packages/iSulad
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

update from upstream to include remote ro feature

Browse Source 
Signed-off-by: Neil.wrz <wangrunze13@huawei.com>
This commit is contained in:
Neil.wrz 2023-03-23 23:47:09 -07:00
parent f66a9c9894
commit a5aa4143fe
54 changed files with 9211 additions and 25 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
0001-modify-dependence-from-lcr-to-libisula.patch
View File

@ -1,7 +1,7 @@
From d3d13f374bb341e7e4d389feb1780e43fec91945 Mon Sep 17 00:00:00 2001
From: zhangxiaoyu <zhangxiaoyu58@huawei.com>
Date: Tue, 7 Feb 2023 14:27:51 +0800
Subject: [PATCH] modify dependence from lcr to libisula
Subject: [PATCH 01/53] modify dependence from lcr to libisula
Signed-off-by: zhangxiaoyu <zhangxiaoyu58@huawei.com>
---

2
0002-Add-unified-memory_swap_limit_in_bytes-fields-into-C.patch
View File

@ -1,7 +1,7 @@
From 27c3d00f74c5641685d5781fe0c02c5eead92d23 Mon Sep 17 00:00:00 2001
From: "ilya.kuksenok" <ilya.kuksenok@huawei.com>
Date: Thu, 2 Feb 2023 14:41:16 +0300
Subject: [PATCH 02/22] Add unified, memory_swap_limit_in_bytes fields into
Subject: [PATCH 02/53] Add unified, memory_swap_limit_in_bytes fields into
ContainerStats; add unified and memory_swap_limit_in_bytes into
UpdateCreateConfig add nullptr for unified.

2
0003-Add-macro-for-protoc-cmake.patch
View File

@ -1,7 +1,7 @@
From 466309bc0aafe61ebed5c71012e28b9912783b60 Mon Sep 17 00:00:00 2001
From: Xuepeng Xu <xuxuepeng1@huawei.com>
Date: Thu, 9 Feb 2023 14:32:59 +0800
Subject: [PATCH 03/22] Add macro for protoc cmake
Subject: [PATCH 03/53] Add macro for protoc cmake
Signed-off-by: Xuepeng Xu <xuxuepeng1@huawei.com>
---

2
0004-fix-design-typo.patch
View File

@ -1,7 +1,7 @@
From a7df50dc3b51f961f3d2e48dd968cfb115c39fec Mon Sep 17 00:00:00 2001
From: zhushy <zhushangyuan@foxmail.com>
Date: Sat, 11 Feb 2023 00:05:53 +0800
Subject: [PATCH 04/22] fix design typo
Subject: [PATCH 04/53] fix design typo
---
README.md | 2 +-

2
0005-fix-cpu-rt-review-comments.patch
View File

@ -1,7 +1,7 @@
From 257054b234debb7b1fcafce6f2ec3df828370aed Mon Sep 17 00:00:00 2001
From: songbuhuang <544824346@qq.com>
Date: Sun, 12 Feb 2023 15:23:37 +0800
Subject: [PATCH 05/22] fix cpu rt review comments
Subject: [PATCH 05/53] fix cpu rt review comments
Signed-off-by: songbuhuang <544824346@qq.com>
---

2
0006-fix-inspect.sh-failed.patch
View File

@ -1,7 +1,7 @@
From e4993d0e89ca853d74d8b23895de0967b4379441 Mon Sep 17 00:00:00 2001
From: zhangxiaoyu <zhangxiaoyu58@huawei.com>
Date: Mon, 13 Feb 2023 17:42:30 +0800
Subject: [PATCH 06/22] fix inspect.sh failed
Subject: [PATCH 06/53] fix inspect.sh failed
Signed-off-by: zhangxiaoyu <zhangxiaoyu58@huawei.com>
---

2
0007-add-CRI-ContainerStats-Service.patch
View File

@ -1,7 +1,7 @@
From 9bd02c394110180ac7d7cbe80c1f4abe18146ebb Mon Sep 17 00:00:00 2001
From: zhangxiaoyu <zhangxiaoyu58@huawei.com>
Date: Fri, 10 Feb 2023 17:43:11 +0800
Subject: [PATCH 07/22] add CRI ContainerStats Service
Subject: [PATCH 07/53] add CRI ContainerStats Service
Signed-off-by: zhangxiaoyu <zhangxiaoyu58@huawei.com>
---

2
0008-fix-isula-cpu-rt-CI.patch
View File

@ -1,7 +1,7 @@
From edef459d5052dc6d7c29e8a7a48ff4bf1b01bd78 Mon Sep 17 00:00:00 2001
From: songbuhuang <544824346@qq.com>
Date: Tue, 14 Feb 2023 14:08:01 +0800
Subject: [PATCH 08/22] fix isula cpu-rt CI
Subject: [PATCH 08/53] fix isula cpu-rt CI
Signed-off-by: songbuhuang <544824346@qq.com>
---

2
0009-fix-cpu-rt-CI.patch
View File

@ -1,7 +1,7 @@
From 0504a907def3efb4c0ad7eabd5921c97090430af Mon Sep 17 00:00:00 2001
From: songbuhuang <544824346@qq.com>
Date: Tue, 14 Feb 2023 15:55:56 +0800
Subject: [PATCH 09/22] fix cpu-rt CI
Subject: [PATCH 09/53] fix cpu-rt CI
Signed-off-by: songbuhuang <544824346@qq.com>
---

2
0010-fix-cpu-rt-CI.patch
View File

@ -1,7 +1,7 @@
From 21dc648ef93cd0fb858a408bc843d25a5e20e320 Mon Sep 17 00:00:00 2001
From: songbuhuang <544824346@qq.com>
Date: Wed, 15 Feb 2023 16:09:38 +0800
Subject: [PATCH 10/22] fix cpu-rt CI
Subject: [PATCH 10/53] fix cpu-rt CI
Signed-off-by: songbuhuang <544824346@qq.com>
---

2
0011-Bugfix-in-config-and-executor.patch
View File

@ -1,7 +1,7 @@
From 933eceb4545a28dba44c72f183dc7104d0fea714 Mon Sep 17 00:00:00 2001
From: Xuepeng Xu <xuxuepeng1@huawei.com>
Date: Wed, 15 Feb 2023 12:19:40 +0800
Subject: [PATCH 11/22] Bugfix in config and executor
Subject: [PATCH 11/53] Bugfix in config and executor
Signed-off-by: Xuepeng Xu <xuxuepeng1@huawei.com>
---

2
0012-fix-cpu-rt-disable-after-reboot-machine.patch
View File

@ -1,7 +1,7 @@
From 166edf2093b2c35fe4e479ca4b6568be8c98f907 Mon Sep 17 00:00:00 2001
From: haozi007 <liuhao27@huawei.com>
Date: Wed, 15 Feb 2023 17:47:12 +0800
Subject: [PATCH 12/22] fix cpu-rt disable after reboot machine
Subject: [PATCH 12/53] fix cpu-rt disable after reboot machine
1. ensure parent cgroup cpu-rt of container, should do in start container;
2. current do in create container, will cause failed of start container with cpu-rt after reboot machine

2
0013-fix-selinux_label_ut-timeout-and-add-timeout-for-all.patch
View File

@ -1,7 +1,7 @@
From af8fb9fcf604775f527b58e1b02f220dffd8ff35 Mon Sep 17 00:00:00 2001
From: zhangxiaoyu <zhangxiaoyu58@huawei.com>
Date: Thu, 16 Feb 2023 15:26:10 +0800
Subject: [PATCH 13/22] fix selinux_label_ut timeout and add timeout for all ut
Subject: [PATCH 13/53] fix selinux_label_ut timeout and add timeout for all ut
Signed-off-by: zhangxiaoyu <zhangxiaoyu58@huawei.com>
---

2
0014-add-retry-for-read-write.patch
View File

@ -1,7 +1,7 @@
From 734fca150e1c5da2814a55e0315bde8e828e6e8a Mon Sep 17 00:00:00 2001
From: zhangxiaoyu <zhangxiaoyu58@huawei.com>
Date: Fri, 17 Feb 2023 16:07:53 +0800
Subject: [PATCH 14/22] add retry for read/write
Subject: [PATCH 14/53] add retry for read/write
Signed-off-by: zhangxiaoyu <zhangxiaoyu58@huawei.com>
---

2
0015-support-pull-image-with-digest.patch
View File

@ -1,7 +1,7 @@
From aaf8dec80eff5390404d7da66dbb229e44c76b12 Mon Sep 17 00:00:00 2001
From: haozi007 <liuhao27@huawei.com>
Date: Thu, 16 Feb 2023 18:22:02 +0800
Subject: [PATCH 15/22] support pull image with digest
Subject: [PATCH 15/53] support pull image with digest
usage: isula pull busybox@sha256:907ca53d7e2947e849b839b1cd258c98fd3916c60f2e6e70c30edbf741ab6754

2
0016-isulad-shim-support-execSync-with-timeout.patch
View File

@ -1,7 +1,7 @@
From 32dbf764fd5b7f6941c49750b49dbba253bd3234 Mon Sep 17 00:00:00 2001
From: zhongtao <zhongtao17@huawei.com>
Date: Mon, 13 Feb 2023 15:36:58 +0800
Subject: [PATCH 16/22] isulad-shim support execSync with timeout
Subject: [PATCH 16/53] isulad-shim support execSync with timeout
Signed-off-by: zhongtao <zhongtao17@huawei.com>
---

2
0017-Refine-the-commit-info.patch
View File

@ -1,7 +1,7 @@
From a1c06194fea99d1011551fd84b1fb1f28b974170 Mon Sep 17 00:00:00 2001
From: sailorvii <chenw66@chinaunicom.cn>
Date: Tue, 21 Feb 2023 02:40:50 +0000
Subject: [PATCH 17/22] Refine the commit info.
Subject: [PATCH 17/53] Refine the commit info.
---
docs/design/detailed/Network/native_network_design_zh.md | 4 ++--

2
0018-Refine-typo-of-word-container.patch
View File

@ -1,7 +1,7 @@
From 53ec87b8c5224b1069bef50d09403c53fb48640f Mon Sep 17 00:00:00 2001
From: sailorvii <chenw66@chinaunicom.cn>
Date: Tue, 21 Feb 2023 06:50:21 +0000
Subject: [PATCH 18/22] Refine typo of word "container".
Subject: [PATCH 18/53] Refine typo of word "container".
---
src/daemon/executor/container_cb/execution_create.c | 2 +-

