256/sha256.c b/src/utils/sha256/sha256.c
index 7bd60467..938e3692 100644
--- a/src/utils/sha256/sha256.c
+++ b/src/utils/sha256/sha256.c
@@ -21,6 +21,10 @@
#include <string.h>
#include <errno.h>
#include <openssl/sha.h>
+#if OPENSSL_VERSION_MAJOR >= 3
+#include <openssl/evp.h>
+#include <openssl/err.h>
+#endif
#include "isula_libutils/log.h"
#include "utils.h"
@@ -61,7 +65,9 @@ static bool stream_check_error(void *stream, bool isgzip)
char *sha256_digest_str(const char *val)
{
+#if OPENSSL_VERSION_MAJOR < 3
SHA256_CTX ctx;
+#endif
unsigned char hash[SHA256_DIGEST_LENGTH] = { 0x00 };
char output_buffer[(SHA256_DIGEST_LENGTH * 2) + 1] = { 0x00 };
int i = 0;
@@ -70,9 +76,13 @@ char *sha256_digest_str(const char *val)
return NULL;
}
+#if OPENSSL_VERSION_MAJOR >= 3
+ SHA256((const unsigned char *)val, strlen(val), hash);
+#else
SHA256_Init(&ctx);
SHA256_Update(&ctx, val, strlen(val));
SHA256_Final(hash, &ctx);
+#endif
for (i = 0; i < SHA256_DIGEST_LENGTH; i++) {
int ret = snprintf(output_buffer + (i * 2), 3, "%02x", (unsigned int)hash[i]);
@@ -87,8 +97,15 @@ char *sha256_digest_str(const char *val)
char *sha256_digest_file(const char *filename, bool isgzip)
{
+#if OPENSSL_VERSION_MAJOR >= 3
+ EVP_MD_CTX *ctx = NULL;
+ EVP_MD *sha256 = NULL;
+ unsigned char *outdigest = NULL;
+ unsigned int len = 0;
+#else
SHA256_CTX ctx;
unsigned char hash[SHA256_DIGEST_LENGTH] = { 0x00 };
+#endif
char output_buffer[(SHA256_DIGEST_LENGTH * 2) + 1] = { 0x00 };
int i = 0;
char *buffer = NULL;
@@ -117,7 +134,30 @@ char *sha256_digest_file(const char *filename, bool isgzip)
return NULL;
}
+#if OPENSSL_VERSION_MAJOR >= 3
+ ctx = EVP_MD_CTX_new();
+ if (ctx == NULL) {
+ ERROR("Failed to create a context for the digest operation");
+ ERR_print_errors_fp(stderr);
+ ret = -1;
+ goto out;
+ }
+ sha256 = EVP_MD_fetch(NULL, "SHA256", NULL);
+ if (sha256 == NULL) {
+ ERROR("Failed to fetch the SHA256 algorithm implementation for doing the digest");
+ ERR_print_errors_fp(stderr);
+ ret = -1;
+ goto out;
+ }
+ if (!EVP_DigestInit_ex(ctx, sha256, NULL)) {
+ ERROR("Failed to initialise the digest operation");
+ ERR_print_errors_fp(stderr);
+ ret = -1;
+ goto out;
+ }
+#else
SHA256_Init(&ctx);
+#endif
while (true) {
if (isgzip) {
@@ -134,7 +174,16 @@ char *sha256_digest_file(const char *filename, bool isgzip)
}
if (n > 0) {
+#if OPENSSL_VERSION_MAJOR >= 3
+ if (!EVP_DigestUpdate(ctx, (unsigned char *)buffer, n)) {
+ ERROR("Failed to pass the message to be digested");
+ ERR_print_errors_fp(stderr);
+ ret = -1;
+ goto out;
+ }
+#else
SHA256_Update(&ctx, buffer, n);
+#endif
}
if (stream_check_eof(stream, isgzip)) {
@@ -142,6 +191,30 @@ char *sha256_digest_file(const char *filename, bool isgzip)
}
}
+#if OPENSSL_VERSION_MAJOR >= 3
+ outdigest = OPENSSL_malloc(EVP_MD_get_size(sha256));
+ if (outdigest == NULL) {
+ ERROR("Failed to allocate the output buffer");
+ ERR_print_errors_fp(stderr);
+ ret = -1;
+ goto out;
+ }
+ if (!EVP_DigestFinal_ex(ctx, outdigest, &len)) {
+ ERROR("Failed to calculate the digest itself");
+ ERR_print_errors_fp(stderr);
+ ret = -1;
+ goto out;
+ }
+ for (i = 0; i < SHA256_DIGEST_LENGTH; i++) {
+ int sret = snprintf(output_buffer + (i * 2), 3, "%02x", (unsigned int)outdigest[i]);
+ if (sret >= 3 || sret < 0) {