2
0019-cleancode-for-read-write.patch
View File

@ -1,7 +1,7 @@
From f9224d47ddc4193678f7ffe501be144fedff0102 Mon Sep 17 00:00:00 2001
From: zhangxiaoyu <zhangxiaoyu58@huawei.com>
Date: Mon, 20 Feb 2023 17:28:33 +0800
Subject: [PATCH 19/22] cleancode for read/write
Subject: [PATCH 19/53] cleancode for read/write
Signed-off-by: zhangxiaoyu <zhangxiaoyu58@huawei.com>
---

2
0020-add-crictl-timeout-and-sync-for-CI.patch
View File

@ -1,7 +1,7 @@
From 7941e0fcd8d7b8edb303a1661233fd9688c46819 Mon Sep 17 00:00:00 2001
From: zhangxiaoyu <zhangxiaoyu58@huawei.com>
Date: Mon, 20 Feb 2023 15:42:40 +0800
Subject: [PATCH 20/22] add crictl timeout and sync for CI
Subject: [PATCH 20/53] add crictl timeout and sync for CI
Signed-off-by: zhangxiaoyu <zhangxiaoyu58@huawei.com>
---

2
0021-unlock-m_podsLock-if-new-failed.patch
View File

@ -1,7 +1,7 @@
From f6243bb672bca8fd2e32752480aa92dc8f97adc9 Mon Sep 17 00:00:00 2001
From: zhangxiaoyu <zhangxiaoyu58@huawei.com>
Date: Wed, 22 Feb 2023 10:43:52 +0800
Subject: [PATCH 21/22] unlock m_podsLock if new failed
Subject: [PATCH 21/53] unlock m_podsLock if new failed
Signed-off-by: zhangxiaoyu <zhangxiaoyu58@huawei.com>
---

2
0022-Update-CRI.patch
View File

@ -1,7 +1,7 @@
From 65c3b3c803128f92113f9f21bf41da1ad56017c8 Mon Sep 17 00:00:00 2001
From: shijiaqi1 <jiaqi@isrc.iscas.ac.cn>
Date: Wed, 8 Feb 2023 13:31:36 +0800
Subject: [PATCH 22/22] Update-CRI
Subject: [PATCH 22/53] Update-CRI
---
.../cri/cri_container_manager_service.cc | 19 +++++++++++++++++++

70
0023-add-cgroup-cpu-ut.patch Normal file
View File

@ -0,0 +1,70 @@
From dd238f80fd754b135c7b0e6a6535d45cf57c0b82 Mon Sep 17 00:00:00 2001
From: songbuhuang <544824346@qq.com>
Date: Wed, 22 Feb 2023 16:46:45 +0800
Subject: [PATCH 23/53] add cgroup cpu ut
Signed-off-by: songbuhuang <544824346@qq.com>
---
test/cgroup/cpu/CMakeLists.txt | 2 ++
test/cgroup/cpu/cgroup_cpu_ut.cc | 21 +++++++++++++++++++++
2 files changed, 23 insertions(+)
diff --git a/test/cgroup/cpu/CMakeLists.txt b/test/cgroup/cpu/CMakeLists.txt
index 6a8af719..b619fb59 100644
--- a/test/cgroup/cpu/CMakeLists.txt
+++ b/test/cgroup/cpu/CMakeLists.txt
@@ -22,8 +22,10 @@ target_include_directories(${EXE} PUBLIC
${CMAKE_CURRENT_SOURCE_DIR}/../../../src/config
${CMAKE_CURRENT_SOURCE_DIR}/../../../src/cmd
${CMAKE_CURRENT_SOURCE_DIR}/../../../src/cmd/isulad
+ ${CMAKE_CURRENT_SOURCE_DIR}/../../mocks
)
+set_target_properties(${EXE} PROPERTIES LINK_FLAGS "-Wl,--wrap,util_common_calloc_s")
target_link_libraries(${EXE} ${GTEST_BOTH_LIBRARIES} ${GMOCK_LIBRARY} ${GMOCK_MAIN_LIBRARY} ${CMAKE_THREAD_LIBS_INIT} ${ISULA_LIBUTILS_LIBRARY} libutils_ut -lgrpc++ -lprotobuf -lcrypto -lyajl -lz)
add_test(NAME ${EXE} COMMAND ${EXE} --gtest_output=xml:${EXE}-Results.xml)
set_tests_properties(${EXE} PROPERTIES TIMEOUT 120)
diff --git a/test/cgroup/cpu/cgroup_cpu_ut.cc b/test/cgroup/cpu/cgroup_cpu_ut.cc
index 032ad656..7d23d014 100644
--- a/test/cgroup/cpu/cgroup_cpu_ut.cc
+++ b/test/cgroup/cpu/cgroup_cpu_ut.cc
@@ -16,10 +16,18 @@
#include <stdlib.h>
#include <stdio.h>
#include <gtest/gtest.h>
+#include <gmock/gmock.h>
#include "daemon_arguments.h"
#include "isulad_config.h"
+#include "mock.h"
+#include "sysinfo.h"
#include "utils.h"
+extern "C" {
+ DECLARE_WRAPPER(util_common_calloc_s, void *, (size_t size));
+ DEFINE_WRAPPER(util_common_calloc_s, void *, (size_t size), (size));
+}
+
struct service_arguments *new_args(int64_t cpu_rt_period, int64_t cpu_rt_runtime)
{
struct service_arguments *args = (struct service_arguments *)util_common_calloc_s(sizeof(struct service_arguments));
@@ -57,4 +65,17 @@ TEST(CgroupCpuUnitTest, test_conf_get_cgroup_cpu_rt)
ASSERT_EQ(cpu_rt_runtime, 0);
}
+TEST(CgroupCpuUnitTest, test_find_cgroup_mountpoint_and_root)
+{
+ char *mnt = NULL;
+ char *root = NULL;
+ ASSERT_EQ(find_cgroup_mountpoint_and_root(nullptr, &mnt, &root), -1);
+}
+TEST(CgroupCpuUnitTest, test_sysinfo_cgroup_controller_cpurt_mnt_path)
+{
+ MOCK_SET(util_common_calloc_s, nullptr);
+ ASSERT_EQ(get_sys_info(true), nullptr);
+ ASSERT_EQ(sysinfo_cgroup_controller_cpurt_mnt_path(), nullptr);
+ MOCK_CLEAR(util_common_calloc_s);
+}
--
2.25.1

179
0024-remove-temp-variables.patch Normal file
View File

@ -0,0 +1,179 @@
From e20767fc709bb945eb8e076a57f07d5b70b5f3ab Mon Sep 17 00:00:00 2001
From: "ilya.kuksenok" <ilya.kuksenok@huawei.com>
Date: Wed, 22 Feb 2023 16:17:34 +0300
Subject: [PATCH 24/53] remove temp variables
---
src/api/services/containers/container.proto | 5 +++++
.../connect/grpc/grpc_containers_client.cc | 5 +++++
src/client/connect/protocol_type.h | 5 +++++
.../connect/rest/rest_containers_client.c | 5 +++++
.../connect/grpc/container/stats_service.cc | 6 ++++++
.../entry/cri/cri_container_manager_service.cc | 18 ++++++++++++++++--
.../executor/container_cb/execution_extend.c | 5 +++++
src/daemon/modules/api/runtime_api.h | 5 +++++
.../modules/runtime/engines/lcr/lcr_engine.c | 6 ++++++
9 files changed, 58 insertions(+), 2 deletions(-)
diff --git a/src/api/services/containers/container.proto b/src/api/services/containers/container.proto
index 13d1367b..230d18b3 100644
--- a/src/api/services/containers/container.proto
+++ b/src/api/services/containers/container.proto
@@ -86,6 +86,11 @@ message Container_info {
uint64 cache = 16;
uint64 cache_total = 17;
uint64 inactive_file_total = 18;
+ uint64 avaliable_bytes = 19;
+ uint64 usage_bytes = 20;
+ uint64 rss_bytes = 21;
+ uint64 page_faults = 22;
+ uint64 major_page_faults = 23;
}
message Event {
diff --git a/src/client/connect/grpc/grpc_containers_client.cc b/src/client/connect/grpc/grpc_containers_client.cc
index 1528b2ee..20766049 100644
--- a/src/client/connect/grpc/grpc_containers_client.cc
+++ b/src/client/connect/grpc/grpc_containers_client.cc
@@ -1690,6 +1690,11 @@ public:
response->container_stats[i].blkio_read = gresponse->containers(i).blkio_read();
response->container_stats[i].blkio_write = gresponse->containers(i).blkio_write();
response->container_stats[i].mem_used = gresponse->containers(i).mem_used();
+ response->container_stats[i].avaliable_bytes = gresponse->containers(i).avaliable_bytes();
+ response->container_stats[i].usage_bytes = gresponse->containers(i).usage_bytes();
+ response->container_stats[i].rss_bytes = gresponse->containers(i).rss_bytes();
+ response->container_stats[i].page_faults = gresponse->containers(i).page_faults();
+ response->container_stats[i].major_page_faults = gresponse->containers(i).major_page_faults();
response->container_stats[i].mem_limit = gresponse->containers(i).mem_limit();
response->container_stats[i].kmem_used = gresponse->containers(i).kmem_used();
response->container_stats[i].kmem_limit = gresponse->containers(i).kmem_limit();
diff --git a/src/client/connect/protocol_type.h b/src/client/connect/protocol_type.h
index 3831c7c0..a2d474a6 100644
--- a/src/client/connect/protocol_type.h
+++ b/src/client/connect/protocol_type.h
@@ -165,6 +165,11 @@ struct isula_container_info {
// Memory usage
uint64_t mem_used;
uint64_t mem_limit;
+ uint64_t avaliable_bytes;
+ uint64_t usage_bytes;
+ uint64_t rss_bytes;
+ uint64_t page_faults;
+ uint64_t major_page_faults;
// Kernel Memory usage
uint64_t kmem_used;
uint64_t kmem_limit;
diff --git a/src/client/connect/rest/rest_containers_client.c b/src/client/connect/rest/rest_containers_client.c
index 0a735a64..9eee9d40 100644
--- a/src/client/connect/rest/rest_containers_client.c
+++ b/src/client/connect/rest/rest_containers_client.c
@@ -2195,6 +2195,11 @@ static int unpack_container_info_for_stats_response(const container_stats_respon
// memory usage
infos[i].mem_used = con_info->mem_used;
infos[i].mem_limit = con_info->mem_limit;
+ infos[i].avaliable_bytes = con_info->avaliable_bytes();
+ infos[i].usage_bytes = con_info->usage_bytes();
+ infos[i].rss_bytes = con_info->rss_bytes();
+ infos[i].page_faults = con_info->page_faults();
+ infos[i].major_page_faults = con_info->major_page_faults();
// kernel memory usage
infos[i].kmem_used = con_info->kmem_used;
infos[i].kmem_limit = con_info->kmem_limit;
diff --git a/src/daemon/entry/connect/grpc/container/stats_service.cc b/src/daemon/entry/connect/grpc/container/stats_service.cc
index 6e116b4c..7315fe75 100644
--- a/src/daemon/entry/connect/grpc/container/stats_service.cc
+++ b/src/daemon/entry/connect/grpc/container/stats_service.cc
@@ -87,6 +87,12 @@ void ContainerStatsService::FillResponseTogRPC(void *containerRes, StatsResponse
stats->set_mem_limit(response->container_stats[i]->mem_limit);
stats->set_kmem_used(response->container_stats[i]->kmem_used);
stats->set_kmem_limit(response->container_stats[i]->kmem_limit);
+ stats->set_avaliable_bytes(response->container_stats[i]->avaliable_bytes);
+ stats->set_usage_bytes(response->container_stats[i]->usage_bytes);
+ stats->set_mem_used(response->container_stats[i]->mem_used);
+ stats->set_rss_bytes(response->container_stats[i]->rss_bytes);
+ stats->set_page_faults(response->container_stats[i]->page_faults);
+ stats->set_major_page_faults(response->container_stats[i]->major_page_faults);
if (response->container_stats[i]->name != nullptr) {
stats->set_name(response->container_stats[i]->name);
}
diff --git a/src/daemon/entry/cri/cri_container_manager_service.cc b/src/daemon/entry/cri/cri_container_manager_service.cc
index b02367c8..57284593 100644
--- a/src/daemon/entry/cri/cri_container_manager_service.cc
+++ b/src/daemon/entry/cri/cri_container_manager_service.cc
@@ -842,8 +842,22 @@ void ContainerManagerService::ContainerStatsToGRPC(
response->container_stats[i]->cpu_use_nanos);
container->mutable_cpu()->set_timestamp(timestamp);
}
-
- containerstats->push_back(move(container));
+ if (response->container_stats[i]->avaliable_bytes != 0u) {
+ container->mutable_memory()->mutable_available_bytes()->set_value(response->container_stats[i]->avaliable_bytes);
+ }
+ if (response->container_stats[i]->usage_bytes != 0u) {
+ container->mutable_memory()->mutable_usage_bytes()->set_value(response->container_stats[i]->usage_bytes);
+ }
+ if (response->container_stats[i]->rss_bytes != 0u) {
+ container->mutable_memory()->mutable_rss_bytes()->set_value(response->container_stats[i]->rss_bytes);
+ }
+ if (response->container_stats[i]->page_faults != 0u) {
+ container->mutable_memory()->mutable_page_faults()->set_value(response->container_stats[i]->page_faults);
+ }
+ if (response->container_stats[i]->major_page_faults != 0u) {
+ container->mutable_memory()->mutable_major_page_faults()->set_value(response->container_stats[i]->major_page_faults);
+ }
+ containerstats->push_back(std::move(container));
}
}
diff --git a/src/daemon/executor/container_cb/execution_extend.c b/src/daemon/executor/container_cb/execution_extend.c
index b0da705e..67d0845a 100644
--- a/src/daemon/executor/container_cb/execution_extend.c
+++ b/src/daemon/executor/container_cb/execution_extend.c
@@ -243,6 +243,11 @@ static container_info *get_container_stats(const container_t *cont,
info->blkio_write = einfo->blkio_write;
info->mem_used = einfo->mem_used;
info->mem_limit = einfo->mem_limit;
+ info->avaliable_bytes = einfo->avaliable_bytes;
+ info->usage_bytes = einfo->usage_bytes;
+ info->rss_bytes = einfo->rss_bytes;
+ info->page_faults = einfo->page_faults;
+ info->major_page_faults = einfo->major_page_faults;
info->kmem_used = einfo->kmem_used;
info->kmem_limit = einfo->kmem_limit;
diff --git a/src/daemon/modules/api/runtime_api.h b/src/daemon/modules/api/runtime_api.h
index de4136a3..b245ebf9 100644
--- a/src/daemon/modules/api/runtime_api.h
+++ b/src/daemon/modules/api/runtime_api.h
@@ -55,6 +55,11 @@ struct runtime_container_resources_stats_info {
/* Memory usage */
uint64_t mem_used;
uint64_t mem_limit;
+ uint64_t avaliable_bytes;
+ uint64_t usage_bytes;
+ uint64_t rss_bytes;
+ uint64_t page_faults;
+ uint64_t major_page_faults;
/* Kernel Memory usage */
uint64_t kmem_used;
uint64_t kmem_limit;
diff --git a/src/daemon/modules/runtime/engines/lcr/lcr_engine.c b/src/daemon/modules/runtime/engines/lcr/lcr_engine.c
index 2ca12545..2f7f73f8 100644
--- a/src/daemon/modules/runtime/engines/lcr/lcr_engine.c
+++ b/src/daemon/modules/runtime/engines/lcr/lcr_engine.c
@@ -162,6 +162,12 @@ static void copy_container_resources_stats(const struct lcr_container_state *lcs
rs_stats->mem_limit = lcs->mem_limit;
rs_stats->kmem_used = lcs->kmem_used;
rs_stats->kmem_limit = lcs->kmem_limit;
+ rs_stats->avaliable_bytes = lcs->avaliable_bytes;
+ rs_stats->usage_bytes = lcs->usage_bytes;
+ rs_stats->mem_used = lcs->mem_used;
+ rs_stats->rss_bytes = lcs->rss_bytes;
+ rs_stats->page_faults = lcs->page_faults;
+ rs_stats->major_page_faults = lcs->major_page_faults;
rs_stats->cache = lcs->cache;
rs_stats->cache_total = lcs->cache_total;
rs_stats->inactive_file_total = lcs->inactive_file_total;
--
2.25.1

34
0025-fix-read-member-error-from-struct.patch Normal file
View File

@ -0,0 +1,34 @@
From 3e71fe5910a1b0c9dbb899e06614103a2cebf0fc Mon Sep 17 00:00:00 2001
From: haozi007 <liuhao27@huawei.com>
Date: Fri, 24 Feb 2023 10:25:46 +0800
Subject: [PATCH 25/53] fix read member error from struct
Signed-off-by: haozi007 <liuhao27@huawei.com>
---
src/client/connect/rest/rest_containers_client.c | 10 +++++-----
1 file changed, 5 insertions(+), 5 deletions(-)
diff --git a/src/client/connect/rest/rest_containers_client.c b/src/client/connect/rest/rest_containers_client.c
index 9eee9d40..0ae9a4f6 100644
--- a/src/client/connect/rest/rest_containers_client.c
+++ b/src/client/connect/rest/rest_containers_client.c
@@ -2195,11 +2195,11 @@ static int unpack_container_info_for_stats_response(const container_stats_respon
// memory usage
infos[i].mem_used = con_info->mem_used;
infos[i].mem_limit = con_info->mem_limit;
- infos[i].avaliable_bytes = con_info->avaliable_bytes();
- infos[i].usage_bytes = con_info->usage_bytes();
- infos[i].rss_bytes = con_info->rss_bytes();
- infos[i].page_faults = con_info->page_faults();
- infos[i].major_page_faults = con_info->major_page_faults();
+ infos[i].avaliable_bytes = con_info->avaliable_bytes;
+ infos[i].usage_bytes = con_info->usage_bytes;
+ infos[i].rss_bytes = con_info->rss_bytes;
+ infos[i].page_faults = con_info->page_faults;
+ infos[i].major_page_faults = con_info->major_page_faults;
// kernel memory usage
infos[i].kmem_used = con_info->kmem_used;
infos[i].kmem_limit = con_info->kmem_limit;
--
2.25.1