+ ERROR("snprintf failed when calc sha256 from file %s, result is %d", filename, sret);
+ return NULL;
+ }
+ }
+
+ output_buffer[SHA256_DIGEST_LENGTH * 2] = '\0';
+#else
SHA256_Final(hash, &ctx);
for (i = 0; i < SHA256_DIGEST_LENGTH; i++) {
@@ -152,8 +225,14 @@ char *sha256_digest_file(const char *filename, bool isgzip)
}
}
output_buffer[SHA256_DIGEST_LENGTH * 2] = '\0';
+#endif
out:
+#if OPENSSL_VERSION_MAJOR >= 3
+ OPENSSL_free(outdigest);
+ EVP_MD_free(sha256);
+ EVP_MD_CTX_free(ctx);
+#endif
if (isgzip) {
gzclose((gzFile)stream);
} else {
--
2.25.1

25
0004-remove-redundant-header-files.patch Normal file
View File

@ -0,0 +1,25 @@
From 64ef4f52a1f75be2dbd1b750a52500818790f501 Mon Sep 17 00:00:00 2001
From: wujing <wujing50@huawei.com>
Date: Thu, 1 Sep 2022 09:41:50 +0800
Subject: [PATCH 4/5] remove redundant header files
Signed-off-by: wujing <wujing50@huawei.com>
---
src/daemon/entry/cri/cri_helpers.cc | 1 -
1 file changed, 1 deletion(-)
diff --git a/src/daemon/entry/cri/cri_helpers.cc b/src/daemon/entry/cri/cri_helpers.cc
index 04e4f534..7df759e1 100644
--- a/src/daemon/entry/cri/cri_helpers.cc
+++ b/src/daemon/entry/cri/cri_helpers.cc
@@ -18,7 +18,6 @@
#include <algorithm>
#include <functional>
#include <iostream>
-#include <openssl/sha.h>
#include <sys/utsname.h>
#include <utility>
--
2.25.1

644
0005-add-isulad-args.patch Normal file
View File

@ -0,0 +1,644 @@
From 5a0476a328a39764874257faa23696320656d3e3 Mon Sep 17 00:00:00 2001
From: zhangxiaoyu <zhangxiaoyu58@huawei.com>
Date: Tue, 6 Sep 2022 18:45:53 +0800
Subject: [PATCH 5/5] add isulad args
Signed-off-by: zhangxiaoyu <zhangxiaoyu58@huawei.com>
---
src/cmd/isulad/isulad_commands.c | 18 +++++
src/cmd/isulad/isulad_commands.h | 80 ++++++++++++--------
src/cmd/isulad/main.c | 58 +++------------
src/daemon/config/daemon_arguments.c | 101 ++++++++++++++++++++------
src/daemon/config/daemon_arguments.h | 1 +
src/daemon/config/isulad_config.c | 61 ++++++++++++++--
src/daemon/modules/events/collector.c | 2 +-
7 files changed, 213 insertions(+), 108 deletions(-)
diff --git a/src/cmd/isulad/isulad_commands.c b/src/cmd/isulad/isulad_commands.c
index ba7ca0e7..42d0bde6 100644
--- a/src/cmd/isulad/isulad_commands.c
+++ b/src/cmd/isulad/isulad_commands.c
@@ -105,6 +105,24 @@ out:
return ret;
}
+int server_callback_cri_runtime(command_option_t *option, const char *value)
+{
+ struct service_arguments *args = NULL;
+
+ if (option == NULL || value == NULL) {
+ COMMAND_ERROR("Invalid input arguments");
+ return -1;
+ }
+
+ args = (struct service_arguments *)option->data;
+ if (server_cri_runtime_parser(args, value) != 0) {
+ COMMAND_ERROR("Invalid value \"%s\" for flag --%s", value, option->large);
+ return -1;
+ }
+
+ return 0;
+}
+
int server_callback_container_log_driver(command_option_t *option, const char *value)
{
int ret = 0;
diff --git a/src/cmd/isulad/isulad_commands.h b/src/cmd/isulad/isulad_commands.h
index 0d70da4c..dc278f9c 100644
--- a/src/cmd/isulad/isulad_commands.h
+++ b/src/cmd/isulad/isulad_commands.h
@@ -71,10 +71,10 @@ int command_default_ulimit_append(command_option_t *option, const char *arg);
"host", \
'H', \
&(cmdargs)->hosts, \
- "The socket name used to create gRPC server", \
+ "The socket name used to create gRPC server (default \"unix:///var/run/isulad.sock\")", \
command_valid_socket_append_array }, \
{ CMD_OPT_TYPE_STRING_DUP, false, "pidfile", 'p', &(cmdargs)->json_confs->pidfile, \
- "Save pid into this file", NULL }, \
+ "Save pid into this file (default \"/var/run/isulad.pid\")", NULL }, \
{ CMD_OPT_TYPE_BOOL, false, "help", 0, &(cmdargs)->help, "Show help", NULL }, \
{ CMD_OPT_TYPE_STRING_DUP, \
false, \
@@ -88,14 +88,14 @@ int command_default_ulimit_append(command_option_t *option, const char *arg);
"graph", \
'g', \
&(cmdargs)->json_confs->graph, \
- "Root directory of the iSulad runtime", \
+ "Root directory of the iSulad runtime (default \"/var/lib/isulad\")", \
NULL }, \
{ CMD_OPT_TYPE_STRING_DUP, \
false, \
"state", \
'S', \
&(cmdargs)->json_confs->state, \
- "Root directory for execution state files", \
+ "Root directory for execution state files (default \"/var/run/isulad\")", \
NULL }, \
{ CMD_OPT_TYPE_STRING_DUP, \
false, \
@@ -105,20 +105,20 @@ int command_default_ulimit_append(command_option_t *option, const char *arg);
"timeout duration for waiting on a container to start before it is killed", \
NULL }, \
{ CMD_OPT_TYPE_STRING_DUP, false, "engine", 'e', &(cmdargs)->json_confs->engine, \
- "Select backend engine", NULL }, \
+ "Select backend engine (default lcr)", NULL }, \
{ CMD_OPT_TYPE_STRING_DUP, \
false, \
"log-level", \
'l', \
&(cmdargs)->json_confs->log_level, \
- "Set log level, the levels can be: FATAL ALERT CRIT ERROR WARN NOTICE INFO DEBUG TRACE", \
+ "Set log level, the levels can be: FATAL ALERT CRIT ERROR WARN NOTICE INFO DEBUG TRACE (default INFO)", \
NULL }, \
{ CMD_OPT_TYPE_STRING_DUP, \
false, \
"log-driver", \
0, \
&(cmdargs)->json_confs->log_driver, \
- "Set daemon log driver, such as: file", \
+ "Set daemon log driver, support stdout and file (default file)", \
NULL }, \
{ CMD_OPT_TYPE_CALLBACK, \
false, \
@@ -127,34 +127,34 @@ int command_default_ulimit_append(command_option_t *option, const char *arg);
(cmdargs), \
"Set daemon log driver options, such as: log-path=/tmp/logs/ to set directory where to store daemon logs", \
server_callback_log_opt }, \
- { CMD_OPT_TYPE_CALLBACK, \
- false, \
- "container-log-driver", \
- 0, \
- (cmdargs), \
- "Set default container log driver, such as: json-file", \
- server_callback_container_log_driver }, \
- { CMD_OPT_TYPE_CALLBACK, \
- false, \
- "container-log-opts", \
- 0, \
- (cmdargs), \
- "Set default container log driver options, such as: max-file=7 to set max number of container log files", \
- server_callback_container_log }, \
+ { CMD_OPT_TYPE_CALLBACK, \
+ false, \
+ "container-log-driver", \
+ 0, \
+ (cmdargs), \
+ "Set default container log driver, such as: json-file", \
+ server_callback_container_log_driver }, \
+ { CMD_OPT_TYPE_CALLBACK, \
+ false, \
+ "container-log-opts", \
+ 0, \
+ (cmdargs), \
+ "Set default container log driver options, such as: max-file=7 to set max number of container log files", \
+ server_callback_container_log }, \
{ CMD_OPT_TYPE_BOOL, false, "version", 'V', &(cmdargs)->version, "Print the version", NULL }, \
{ CMD_OPT_TYPE_STRING_DUP, \
false, \
"group", \
'G', \
&(cmdargs)->json_confs->group, \
- "Group for the unix socket(default is isula)", \
+ "Group for the unix socket (default isula)", \