108
0026-Fix-PR-runc.patch Normal file
View File

@ -0,0 +1,108 @@
From 39d7fd140e8b590a925e5cdf8ace20b0161328c8 Mon Sep 17 00:00:00 2001
From: sailorvii <chenw66@chinaunicom.cn>
Date: Mon, 27 Feb 2023 02:33:46 +0000
Subject: [PATCH 26/53] =?UTF-8?q?Fix=20PR=20runc=E8=BF=90=E8=A1=8C?=
=?UTF-8?q?=E5=A4=B1=E8=B4=A5.?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
The environment NOTIFY_SOCKET is used when runc start but not runc create.
As the source code: https://github.com/opencontainers/runc/blob/main/start.go#L35.
So move the related code to the right location.
---
.../modules/runtime/isula/isula_rt_ops.c | 27 +++++++++----------
1 file changed, 13 insertions(+), 14 deletions(-)
diff --git a/src/daemon/modules/runtime/isula/isula_rt_ops.c b/src/daemon/modules/runtime/isula/isula_rt_ops.c
index 6f2b4f7d..60742d42 100644
--- a/src/daemon/modules/runtime/isula/isula_rt_ops.c
+++ b/src/daemon/modules/runtime/isula/isula_rt_ops.c
@@ -760,12 +760,6 @@ static int shim_create(bool fg, const char *id, const char *workdir, const char
goto realexec;
}
- // clear NOTIFY_SOCKET from the env to adapt runc create
- if (unsetenv("NOTIFY_SOCKET") != 0) {
- (void)dprintf(exec_fd[1], "%s: unset env NOTIFY_SOCKET failed %s", id, strerror(errno));
- exit(EXIT_FAILURE);
- }
-
pid = fork();
if (pid < 0) {
(void)dprintf(exec_fd[1], "%s: fork shim-process failed %s", id, strerror(errno));
@@ -945,7 +939,7 @@ int rt_isula_start(const char *id, const char *runtime, const rt_start_params_t
char shim_pid_file_name[PATH_MAX] = { 0 };
pid_t pid = 0;
pid_t shim_pid = -1;
- int ret = 0;
+ int ret = -1;
int splice_ret = 0;
proc_t *proc = NULL;
proc_t *p_proc = NULL;
@@ -967,28 +961,24 @@ int rt_isula_start(const char *id, const char *runtime, const rt_start_params_t
pid = get_container_process_pid(workdir);
if (pid < 0) {
- ret = -1;
ERROR("%s: failed wait init pid", id);
goto out;
}
file_read_int(shim_pid_file_name, &shim_pid);
if (shim_pid < 0) {
- ret = -1;
ERROR("%s: failed to read isulad shim pid", id);
goto out;
}
proc = util_get_process_proc_info(pid);
if (proc == NULL) {
- ret = -1;
ERROR("%s: failed to read pidinfo", id);
goto out;
}
p_proc = util_get_process_proc_info(shim_pid);
if (p_proc == NULL) {
- ret = -1;
ERROR("%s: failed to read isulad shim pidinfo", id);
goto out;
}
@@ -998,20 +988,29 @@ int rt_isula_start(const char *id, const char *runtime, const rt_start_params_t
pid_info->ppid = shim_pid;
pid_info->pstart_time = p_proc->start_time;
+ // clear NOTIFY_SOCKET from the env to adapt runc start
+ if (unsetenv("NOTIFY_SOCKET") != 0) {
+ ERROR("%s: unset env NOTIFY_SOCKET failed %s", id);
+ }
+
if (runtime_call_simple(workdir, runtime, "start", NULL, 0, id, NULL) != 0) {
ERROR("call runtime start id failed");
- ret = -1;
goto out;
}
+ ret = 0;
out:
if (ret != 0) {
show_shim_runtime_errlog(workdir);
shim_kill_force(workdir);
}
- free(proc);
- free(p_proc);
+ if (proc != NULL) {
+ free(proc);
+ }
+ if (p_proc != NULL) {
+ free(p_proc);
+ }
return ret;
}
--
2.25.1

68
0027-allow-the-paused-container-to-be-stopped.patch Normal file
View File

@ -0,0 +1,68 @@
From 70173556a3825870b44cc344e83cdf0fd6d577c5 Mon Sep 17 00:00:00 2001
From: zhongtao <zhongtao17@huawei.com>
Date: Thu, 23 Feb 2023 16:08:48 +0800
Subject: [PATCH 27/53] allow the paused container to be stopped
Signed-off-by: zhongtao <zhongtao17@huawei.com>
---
src/daemon/entry/cri/cri_container_manager_service.cc | 6 +++---
src/daemon/entry/cri/cri_helpers.cc | 2 +-
src/daemon/modules/service/service_container.c | 7 +++----
3 files changed, 7 insertions(+), 8 deletions(-)
diff --git a/src/daemon/entry/cri/cri_container_manager_service.cc b/src/daemon/entry/cri/cri_container_manager_service.cc
index 57284593..1592c0a6 100644
--- a/src/daemon/entry/cri/cri_container_manager_service.cc
+++ b/src/daemon/entry/cri/cri_container_manager_service.cc
@@ -1195,14 +1195,14 @@ void ContainerManagerService::UpdateContainerResources(const std::string &contai
}
if (resources.hugepage_limits_size() != 0) {
hostconfig->hugetlbs = (host_config_hugetlbs_element **)util_smart_calloc_s(
- sizeof(host_config_hugetlbs_element *), resources.hugepage_limits_size());
+ sizeof(host_config_hugetlbs_element *), resources.hugepage_limits_size());
if (hostconfig->hugetlbs == nullptr) {
error.SetError("Out of memory");
return;
}
- for (int i = 0; i < resources.hugepage_limits_size(); i++) {
+ for (int i = 0; i < resources.hugepage_limits_size(); i++) {
hostconfig->hugetlbs[i] =
- (host_config_hugetlbs_element *)util_common_calloc_s(sizeof(host_config_hugetlbs_element));
+ (host_config_hugetlbs_element *)util_common_calloc_s(sizeof(host_config_hugetlbs_element));
if (hostconfig->hugetlbs[i] == nullptr) {
error.SetError("Out of memory");
goto cleanup;
diff --git a/src/daemon/entry/cri/cri_helpers.cc b/src/daemon/entry/cri/cri_helpers.cc
index 6d59ec11..c24c8b73 100644
--- a/src/daemon/entry/cri/cri_helpers.cc
+++ b/src/daemon/entry/cri/cri_helpers.cc
@@ -470,7 +470,7 @@ void UpdateCreateConfig(container_config *createConfig, host_config *hc,
}
for (int i = 0; i < rOpts.hugepage_limits_size(); i++) {
hc->hugetlbs[i] =
- (host_config_hugetlbs_element *)util_common_calloc_s(sizeof(host_config_hugetlbs_element));
+ (host_config_hugetlbs_element *)util_common_calloc_s(sizeof(host_config_hugetlbs_element));
if (hc->hugetlbs[i] == nullptr) {
error.SetError("Out of memory");
return;
diff --git a/src/daemon/modules/service/service_container.c b/src/daemon/modules/service/service_container.c
index cc777411..d69ee757 100644
--- a/src/daemon/modules/service/service_container.c
+++ b/src/daemon/modules/service/service_container.c
@@ -1495,10 +1495,9 @@ int stop_container(container_t *cont, int timeout, bool force, bool restart)
container_lock(cont);
- if (container_is_paused(cont->state)) {
- ERROR("Container %s is paused. Unpause the container before stopping or killing", id);
- isulad_set_error_message("Container %s is paused. Unpause the container before stopping or killing", id);
- ret = -1;
+ if (!container_is_running(cont->state)) {
+ INFO("Container %s is already stopped", id);
+ ret = 0;
goto out;
}
--
2.25.1

29
0028-Refine.patch Normal file
View File

@ -0,0 +1,29 @@
From 376677f2f38b3c27b14b7a21aa021ea683a2f0e1 Mon Sep 17 00:00:00 2001
From: sailorvii <chenw66@chinaunicom.cn>
Date: Tue, 28 Feb 2023 06:09:48 +0000
Subject: [PATCH 28/53] Refine.
---
src/daemon/modules/runtime/isula/isula_rt_ops.c | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/src/daemon/modules/runtime/isula/isula_rt_ops.c b/src/daemon/modules/runtime/isula/isula_rt_ops.c
index 60742d42..5d622515 100644
--- a/src/daemon/modules/runtime/isula/isula_rt_ops.c
+++ b/src/daemon/modules/runtime/isula/isula_rt_ops.c
@@ -760,6 +760,12 @@ static int shim_create(bool fg, const char *id, const char *workdir, const char
goto realexec;
}
+ // clear NOTIFY_SOCKET from the env to adapt runc create
+ if (unsetenv("NOTIFY_SOCKET") != 0) {
+ (void)dprintf(exec_fd[1], "%s: unset env NOTIFY_SOCKET failed %s", id, strerror(errno));
+ exit(EXIT_FAILURE);
+ }
+
pid = fork();
if (pid < 0) {
(void)dprintf(exec_fd[1], "%s: fork shim-process failed %s", id, strerror(errno));
--
2.25.1