NULL }, \
{ CMD_OPT_TYPE_STRING_DUP, \
false, \
"storage-driver", \
0, \
&(cmdargs)->json_confs->storage_driver, \
- "Storage driver to use(default overlay2)", \
+ "Storage driver to use (default overlay2)", \
NULL }, \
{ CMD_OPT_TYPE_CALLBACK, \
false, \
@@ -166,7 +166,7 @@ int command_default_ulimit_append(command_option_t *option, const char *arg);
SUP_GROUPS_OPT(cmdargs) \
{ CMD_OPT_TYPE_CALLBACK, \
false, \
- "registry-mirrors", \
+ "registry-mirrors", \
0, \
&(cmdargs)->json_confs->registry_mirrors, \
"Registry to be prepended when pulling unqualified images, can be specified multiple times", \
@@ -197,28 +197,28 @@ int command_default_ulimit_append(command_option_t *option, const char *arg);
"pod-sandbox-image", \
0, \
&(cmdargs)->json_confs->pod_sandbox_image, \
- "The image whose network/ipc namespaces containers in each pod will use. (default \"pause-${machine}:3.0\")", \
+ "The image whose network/ipc namespaces containers in each pod will use (default \"pause-${machine}:3.0\")",\
NULL }, \
{ CMD_OPT_TYPE_STRING_DUP, \
false, \
"network-plugin", \
0, \
&(cmdargs)->json_confs->network_plugin, \
- "Set network plugin, default is null, suppport null and cni", \
+ "Set network plugin, suppport null and cni (default null)", \
NULL }, \
{ CMD_OPT_TYPE_STRING_DUP, \
false, \
"cni-bin-dir", \
0, \
&(cmdargs)->json_confs->cni_bin_dir, \
- "The full path of the directory in which to search for CNI plugin binaries. Default: /opt/cni/bin", \
+ "The full path of the directory in which to search for CNI plugin binaries (default \"/opt/cni/bin\")", \
NULL }, \
{ CMD_OPT_TYPE_STRING_DUP, \
false, \
"cni-conf-dir", \
0, \
&(cmdargs)->json_confs->cni_conf_dir, \
- "The full path of the directory in which to search for CNI config files. Default: /etc/cni/net.d", \
+ "The full path of the directory in which to search for CNI config files (default \"/etc/cni/net.d\")", \
NULL }, \
{ CMD_OPT_TYPE_BOOL, \
false, \
@@ -232,14 +232,14 @@ int command_default_ulimit_append(command_option_t *option, const char *arg);
"insecure-skip-verify-enforce", \
0, \
&(cmdargs)->json_confs->insecure_skip_verify_enforce, \
- "Force to skip the insecure verify(default false)", \
+ "Force to skip the insecure verify (default false)", \
NULL }, \
{ CMD_OPT_TYPE_BOOL, \
false, \
"use-decrypted-key", \
0, \
(cmdargs)->json_confs->use_decrypted_key, \
- "Use decrypted private key by default(default true)", \
+ "Use decrypted private key by default (default true)", \
NULL }, \
{ CMD_OPT_TYPE_STRING_DUP, \
false, \
@@ -296,6 +296,26 @@ int command_default_ulimit_append(command_option_t *option, const char *arg);
false, "selinux-enabled", 0, &(cmdargs)->json_confs->selinux_enabled, \
"Enable selinux support", NULL \
}, \
+ { CMD_OPT_TYPE_STRING_DUP, \
+ false, "default-runtime", 0, &(cmdargs)->json_confs->default_runtime, \
+ "Default container runtime (default lcr)", NULL \
+ }, \
+ { CMD_OPT_TYPE_CALLBACK, \
+ false, "cpu-rt-period", 0, &(cmdargs)->json_confs->cpu_rt_period, \
+ "Limit CPU real-time period in microseconds for all containers", command_convert_llong \
+ }, \
+ { CMD_OPT_TYPE_CALLBACK, \
+ false, "cpu-rt-runtime", 0, &(cmdargs)->json_confs->cpu_rt_runtime, \
+ "Limit CPU real-time runtime in microseconds for all containers", command_convert_llong \
+ }, \
+ { CMD_OPT_TYPE_STRING_DUP, \
+ false, "enable-plugins", 0, &(cmdargs)->json_confs->enable_plugins, \
+ "Enable plugins for all containers", NULL \
+ }, \
+ { CMD_OPT_TYPE_CALLBACK, \
+ false, "cri-runtime", 0, (cmdargs), \
+ "CRI runtime class transform", server_callback_cri_runtime \
+ }, \
#ifdef __cplusplus
}
diff --git a/src/cmd/isulad/main.c b/src/cmd/isulad/main.c
index ccba7107..d4f984d5 100644
--- a/src/cmd/isulad/main.c
+++ b/src/cmd/isulad/main.c
@@ -501,47 +501,6 @@ int check_and_set_default_isulad_log_file(struct service_arguments *args)
return 0;
}
-static int set_parent_mount_dir(struct service_arguments *args)
-{
- int ret = -1;
- int nret;
- size_t len;
- char *rootfsdir = NULL;
-
- if (args->json_confs == NULL) {
- ERROR("Empty json configs");
- goto out;
- }
- if (strlen(args->json_confs->graph) > (SIZE_MAX - strlen("/mnt/rootfs")) - 1) {
- ERROR("Root directory of the isulad runtime is too long");
- goto out;
- }
- len = strlen(args->json_confs->graph) + strlen("/mnt/rootfs") + 1;
- if (len > PATH_MAX) {
- ERROR("The size of path exceeds the limit");
- goto out;
- }
- rootfsdir = util_common_calloc_s(len);
- if (rootfsdir == NULL) {
- ERROR("Out of memory");
- goto out;
- }
- nret = snprintf(rootfsdir, len, "%s/mnt/rootfs", args->json_confs->graph);
- if (nret < 0 || (size_t)nret >= len) {
- ERROR("Failed to print string");
- goto out;
- }
-
- free(args->json_confs->rootfsmntdir);
- args->json_confs->rootfsmntdir = util_strdup_s(rootfsdir);
-
- ret = 0;
-
-out:
- free(rootfsdir);
- return ret;
-}
-
static int check_hook_spec_file(const char *hook_spec)
{
struct stat hookstat = { 0 };
@@ -1004,10 +963,6 @@ static int update_server_args(struct service_arguments *args)
return -1;
}
- if (set_parent_mount_dir(args)) {
- return -1;
- }
-
/* parse hook spec */
if (parse_conf_hooks(args) != 0) {
return -1;
@@ -1050,6 +1005,7 @@ static int server_conf_parse_save(int argc, const char **argv)
/* Step2: load json configs and merge into global configs */
if (merge_json_confs_into_global(args) != 0) {
+ ERROR("Failed to merge json conf into global");
ret = -1;
goto out;
}
@@ -1062,6 +1018,7 @@ static int server_conf_parse_save(int argc, const char **argv)
}
if (update_server_args(args) != 0) {
+ ERROR("Failed to update server args");
ret = -1;
goto out;
}
@@ -1165,6 +1122,7 @@ static int isulad_server_pre_init(const struct service_arguments *args, const ch
const char *fifo_full_path)
{
int ret = 0;
+ char *rootfs_mnt_dir = NULL;
#ifdef ENABLE_USERNS_REMAP
char* userns_remap = conf_get_isulad_userns_remap();
char *isulad_root = NULL;
@@ -1228,7 +1186,14 @@ static int isulad_server_pre_init(const struct service_arguments *args, const ch
}
#endif
- if (mount_rootfs_mnt_dir(args->json_confs->rootfsmntdir)) {
+ rootfs_mnt_dir = conf_get_isulad_mount_rootfs();
+ if (rootfs_mnt_dir == NULL) {
+ ERROR("Failed to get isulad mount rootfs");
+ ret = -1;
+ goto out;
+ }
+
+ if (mount_rootfs_mnt_dir(rootfs_mnt_dir)) {
ERROR("Create and mount parent directory failed");
ret = -1;
goto out;
@@ -1241,6 +1206,7 @@ static int isulad_server_pre_init(const struct service_arguments *args, const ch
}
out:
+ free(rootfs_mnt_dir);
#ifdef ENABLE_USERNS_REMAP