291
0029-support-isula-update-when-runtime-is-runc.patch Normal file
View File

@ -0,0 +1,291 @@
From 7f00006ea65378e7b27049ff3f0eb3fa70e69b09 Mon Sep 17 00:00:00 2001
From: zhongtao <zhongtao17@huawei.com>
Date: Thu, 16 Feb 2023 20:20:54 +0800
Subject: [PATCH 29/53] support isula update when runtime is runc
Signed-off-by: zhongtao <zhongtao17@huawei.com>
---
.../executor/container_cb/execution_extend.c | 1 +
src/daemon/modules/api/runtime_api.h | 1 +
.../modules/runtime/isula/isula_rt_ops.c | 180 ++++++++++++++++--
3 files changed, 161 insertions(+), 21 deletions(-)
diff --git a/src/daemon/executor/container_cb/execution_extend.c b/src/daemon/executor/container_cb/execution_extend.c
index 67d0845a..2f565d78 100644
--- a/src/daemon/executor/container_cb/execution_extend.c
+++ b/src/daemon/executor/container_cb/execution_extend.c
@@ -1134,6 +1134,7 @@ static int do_update_resources(const container_update_request *request, containe
if (container_is_running(cont->state)) {
params.rootpath = cont->root_path;
params.hostconfig = hostconfig;
+ params.state = cont->state_path;
if (runtime_update(id, cont->runtime, &params)) {
ERROR("Update container %s failed", id);
ret = -1;
diff --git a/src/daemon/modules/api/runtime_api.h b/src/daemon/modules/api/runtime_api.h
index b245ebf9..199c9f4b 100644
--- a/src/daemon/modules/api/runtime_api.h
+++ b/src/daemon/modules/api/runtime_api.h
@@ -169,6 +169,7 @@ typedef struct _rt_attach_params_t {
typedef struct _rt_update_params_t {
const char *rootpath;
const host_config *hostconfig;
+ const char *state;
} rt_update_params_t;
typedef struct _rt_listpids_params_t {
diff --git a/src/daemon/modules/runtime/isula/isula_rt_ops.c b/src/daemon/modules/runtime/isula/isula_rt_ops.c
index 6f2b4f7d..41791388 100644
--- a/src/daemon/modules/runtime/isula/isula_rt_ops.c
+++ b/src/daemon/modules/runtime/isula/isula_rt_ops.c
@@ -21,6 +21,7 @@
#include <limits.h>
#include <errno.h>
#include <fcntl.h>
+#include <isula_libutils/auto_cleanup.h>
#include <isula_libutils/defs.h>
#include <isula_libutils/isulad_daemon_configs.h>
#include <isula_libutils/json_common.h>
@@ -39,6 +40,7 @@
#include "constants.h"
#include "isula_libutils/shim_client_process_state.h"
#include "isula_libutils/shim_client_runtime_stats.h"
+#include "isula_libutils/shim_client_cgroup_resources.h"
#include "isula_libutils/oci_runtime_state.h"
#include "isulad_config.h"
#include "utils_string.h"
@@ -54,6 +56,9 @@
#define RESIZE_DATA_SIZE 100
#define PID_WAIT_TIME 120
+// file name formats of cgroup resources json
+#define RESOURCE_FNAME_FORMATS "%s/resources.json"
+
// handle string from stderr output.
typedef int(*handle_output_callback_t)(const char *output);
@@ -229,34 +234,27 @@ bool rt_isula_detect(const char *runtime)
static int create_process_json_file(const char *workdir, const shim_client_process_state *p)
{
struct parser_context ctx = { OPT_GEN_SIMPLIFY, 0 };
- parser_error perr = NULL;
- char *data = NULL;
+ __isula_auto_free parser_error perr = NULL;
+ __isula_auto_free char *data = NULL;
char fname[PATH_MAX] = { 0 };
- int retcode = 0;
if (snprintf(fname, sizeof(fname), "%s/process.json", workdir) < 0) {
- ERROR("failed make process.json full path");
+ ERROR("Failed make process.json full path");
return -1;
}
data = shim_client_process_state_generate_json(p, &ctx, &perr);
if (data == NULL) {
- retcode = -1;
- ERROR("failed generate json for process.json error=%s", perr);
- goto out;
+ ERROR("Failed generate json for process.json error=%s", perr);
+ return -1;
}
if (util_write_file(fname, data, strlen(data), DEFAULT_SECURE_FILE_MODE) != 0) {
- retcode = -1;
- ERROR("failed write process.json");
- goto out;
+ ERROR("Failed write process.json");
+ return -1;
}
-out:
- UTIL_FREE_AND_SET_NULL(perr);
- UTIL_FREE_AND_SET_NULL(data);
-
- return retcode;
+ return 0;
}
static void get_runtime_cmd(const char *runtime, const char **cmd)
@@ -733,18 +731,18 @@ static int shim_create(bool fg, const char *id, const char *workdir, const char
runtime_exec_param_dump(params);
if (snprintf(fpid, sizeof(fpid), "%s/shim-pid", workdir) < 0) {
- ERROR("failed make shim-pid full path");
+ ERROR("Failed make shim-pid full path");
return -1;
}
if (pipe2(exec_fd, O_CLOEXEC) != 0) {
- ERROR("failed to create pipe for shim create");
+ ERROR("Failed to create pipe for shim create");
return -1;
}
pid = fork();
if (pid < 0) {
- ERROR("failed fork for shim parent %s", strerror(errno));
+ ERROR("Failed fork for shim parent %s", strerror(errno));
close(exec_fd[0]);
close(exec_fd[1]);
return -1;
@@ -1264,13 +1262,153 @@ int rt_isula_attach(const char *id, const char *runtime, const rt_attach_params_
return -1;
}
-int rt_isula_update(const char *id, const char *runtime, const rt_update_params_t *params)
+static int to_engine_resources(const host_config *hostconfig, shim_client_cgroup_resources *cr)
+{
+ uint64_t period = 0;
+ int64_t quota = 0;
+
+ if (hostconfig == NULL || cr == NULL) {
+ return -1;
+ }
+
+ cr->block_io = util_common_calloc_s(sizeof(shim_client_cgroup_resources_block_io));
+ if (cr->block_io == NULL) {
+ ERROR("Out of memory");
+ return -1;
+ }
+
+ cr->cpu = util_common_calloc_s(sizeof(shim_client_cgroup_resources_cpu));
+ if (cr->cpu == NULL) {
+ ERROR("Out of memory");
+ return -1;
+ }
+
+ cr->memory = util_common_calloc_s(sizeof(shim_client_cgroup_resources_memory));
+ if (cr->memory == NULL) {
+ ERROR("Out of memory");
+ return -1;
+ }
+
+ cr->block_io->weight = hostconfig->blkio_weight;
+ cr->cpu->shares = (uint64_t)hostconfig->cpu_shares;
+ cr->cpu->period = (uint64_t)hostconfig->cpu_period;
+ cr->cpu->quota = hostconfig->cpu_quota;
+ cr->cpu->cpus = util_strdup_s(hostconfig->cpuset_cpus);
+ cr->cpu->mems = util_strdup_s(hostconfig->cpuset_mems);
+ cr->memory->limit = (uint64_t)hostconfig->memory;
+ cr->memory->swap = (uint64_t)hostconfig->memory_swap;
+ cr->memory->reservation = (uint64_t)hostconfig->memory_reservation;
+ cr->memory->kernel = (uint64_t)hostconfig->kernel_memory;
+ cr->cpu->realtime_period = hostconfig->cpu_realtime_period;
+ cr->cpu->realtime_runtime = hostconfig->cpu_realtime_runtime;
+
+ // when --cpus=n is set, nano_cpus = n * 1e9.
+ if (hostconfig->nano_cpus > 0) {
+ // in the case, period will be set to the default value of 100000(0.1s).
+ period = (uint64_t)(100 * Time_Milli / Time_Micro);
+ // set quota = period * n, in order to let container process fully occupy n cpus.
+ if ((hostconfig->nano_cpus / 1e9) > (INT64_MAX / (int64_t)period)) {
+ ERROR("Overflow of quota");
+ return -1;
+ }
+ quota = hostconfig->nano_cpus / 1e9 * (int64_t)period;
+ cr->cpu->period = period;
+ cr->cpu->quota = quota;
+ }
+
+ return 0;
+}
+
+static int create_resources_json_file(const char *workdir, const shim_client_cgroup_resources *cr, char *fname,
+ size_t fname_size)
{
- ERROR("isula update not support on isulad-shim");
- isulad_set_error_message("isula update not support on isulad-shim");
+ struct parser_context ctx = { OPT_GEN_SIMPLIFY, 0 };
+ __isula_auto_free parser_error perr = NULL;
+ __isula_auto_free char *data = NULL;
+
+ if (snprintf(fname, fname_size, RESOURCE_FNAME_FORMATS, workdir) < 0) {
+ ERROR("Failed make resources.json full path");
+ return -1;
+ }
+
+ data = shim_client_cgroup_resources_generate_json(cr, &ctx, &perr);
+ if (data == NULL) {
+ return -1;
+ }
+
+ if (util_write_file(fname, data, strlen(data), DEFAULT_SECURE_FILE_MODE) != 0) {
+ return -1;
+ }
+
+ return 0;
+}
+
+// show std error msg, always return -1.
+static int show_stderr(const char *err)
+{
+ isulad_set_error_message(err);
return -1;
}
+int rt_isula_update(const char *id, const char *runtime, const rt_update_params_t *params)
+{
+ int ret = 0;
+ char workdir[PATH_MAX] = { 0 };
+ char resources_fname[PATH_MAX] = { 0 };
+ const char *opts[2] = { 0 };
+ shim_client_cgroup_resources *cr = NULL;
+
+ if (id == NULL || runtime == NULL || params == NULL) {
+ ERROR("Nullptr arguments not allowed");
+ return -1;
+ }
+
+ ret = snprintf(workdir, sizeof(workdir), "%s/%s/update", params->state, id);
+ if (ret < 0) {
+ ERROR("Failed join update full path");
+ return ret;
+ }
+
+ ret = util_mkdir_p(workdir, DEFAULT_SECURE_DIRECTORY_MODE);
+ if (ret < 0) {
+ ERROR("Failed mkdir update workdir %s", workdir);
+ return ret;
+ }
+
+ cr = util_common_calloc_s(sizeof(shim_client_cgroup_resources));
+ if (cr == NULL) {
+ ERROR("Out of memory");
+ goto del_out;
+ }
+
+ ret = to_engine_resources(params->hostconfig, cr);
+ if (ret < 0) {
+ ERROR("Failed to get resources for update");
+ goto del_out;
+ }
+
+ ret = create_resources_json_file(workdir, cr, resources_fname, sizeof(resources_fname));
+ if (ret != 0) {
+ ERROR("%s: failed create update json file", id);
+ goto del_out;
+ }
+
+ opts[0] = "--resources";
+ opts[1] = resources_fname;
+
+ if (runtime_call_simple(workdir, runtime, "update", opts, 2, id, show_stderr) != 0) {
+ ERROR("Call runtime update id failed");
+ ret = -1;
+ }
+
+del_out:
+ if (util_recursive_rmdir(workdir, 0)) {
+ ERROR("Rmdir %s failed", workdir);
+ }
+ free_shim_client_cgroup_resources(cr);
+ return ret;
+}
+
int rt_isula_pause(const char *id, const char *runtime, const rt_pause_params_t *params)
{
char workdir[PATH_MAX] = { 0 };
--
2.25.1

41
0030-Refine-as-others-feedback.patch Normal file
View File

@ -0,0 +1,41 @@
From 4900996ca52e46795eb25b05ce50519c7c71ae38 Mon Sep 17 00:00:00 2001
From: sailorvii <chenw66@chinaunicom.cn>
Date: Thu, 2 Mar 2023 09:04:57 +0000
Subject: [PATCH 30/53] Refine as others' feedback.
---
src/daemon/modules/runtime/isula/isula_rt_ops.c | 11 ++++++-----
1 file changed, 6 insertions(+), 5 deletions(-)
diff --git a/src/daemon/modules/runtime/isula/isula_rt_ops.c b/src/daemon/modules/runtime/isula/isula_rt_ops.c
index 5d622515..7ec3fc49 100644
--- a/src/daemon/modules/runtime/isula/isula_rt_ops.c
+++ b/src/daemon/modules/runtime/isula/isula_rt_ops.c
@@ -473,6 +473,12 @@ static void runtime_exec_func(void *arg)
_exit(EXIT_FAILURE);
}
+ // clear NOTIFY_SOCKET from the env to adapt runc start
+ if (strcmp(rei->subcmd, "start") == 0 && unsetenv("NOTIFY_SOCKET") != 0) {
+ dprintf(STDERR_FILENO, "unset env NOTIFY_SOCKET failed %s", strerror(errno));
+ _exit(EXIT_FAILURE);
+ }
+
execvp(rei->cmd, rei->params);
dprintf(STDERR_FILENO, "exec %s %s %s failed", rei->cmd, rei->subcmd, rei->id);
_exit(EXIT_FAILURE);
@@ -994,11 +1000,6 @@ int rt_isula_start(const char *id, const char *runtime, const rt_start_params_t
pid_info->ppid = shim_pid;
pid_info->pstart_time = p_proc->start_time;
- // clear NOTIFY_SOCKET from the env to adapt runc start
- if (unsetenv("NOTIFY_SOCKET") != 0) {
- ERROR("%s: unset env NOTIFY_SOCKET failed %s", id);
- }
-
if (runtime_call_simple(workdir, runtime, "start", NULL, 0, id, NULL) != 0) {
ERROR("call runtime start id failed");
goto out;
--
2.25.1