free(isulad_root);
free(userns_remap);
diff --git a/src/daemon/config/daemon_arguments.c b/src/daemon/config/daemon_arguments.c
index 719efef0..076c10a6 100644
--- a/src/daemon/config/daemon_arguments.c
+++ b/src/daemon/config/daemon_arguments.c
@@ -148,7 +148,6 @@ int service_arguments_init(struct service_arguments *args)
args->json_confs->pidfile = util_strdup_s(DEFAULT_PID_FILE);
args->json_confs->storage_driver = util_strdup_s("overlay2");
args->json_confs->native_umask = util_strdup_s(UMASK_SECURE);
- args->json_confs->image_service = true;
args->json_confs->image_layer_check = false;
args->json_confs->use_decrypted_key = (bool *)util_common_calloc_s(sizeof(bool));
if (args->json_confs->use_decrypted_key == NULL) {
@@ -165,6 +164,11 @@ int service_arguments_init(struct service_arguments *args)
args->default_ulimit_len = 0;
args->json_confs->websocket_server_listening_port = DEFAULT_WEBSOCKET_SERVER_LISTENING_PORT;
args->json_confs->selinux_enabled = false;
+ args->json_confs->default_runtime = util_strdup_s(DEFAULT_RUNTIME_NAME);
+ args->json_confs->cri_runtimes = (json_map_string_string *)util_common_calloc_s(sizeof(json_map_string_string));
+ if (args->json_confs->cri_runtimes == NULL) {
+ goto free_out;
+ }
ret = 0;
@@ -200,57 +204,108 @@ void service_arguments_free(struct service_arguments *args)
free_default_ulimit(args->default_ulimit);
args->default_ulimit = NULL;
args->default_ulimit_len = 0;
+
+ free(args->json_confs->default_runtime);
+ args->json_confs->default_runtime = NULL;
+
+ free_json_map_string_string(args->json_confs->cri_runtimes);
+ args->json_confs->cri_runtimes = NULL;
}
-/* server log opt parser */
-int server_log_opt_parser(struct service_arguments *args, const char *option)
+static int key_value_opt_parser(const char *option, char **key, char **value)
{
int ret = -1;
- char *key = NULL;
- char *value = NULL;
- char *tmp = NULL;
+ char *tmp_key = NULL;
+ char *tmp_value = NULL;
+ char *tmp_option = NULL;
size_t len = 0;
size_t total_len = 0;
- if (option == NULL || args == NULL) {
- goto out;
- }
-
// option format: key=value
total_len = strlen(option);
- if (args == NULL || total_len <= 2) {
- goto out;
+ if (total_len <= 2) {
+ return -1;
}
- tmp = util_strdup_s(option);
- key = tmp;
- value = strchr(tmp, '=');
+ tmp_option = util_strdup_s(option);
+ tmp_key = tmp_option;
+ tmp_value = strchr(tmp_option, '=');
// option do not contain '='
- if (value == NULL) {
+ if (tmp_value == NULL) {
goto out;
}
- len = (size_t)(value - key);
+ len = (size_t)(tmp_value - tmp_key);
// if option is '=key'
if (len == 0) {
goto out;
}
+
// if option is 'key='
if (total_len == len + 1) {
goto out;
}
- tmp[len] = '\0';
- value += 1;
- ret = parse_log_opts(args, key, value);
+ tmp_option[len] = '\0';
+ *key = util_strdup_s(tmp_key);
+ tmp_option[len] = '=';
+
+ tmp_value += 1;
+ *value = util_strdup_s(tmp_value);
+
+ ret = 0;
+
+out:
+ free(tmp_option);
+ return ret;
+}
+/* server log opt parser */
+int server_log_opt_parser(struct service_arguments *args, const char *option)
+{
+ int ret = -1;
+ char *key = NULL;
+ char *value = NULL;
+
+ if (option == NULL || args == NULL) {
+ return -1;
+ }
+
+ if (key_value_opt_parser(option, &key, &value) != 0) {
+ return -1;
+ }
+
+ ret = parse_log_opts(args, key, value);
if (ret == 0 && args->json_confs != NULL && args->json_confs->log_opts != NULL) {
ret = append_json_map_string_string(args->json_confs->log_opts, key, value);
}
- tmp[len] = '=';
-out:
- free(tmp);
+ free(key);
+ free(value);
+ return ret;
+}
+
+/* server cri runtime parser */
+int server_cri_runtime_parser(struct service_arguments *args, const char *option)
+{
+ int ret = 0;
+ char *key = NULL;
+ char *value = NULL;
+
+ if (option == NULL || args == NULL) {
+ return -1;
+ }
+
+ if (key_value_opt_parser(option, &key, &value) != 0) {
+ return -1;
+ }
+
+ if (args->json_confs != NULL && args->json_confs->cri_runtimes != NULL) {
+ ret = append_json_map_string_string(args->json_confs->cri_runtimes, key, value);
+ }
+
+ free(key);
+ free(value);
return ret;
}
diff --git a/src/daemon/config/daemon_arguments.h b/src/daemon/config/daemon_arguments.h
index 54099c81..49f5961e 100644
--- a/src/daemon/config/daemon_arguments.h
+++ b/src/daemon/config/daemon_arguments.h
@@ -71,6 +71,7 @@ struct service_arguments {
int service_arguments_init(struct service_arguments *args);
void service_arguments_free(struct service_arguments *args);
int server_log_opt_parser(struct service_arguments *args, const char *option);
+int server_cri_runtime_parser(struct service_arguments *args, const char *option);
size_t ulimit_array_len(host_config_ulimits_element **default_ulimit);
diff --git a/src/daemon/config/isulad_config.c b/src/daemon/config/isulad_config.c
index 6f17660b..86a9609a 100644
--- a/src/daemon/config/isulad_config.c
+++ b/src/daemon/config/isulad_config.c
@@ -529,6 +529,34 @@ out:
return result;
}
+static char *get_parent_mount_dir(char *graph)
+{
+ int nret;
+ size_t len;
+ char *rootfsdir = NULL;
+
+ len = strlen(graph) + strlen("/mnt/rootfs") + 1;
+ if (len > PATH_MAX) {
+ ERROR("The size of path exceeds the limit");
+ return NULL;
+ }
+
+ rootfsdir = util_common_calloc_s(len);
+ if (rootfsdir == NULL) {
+ ERROR("Out of memory");
+ return NULL;
+ }
+
+ nret = snprintf(rootfsdir, len, "%s/mnt/rootfs", graph);
+ if (nret < 0 || (size_t)nret >= len) {
+ ERROR("Failed to print string");
+ free(rootfsdir);
+ return NULL;
+ }
+
+ return rootfsdir;
+}
+
/* conf get isulad mount rootfs */
char *conf_get_isulad_mount_rootfs()
{
@@ -540,11 +568,11 @@ char *conf_get_isulad_mount_rootfs()
}
conf = conf_get_server_conf();
- if (conf == NULL || conf->json_confs->rootfsmntdir == NULL) {
+ if (conf == NULL || conf->json_confs == NULL || conf->json_confs->graph == NULL) {
goto out;
}
- path = util_strdup_s(conf->json_confs->rootfsmntdir);
+ path = get_parent_mount_dir(conf->json_confs->graph);
out:
(void)isulad_server_conf_unlock();
@@ -1449,6 +1477,25 @@ static int merge_logs_conf_into_global(struct service_arguments *args, isulad_da
return do_merge_container_logs_conf(args, tmp_json_confs);
}
+static int merge_cri_runtimes_into_global(struct service_arguments *args, isulad_daemon_configs *tmp_json_confs)
+{
+ size_t i;
+
+ if (tmp_json_confs->cri_runtimes == NULL) {
+ return 0;
+ }
+
+ for (i = 0; i < tmp_json_confs->cri_runtimes->len; i++) {
+ if (append_json_map_string_string(args->json_confs->cri_runtimes, tmp_json_confs->cri_runtimes->keys[i],
+ tmp_json_confs->cri_runtimes->values[i]) != 0) {