134
0031-fix-CRI-SetupPod-and-TearDownPod-deadlock.patch Normal file
View File

@ -0,0 +1,134 @@
From a87e8aeea252e5aec9e1dea0daf99562eb86b092 Mon Sep 17 00:00:00 2001
From: zhangxiaoyu <zhangxiaoyu58@huawei.com>
Date: Thu, 2 Mar 2023 20:05:49 +0800
Subject: [PATCH 31/53] fix CRI SetupPod and TearDownPod deadlock
Signed-off-by: zhangxiaoyu <zhangxiaoyu58@huawei.com>
---
src/daemon/entry/cri/cni_network_plugin.cc | 14 +++++++----
.../cri/cri_pod_sandbox_manager_service.cc | 2 ++
src/daemon/entry/cri/network_plugin.cc | 25 +++++++++++++------
3 files changed, 29 insertions(+), 12 deletions(-)
diff --git a/src/daemon/entry/cri/cni_network_plugin.cc b/src/daemon/entry/cri/cni_network_plugin.cc
index 1bce13f6..0fe095b6 100644
--- a/src/daemon/entry/cri/cni_network_plugin.cc
+++ b/src/daemon/entry/cri/cni_network_plugin.cc
@@ -120,8 +120,10 @@ auto CniNetworkPlugin::Name() const -> const std::string &
void CniNetworkPlugin::CheckInitialized(Errors &err)
{
- RLockNetworkMap(err);
- if (err.NotEmpty()) {
+ Errors tmpErr;
+ RLockNetworkMap(tmpErr);
+ if (tmpErr.NotEmpty()) {
+ err.AppendError(tmpErr.GetCMessage());
return;
}
@@ -129,9 +131,10 @@ void CniNetworkPlugin::CheckInitialized(Errors &err)
err.SetError("cni config uninitialized");
}
- UnlockNetworkMap(err);
- if (err.NotEmpty()) {
- WARN("Unable to update cni config: %s", err.GetCMessage());
+ UnlockNetworkMap(tmpErr);
+ if (tmpErr.NotEmpty()) {
+ WARN("Unable to update cni config: %s", tmpErr.GetCMessage());
+ err.AppendError(tmpErr.GetCMessage());
}
}
@@ -623,6 +626,7 @@ void CniNetworkPlugin::SetUpPod(const std::string &ns, const std::string &name,
return;
}
+ err.Clear();
RLockNetworkMap(err);
if (err.NotEmpty()) {
ERROR("%s", err.GetCMessage());
diff --git a/src/daemon/entry/cri/cri_pod_sandbox_manager_service.cc b/src/daemon/entry/cri/cri_pod_sandbox_manager_service.cc
index 3d183861..ee523b9c 100644
--- a/src/daemon/entry/cri/cri_pod_sandbox_manager_service.cc
+++ b/src/daemon/entry/cri/cri_pod_sandbox_manager_service.cc
@@ -705,6 +705,7 @@ auto PodSandboxManagerService::GetRealSandboxIDToStop(const std::string &podSand
if (status->linux().namespaces().has_options()) {
hostNetwork = (status->linux().namespaces().options().network() == runtime::v1alpha2::NamespaceMode::NODE);
}
+ // if metadata is invalid, don't return -1 and continue stopping pod
if (status->has_metadata()) {
name = status->metadata().name();
ns = status->metadata().namespace_();
@@ -831,6 +832,7 @@ auto PodSandboxManagerService::ClearCniNetwork(const std::string &realSandboxID,
}
stdAnnos.insert(std::pair<std::string, std::string>(CRIHelpers::Constants::POD_SANDBOX_KEY, netnsPath));
+ pluginErr.Clear();
m_pluginManager->TearDownPod(ns, name, Network::DEFAULT_NETWORK_INTERFACE_NAME, realSandboxID, stdAnnos,
pluginErr);
if (pluginErr.NotEmpty()) {
diff --git a/src/daemon/entry/cri/network_plugin.cc b/src/daemon/entry/cri/network_plugin.cc
index 4a119d6b..e55db4ea 100644
--- a/src/daemon/entry/cri/network_plugin.cc
+++ b/src/daemon/entry/cri/network_plugin.cc
@@ -425,20 +425,26 @@ void PluginManager::SetUpPod(const std::string &ns, const std::string &name, con
return;
}
+ Errors tmpErr;
std::string fullName = name + "_" + ns;
- Lock(fullName, error);
- if (error.NotEmpty()) {
+ Lock(fullName, tmpErr);
+ if (tmpErr.NotEmpty()) {
+ error.AppendError(tmpErr.GetCMessage());
return;
}
INFO("Calling network plugin %s to set up pod %s", m_plugin->Name().c_str(), fullName.c_str());
- Errors tmpErr;
m_plugin->SetUpPod(ns, name, interfaceName, podSandboxID, annotations, options, network_settings_json, tmpErr);
if (tmpErr.NotEmpty()) {
error.Errorf("NetworkPlugin %s failed to set up pod %s network: %s", m_plugin->Name().c_str(), fullName.c_str(),
tmpErr.GetCMessage());
}
- Unlock(fullName, error);
+
+ tmpErr.Clear();
+ Unlock(fullName, tmpErr);
+ if (tmpErr.NotEmpty()) {
+ error.AppendError(tmpErr.GetCMessage());
+ }
}
void PluginManager::TearDownPod(const std::string &ns, const std::string &name, const std::string &interfaceName,
@@ -447,8 +453,9 @@ void PluginManager::TearDownPod(const std::string &ns, const std::string &name,
{
Errors tmpErr;
std::string fullName = name + "_" + ns;
- Lock(fullName, error);
- if (error.NotEmpty()) {
+ Lock(fullName, tmpErr);
+ if (tmpErr.NotEmpty()) {
+ error.AppendError(tmpErr.GetCMessage());
return;
}
if (m_plugin == nullptr) {
@@ -462,7 +469,11 @@ void PluginManager::TearDownPod(const std::string &ns, const std::string &name,
fullName.c_str(), tmpErr.GetCMessage());
}
unlock:
- Unlock(fullName, error);
+ tmpErr.Clear();
+ Unlock(fullName, tmpErr);
+ if (tmpErr.NotEmpty()) {
+ error.AppendError(tmpErr.GetCMessage());
+ }
}
void NoopNetworkPlugin::Init(const std::string &hairpinMode, const std::string &nonMasqueradeCIDR, int mtu,
--
2.25.1

2296
0032-remote-layer-store-demo.patch Normal file
View File

File diff suppressed because it is too large Load Diff

119
0033-add-ci-for-remote-ro.patch Normal file
View File

@ -0,0 +1,119 @@
From 6311ccd6e367f965da4dc1b4c9efb4bf43275f64 Mon Sep 17 00:00:00 2001
From: Neil <wrz750726@gmail.com>
Date: Sun, 5 Mar 2023 12:23:29 +0000
Subject: [PATCH 33/53] add ci for remote ro
Signed-off-by: Neil <wangrunze13@huawei.com>
---
CI/make-and-install.sh | 4 +-
.../container_cases/test_data/daemon.json | 1 +
CI/test_cases/image_cases/ro_separate.sh | 69 +++++++++++++++++++
3 files changed, 72 insertions(+), 2 deletions(-)
create mode 100644 CI/test_cases/image_cases/ro_separate.sh
diff --git a/CI/make-and-install.sh b/CI/make-and-install.sh
index 3dbff480..fa9c2250 100755
--- a/CI/make-and-install.sh
+++ b/CI/make-and-install.sh
@@ -103,9 +103,9 @@ rm -rf build
mkdir build
cd build
if [[ ${enable_gcov} -ne 0 ]]; then
- cmake -DLIB_INSTALL_DIR=${builddir}/lib -DCMAKE_INSTALL_PREFIX=${builddir} -DCMAKE_INSTALL_SYSCONFDIR=${builddir}/etc -DCMAKE_BUILD_TYPE=Debug -DGCOV=ON -DENABLE_EMBEDDED=ON -DENABLE_COVERAGE=ON -DENABLE_UT=ON -DENABLE_METRICS=ON ..
+ cmake -DLIB_INSTALL_DIR=${builddir}/lib -DCMAKE_INSTALL_PREFIX=${builddir} -DCMAKE_INSTALL_SYSCONFDIR=${builddir}/etc -DCMAKE_BUILD_TYPE=Debug -DGCOV=ON -DENABLE_EMBEDDED=ON -DENABLE_COVERAGE=ON -DENABLE_UT=ON -DENABLE_METRICS=ON -DENABLE_REMOTE_LAYER_STORE=ON ..
else
- cmake -DLIB_INSTALL_DIR=${builddir}/lib -DCMAKE_INSTALL_PREFIX=${builddir} -DCMAKE_INSTALL_SYSCONFDIR=${builddir}/etc -DENABLE_EMBEDDED=ON -DENABLE_METRICS=ON ..
+ cmake -DLIB_INSTALL_DIR=${builddir}/lib -DCMAKE_INSTALL_PREFIX=${builddir} -DCMAKE_INSTALL_SYSCONFDIR=${builddir}/etc -DENABLE_EMBEDDED=ON -DENABLE_METRICS=ON -DENABLE_REMOTE_LAYER_STORE=ON ..
fi
make -j $(nproc)
make install
diff --git a/CI/test_cases/container_cases/test_data/daemon.json b/CI/test_cases/container_cases/test_data/daemon.json
index aa88c9da..2664c6b2 100644
--- a/CI/test_cases/container_cases/test_data/daemon.json
+++ b/CI/test_cases/container_cases/test_data/daemon.json
@@ -19,6 +19,7 @@
"hook-spec": "/etc/default/isulad/hooks/default.json",
"start-timeout": "2m",
"storage-driver": "overlay2",
+ "storage-enable-remote-layer": false,
"storage-opts": [
"overlay2.override_kernel_check=true"
],
diff --git a/CI/test_cases/image_cases/ro_separate.sh b/CI/test_cases/image_cases/ro_separate.sh
new file mode 100644
index 00000000..47e04abb
--- /dev/null
+++ b/CI/test_cases/image_cases/ro_separate.sh
@@ -0,0 +1,69 @@
+#!/bin/bash
+#
+# attributes: isulad basic image
+# concurrent: NA
+# spend time: 22
+
+#######################################################################
+##- Copyright (c) Huawei Technologies Co., Ltd. 2023. All rights reserved.
+# - iSulad licensed under the Mulan PSL v2.
+# - You can use this software according to the terms and conditions of the Mulan PSL v2.
+# - You may obtain a copy of Mulan PSL v2 at:
+# - http://license.coscl.org.cn/MulanPSL2
+# - THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR
+# - IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR
+# - PURPOSE.
+# - See the Mulan PSL v2 for more details.
+##- @Description:CI
+##- @Author: wangrunze
+##- @Create: 2023-03-03
+#######################################################################
+
+declare -r curr_path=$(dirname $(readlink -f "$0"))
+source ../helpers.sh
+single_image="${curr_path}/busybox.tar"
+
+function test_separate_ro()
+{
+ local ret=0
+ local test="isula separate ro test => (${FUNCNAME[@]})"
+
+ msg_info "${test} starting..."
+
+ sed -i 's/"storage-enable-remote-layer": false/"storage-enable-remote-layer": true/' /etc/isulad/daemon.json
+ start_isulad_with_valgrind
+ wait_isulad_running
+
+ isula rmi busybox
+
+ isula pull busybox
+ [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - pull image failed" && ((ret++))
+
+ isula run -tid --name test_separate busybox /bin/sh
+ [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - run container failed" && ((ret++))
+
+ isula stop test_separate
+ [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - stop container failed" && ((ret++))
+
+ isula rmi busybox
+ [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - remove image failed" && ((ret++))
+
+ isula load -i $single_image
+ [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - load image failed: ${rootfs_tar}" && ((ret++))
+
+ check_valgrind_log
+ [[ $? -ne 0 ]] && msg_err "separate ro test - memory leak, please check...." && ((ret++))
+
+ sed -i 's/"storage-enable-remote-layer": true/"storage-enable-remote-layer": false/' /etc/isulad/daemon.json
+ start_isulad_with_valgrind
+ wait_isulad_running
+
+ msg_info "${test} finished with return ${ret}..."
+ return ${ret}
+}
+
+declare -i ans=0
+
+test_separate_ro || ((ans++))
+
+show_result ${ans} "${curr_path}/${0}"
--
2.25.1