+ ERROR("Out of memory");
+ return -1;
+ }
+ }
+
+ return 0;
+}
+
static int merge_authorization_conf_into_global(struct service_arguments *args, isulad_daemon_configs *tmp_json_confs)
{
args->json_confs->tls = tmp_json_confs->tls;
@@ -1549,7 +1596,6 @@ int merge_json_confs_into_global(struct service_arguments *args)
#endif
override_string_value(&args->json_confs->native_umask, &tmp_json_confs->native_umask);
override_string_value(&args->json_confs->cgroup_parent, &tmp_json_confs->cgroup_parent);
- override_string_value(&args->json_confs->rootfsmntdir, &tmp_json_confs->rootfsmntdir);
override_string_value(&args->json_confs->start_timeout, &tmp_json_confs->start_timeout);
override_string_value(&args->json_confs->pod_sandbox_image, &tmp_json_confs->pod_sandbox_image);
override_string_value(&args->json_confs->network_plugin, &tmp_json_confs->network_plugin);
@@ -1559,8 +1605,10 @@ int merge_json_confs_into_global(struct service_arguments *args)
args->json_confs->runtimes = tmp_json_confs->runtimes;
tmp_json_confs->runtimes = NULL;
- args->json_confs->cri_runtimes = tmp_json_confs->cri_runtimes;
- tmp_json_confs->cri_runtimes = NULL;
+ if (merge_cri_runtimes_into_global(args, tmp_json_confs)) {
+ ret = -1;
+ goto out;
+ }
#ifdef ENABLE_SUP_GROUPS
args->json_confs->sup_groups = tmp_json_confs->sup_groups;
@@ -1588,9 +1636,6 @@ int merge_json_confs_into_global(struct service_arguments *args)
args->json_confs->cpu_rt_runtime = tmp_json_confs->cpu_rt_runtime;
}
- if (tmp_json_confs->image_service) {
- args->json_confs->image_service = tmp_json_confs->image_service;
- }
if (tmp_json_confs->image_layer_check) {
args->json_confs->image_layer_check = tmp_json_confs->image_layer_check;
}
diff --git a/src/daemon/modules/events/collector.c b/src/daemon/modules/events/collector.c
index 319e777a..9dc4dbe7 100644
--- a/src/daemon/modules/events/collector.c
+++ b/src/daemon/modules/events/collector.c
@@ -578,7 +578,7 @@ static int do_write_events(const stream_func_wrapper *stream, struct isulad_even
goto out;
}
if (!stream->write_func(stream->writer, event)) {
- ERROR("Failed to send exit event for 'events' client");
+ ERROR("Failed to send event for 'events' client");
ret = -1;
goto out;
}
--
2.25.1

15
iSulad.spec
View File

@ -1,5 +1,5 @@
%global _version 2.0.16
%global _release 2
%global _release 3
%global is_systemd 1
%global enable_shimv2 1
%global is_embedded 1
@ -13,8 +13,11 @@ URL: https://gitee.com/openeuler/iSulad
Source: https://gitee.com/openeuler/iSulad/repository/archive/v%{version}.tar.gz
BuildRoot: {_tmppath}/iSulad-%{version}
Patch001: 0001-fix-memleak.patch
Patch002: 0002-cleancode-about-rest-register-container.patch
Patch0001: 0001-fix-memleak.patch
Patch0002: 0002-cleancode-about-rest-register-container.patch
Patch0003: 0003-adapt-to-openssl-3.0.patch
Patch0004: 0004-remove-redundant-header-files.patch
Patch0005: 0005-add-isulad-args.patch
%ifarch x86_64 aarch64
Provides: libhttpclient.so()(64bit)
@ -242,6 +245,12 @@ fi
%endif
%changelog
* Wed Sep 07 2022 zhangxiaoyu <zhangxiaoyu58@huawei.com> - 2.0.16-3
- Type: enhancement
- ID: NA
- SUG: NA
- DESC: sycn patches from openeuler/iSulad
* Tue Aug 30 2022 leizhongkai <leizhongkai@huawei.com> - 2.0.16-2
- Type: enhancement
- ID: NA