26
0034-change-sleep-to-usleep-to-avoid-lossing-of-accuracy.patch Normal file
View File

@ -0,0 +1,26 @@
From 9663e62598570d16c0e8a70be4341ff72663b8df Mon Sep 17 00:00:00 2001
From: zhongtao <zhongtao17@huawei.com>
Date: Mon, 6 Mar 2023 09:51:17 +0800
Subject: [PATCH 34/53] change sleep() to usleep() to avoid lossing of accuracy
Signed-off-by: zhongtao <zhongtao17@huawei.com>
---
src/utils/cutils/utils.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/utils/cutils/utils.c b/src/utils/cutils/utils.c
index 2c4c01e4..983d81d8 100644
--- a/src/utils/cutils/utils.c
+++ b/src/utils/cutils/utils.c
@@ -345,7 +345,7 @@ int util_waitpid_with_timeout(pid_t pid, const int64_t timeout, handle_timeout_c
return -1;
}
// sleep some time instead to avoid cpu full running and then retry.
- sleep(0.1);
+ usleep(100);
}
return 0;
}
--
2.25.1

62
0035-fix-compile-error-when-not-enable-remote-ro.patch Normal file
View File

@ -0,0 +1,62 @@
From 6a0b11ae6584ee2eefff9bd20c96bc60582ccb6b Mon Sep 17 00:00:00 2001
From: "Neil.wrz" <wangrunze13@huawei.com>
Date: Sun, 5 Mar 2023 18:55:40 -0800
Subject: [PATCH 35/53] fix compile error when not enable remote ro
Signed-off-by: Neil.wrz <wangrunze13@huawei.com>
---
.../modules/image/oci/storage/image_store/CMakeLists.txt | 3 +++
.../modules/image/oci/storage/layer_store/CMakeLists.txt | 4 ++++
.../storage/layer_store/graphdriver/overlay2/CMakeLists.txt | 3 +++
3 files changed, 10 insertions(+)
diff --git a/src/daemon/modules/image/oci/storage/image_store/CMakeLists.txt b/src/daemon/modules/image/oci/storage/image_store/CMakeLists.txt
index ecf21caa..7d4fb77c 100644
--- a/src/daemon/modules/image/oci/storage/image_store/CMakeLists.txt
+++ b/src/daemon/modules/image/oci/storage/image_store/CMakeLists.txt
@@ -1,5 +1,8 @@
# get current directory sources files
aux_source_directory(${CMAKE_CURRENT_SOURCE_DIR} local_image_store_srcs)
+IF (NOT ENABLE_REMOTE_LAYER_STORE)
+list(REMOVE_ITEM local_image_store_srcs "${CMAKE_CURRENT_SOURCE_DIR}/image_remote_impl.c")
+ENDIF()
set(IMAGE_STORE_SRCS
${local_image_store_srcs}
diff --git a/src/daemon/modules/image/oci/storage/layer_store/CMakeLists.txt b/src/daemon/modules/image/oci/storage/layer_store/CMakeLists.txt
index f964f709..e04b4ad7 100644
--- a/src/daemon/modules/image/oci/storage/layer_store/CMakeLists.txt
+++ b/src/daemon/modules/image/oci/storage/layer_store/CMakeLists.txt
@@ -1,5 +1,8 @@
# get current directory sources files
aux_source_directory(${CMAKE_CURRENT_SOURCE_DIR} local_layer_store_srcs)
+IF (NOT ENABLE_REMOTE_LAYER_STORE)
+list(REMOVE_ITEM local_layer_store_srcs "${CMAKE_CURRENT_SOURCE_DIR}/layer_remote_impl.c")
+ENDIF()
add_subdirectory(graphdriver)
set(LAYER_STORE_SRCS
@@ -7,6 +10,7 @@ set(LAYER_STORE_SRCS
${GRAPHDRIVER_SRCS}
PARENT_SCOPE
)
+
set(LAYER_STORE_INCS
${CMAKE_CURRENT_SOURCE_DIR}
${GRAPHDRIVER_INCS}
diff --git a/src/daemon/modules/image/oci/storage/layer_store/graphdriver/overlay2/CMakeLists.txt b/src/daemon/modules/image/oci/storage/layer_store/graphdriver/overlay2/CMakeLists.txt
index ceed16b7..dd4e82aa 100644
--- a/src/daemon/modules/image/oci/storage/layer_store/graphdriver/overlay2/CMakeLists.txt
+++ b/src/daemon/modules/image/oci/storage/layer_store/graphdriver/overlay2/CMakeLists.txt
@@ -1,5 +1,8 @@
# get current directory sources files
aux_source_directory(${CMAKE_CURRENT_SOURCE_DIR} local_overlay2_srcs)
+IF (NOT ENABLE_REMOTE_LAYER_STORE)
+list(REMOVE_ITEM local_overlay2_srcs "${CMAKE_CURRENT_SOURCE_DIR}/overlay_remote_impl.c")
+ENDIF()
set(OVERLAY2_SRCS
${local_overlay2_srcs}
--
2.25.1

33
0036-adapt-to-repo-of-openeuler-url-changed.patch Normal file
View File

@ -0,0 +1,33 @@
From 42a46f64e533ea0a89f95bef80a421fe06a5bfa2 Mon Sep 17 00:00:00 2001
From: haozi007 <liuhao27@huawei.com>
Date: Mon, 6 Mar 2023 14:38:58 +0800
Subject: [PATCH 36/53] adapt to repo of openeuler url changed
Signed-off-by: haozi007 <liuhao27@huawei.com>
---
CI/pr-gateway.sh | 8 ++++++++
1 file changed, 8 insertions(+)
diff --git a/CI/pr-gateway.sh b/CI/pr-gateway.sh
index c715fc39..7c696de3 100755
--- a/CI/pr-gateway.sh
+++ b/CI/pr-gateway.sh
@@ -18,7 +18,15 @@ if [ $# -eq 1 ]; then
tbranch=$1
fi
+sed -i "s#http://repo.openeuler.org#https://repo.huaweicloud.com/openeuler#g" /etc/yum.repos.d/openEuler.repo
+
+dnf update -y
+
dnf install -y gtest-devel gmock-devel diffutils cmake gcc-c++ yajl-devel patch make libtool libevent-devel libevhtp-devel grpc grpc-plugins grpc-devel protobuf-devel libcurl libcurl-devel sqlite-devel libarchive-devel device-mapper-devel http-parser-devel libseccomp-devel libcap-devel libselinux-devel libwebsockets libwebsockets-devel systemd-devel git chrpath
+if [ $? -ne 0 ]; then
+ echo "install dependences failed"
+ exit 1
+fi
# dnf install -y cargo rust rust-packaging
--
2.25.1

27
0037-change-goto-branch.patch Normal file
View File

@ -0,0 +1,27 @@
From 66532035178723175ad9522201440372316dc914 Mon Sep 17 00:00:00 2001
From: zhongtao <zhongtao17@huawei.com>
Date: Mon, 6 Mar 2023 17:54:55 +0800
Subject: [PATCH 37/53] change goto branch
Signed-off-by: zhongtao <zhongtao17@huawei.com>
---
src/daemon/executor/container_cb/execution_stream.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/src/daemon/executor/container_cb/execution_stream.c b/src/daemon/executor/container_cb/execution_stream.c
index 1a7353b5..7e928cf7 100644
--- a/src/daemon/executor/container_cb/execution_stream.c
+++ b/src/daemon/executor/container_cb/execution_stream.c
@@ -161,7 +161,8 @@ static int container_exec_cb(const container_exec_request *request, container_ex
if (exec_container(cont, request, *response, stdinfd, stdout_handler, stderr_handler) != 0) {
ret = -1;
- goto pack_err_response;
+ // pack err response in exec_container, there is no need to pack here.
+ goto out;
}
goto out;
--
2.25.1

41
0038-CI-not-enable-remote-ro-for-ut.patch Normal file
View File

@ -0,0 +1,41 @@
From c414e2226542660579e14b9401fc28bc91b709c7 Mon Sep 17 00:00:00 2001
From: "Neil.wrz" <wangrunze13@huawei.com>
Date: Mon, 6 Mar 2023 18:59:43 -0800
Subject: [PATCH 38/53] CI not enable remote ro for ut
Signed-off-by: Neil.wrz <wangrunze13@huawei.com>
---
CI/make-and-install.sh | 2 +-
CI/test_cases/image_cases/ro_separate.sh | 3 +++
2 files changed, 4 insertions(+), 1 deletion(-)
diff --git a/CI/make-and-install.sh b/CI/make-and-install.sh
index fa9c2250..faeaf005 100755
--- a/CI/make-and-install.sh
+++ b/CI/make-and-install.sh
@@ -103,7 +103,7 @@ rm -rf build
mkdir build
cd build
if [[ ${enable_gcov} -ne 0 ]]; then
- cmake -DLIB_INSTALL_DIR=${builddir}/lib -DCMAKE_INSTALL_PREFIX=${builddir} -DCMAKE_INSTALL_SYSCONFDIR=${builddir}/etc -DCMAKE_BUILD_TYPE=Debug -DGCOV=ON -DENABLE_EMBEDDED=ON -DENABLE_COVERAGE=ON -DENABLE_UT=ON -DENABLE_METRICS=ON -DENABLE_REMOTE_LAYER_STORE=ON ..
+ cmake -DLIB_INSTALL_DIR=${builddir}/lib -DCMAKE_INSTALL_PREFIX=${builddir} -DCMAKE_INSTALL_SYSCONFDIR=${builddir}/etc -DCMAKE_BUILD_TYPE=Debug -DGCOV=ON -DENABLE_EMBEDDED=ON -DENABLE_COVERAGE=ON -DENABLE_UT=ON -DENABLE_METRICS=ON ..
else
cmake -DLIB_INSTALL_DIR=${builddir}/lib -DCMAKE_INSTALL_PREFIX=${builddir} -DCMAKE_INSTALL_SYSCONFDIR=${builddir}/etc -DENABLE_EMBEDDED=ON -DENABLE_METRICS=ON -DENABLE_REMOTE_LAYER_STORE=ON ..
fi
diff --git a/CI/test_cases/image_cases/ro_separate.sh b/CI/test_cases/image_cases/ro_separate.sh
index 47e04abb..df45e120 100644
--- a/CI/test_cases/image_cases/ro_separate.sh
+++ b/CI/test_cases/image_cases/ro_separate.sh
@@ -45,6 +45,9 @@ function test_separate_ro()
isula stop test_separate
[[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - stop container failed" && ((ret++))
+ isula rm test_separate
+ [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - remove container failed" && ((ret++))
+
isula rmi busybox
[[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - remove image failed" && ((ret++))
--
2.25.1

43
0039-use-auto-free-to-proc_t.patch Normal file
View File

@ -0,0 +1,43 @@
From 0a68a53ccb6582384dad478d4197ec9386306027 Mon Sep 17 00:00:00 2001
From: zhongtao <zhongtao17@huawei.com>
Date: Mon, 6 Mar 2023 10:56:16 +0800
Subject: [PATCH 39/53] use auto free to proc_t
Signed-off-by: zhongtao <zhongtao17@huawei.com>
---
src/daemon/modules/runtime/isula/isula_rt_ops.c | 12 ++----------
1 file changed, 2 insertions(+), 10 deletions(-)
diff --git a/src/daemon/modules/runtime/isula/isula_rt_ops.c b/src/daemon/modules/runtime/isula/isula_rt_ops.c
index 536e36b2..5ec0e639 100644
--- a/src/daemon/modules/runtime/isula/isula_rt_ops.c
+++ b/src/daemon/modules/runtime/isula/isula_rt_ops.c
@@ -951,8 +951,8 @@ int rt_isula_start(const char *id, const char *runtime, const rt_start_params_t
pid_t shim_pid = -1;
int ret = -1;
int splice_ret = 0;
- proc_t *proc = NULL;
- proc_t *p_proc = NULL;
+ __isula_auto_free proc_t *proc = NULL;
+ __isula_auto_free proc_t *p_proc = NULL;
if (id == NULL || runtime == NULL || params == NULL || pid_info == NULL) {
ERROR("nullptr arguments not allowed");
@@ -1009,14 +1009,6 @@ out:
show_shim_runtime_errlog(workdir);
shim_kill_force(workdir);
}
-
- if (proc != NULL) {
- free(proc);
- }
- if (p_proc != NULL) {
- free(p_proc);
- }
-
return ret;
}
--
2.25.1

72
0040-modifying-cpurt-file-permissions.patch Normal file
View File

@ -0,0 +1,72 @@
From 2d9b9d88f3150027609fe984930af1dcf06dfd00 Mon Sep 17 00:00:00 2001
From: songbuhuang <544824346@qq.com>
Date: Thu, 9 Mar 2023 18:32:19 +0800
Subject: [PATCH 40/53] modifying cpurt file permissions
Signed-off-by: songbuhuang <544824346@qq.com>
---
src/common/constants.h | 4 ++++
src/daemon/common/sysinfo.c | 3 +--
src/daemon/executor/container_cb/execution.c | 3 ++-
3 files changed, 7 insertions(+), 3 deletions(-)
diff --git a/src/common/constants.h b/src/common/constants.h
index b43d8c80..06015f1e 100644
--- a/src/common/constants.h
+++ b/src/common/constants.h
@@ -22,6 +22,10 @@ extern "C" {
/* mode of file and directory */
+#define DEFAULT_CGROUP_FILE_MODE 0644
+
+#define DEFAULT_CGROUP_DIR_MODE 0755
+
#define DEFAULT_SECURE_FILE_MODE 0640
#define DEFAULT_SECURE_DIRECTORY_MODE 0750
diff --git a/src/daemon/common/sysinfo.c b/src/daemon/common/sysinfo.c
index 7559d653..baf53510 100644
--- a/src/daemon/common/sysinfo.c
+++ b/src/daemon/common/sysinfo.c
@@ -27,6 +27,7 @@
#include <isula_libutils/auto_cleanup.h>
#include <isula_libutils/log.h>
+#include "constants.h"
#include "err_msg.h"
#include "utils.h"
#include "utils_array.h"
@@ -73,8 +74,6 @@
#define CGROUP_MOUNTPOINT "/sys/fs/cgroup"
#define CGROUP_ISULAD_PATH CGROUP_MOUNTPOINT"/isulad"
-#define DEFAULT_CGROUP_DIR_MODE 0755
-#define DEFAULT_CGROUP_FILE_MODE 0644
#define CGROUP2_CONTROLLERS_PATH CGROUP_MOUNTPOINT"/cgroup.controllers"
#define CGROUP2_SUBTREE_CONTROLLER_PATH CGROUP_MOUNTPOINT"/cgroup.subtree_control"
#define CGROUP2_CPUSET_CPUS_EFFECTIVE_PATH CGROUP_MOUNTPOINT"/cpuset.cpus.effective"
diff --git a/src/daemon/executor/container_cb/execution.c b/src/daemon/executor/container_cb/execution.c
index 198052d3..c2a0bdb9 100644
--- a/src/daemon/executor/container_cb/execution.c
+++ b/src/daemon/executor/container_cb/execution.c
@@ -46,6 +46,7 @@
#include "isulad_config.h"
#include "sysinfo.h"
#include "container_api.h"
+#include "constants.h"
#include "specs_api.h"
#include "execution_extend.h"
#include "execution_information.h"
@@ -324,7 +325,7 @@ static int maybe_create_cpu_realtime_file(int64_t value, const char *file, const
return 0;
}
- ret = util_mkdir_p(path, CONFIG_DIRECTORY_MODE);
+ ret = util_mkdir_p(path, DEFAULT_CGROUP_DIR_MODE);
if (ret != 0) {
ERROR("Failed to mkdir: %s", path);
return -1;
--
2.25.1

2
0023-use-CURLOPT_XFERINFOFUNCTION-instead-of-deprecated-C.patch → 0041-use-CURLOPT_XFERINFOFUNCTION-instead-of-deprecated-C.patch
View File

@ -1,7 +1,7 @@
From d0b0baa3f2624b6de0ca92c051c154f0cff43f1a Mon Sep 17 00:00:00 2001
From: zhangxiaoyu <zhangxiaoyu58@huawei.com>
Date: Tue, 14 Mar 2023 10:33:38 +0800
Subject: [PATCH] use CURLOPT_XFERINFOFUNCTION instead of deprecated
Subject: [PATCH 41/53] use CURLOPT_XFERINFOFUNCTION instead of deprecated
CURLOPT_PROGRESSFUNCTION since curl 7.32.0
Signed-off-by: zhangxiaoyu <zhangxiaoyu58@huawei.com>

99
0042-bugfix-remote-ro-try-add-or-remove-image-layer-twice.patch Normal file
View File

@ -0,0 +1,99 @@
From a08e511eb6ee1955bb62e774190dfe7a7599fbdd Mon Sep 17 00:00:00 2001
From: "Neil.wrz" <wangrunze13@huawei.com>
Date: Tue, 7 Mar 2023 23:59:56 -0800
Subject: [PATCH 42/53] bugfix remote ro try add or remove image/layer twice
Signed-off-by: Neil.wrz <wangrunze13@huawei.com>
---
.../image/oci/storage/image_store/image_store.c | 14 ++++++++++++++
.../oci/storage/layer_store/layer_remote_impl.c | 2 +-
.../image/oci/storage/layer_store/layer_store.c | 11 +++++++++++
3 files changed, 26 insertions(+), 1 deletion(-)
diff --git a/src/daemon/modules/image/oci/storage/image_store/image_store.c b/src/daemon/modules/image/oci/storage/image_store/image_store.c
index caff3705..84187ded 100644
--- a/src/daemon/modules/image/oci/storage/image_store/image_store.c
+++ b/src/daemon/modules/image/oci/storage/image_store/image_store.c
@@ -3668,6 +3668,11 @@ int append_image_by_directory_with_lock(const char *id)
return -1;
}
+ if (map_search(g_image_store->byid, (void *)id) != NULL ) {
+ DEBUG("remote image already exist, not added: %s", id);
+ goto out;
+ }
+
nret = snprintf(image_path, sizeof(image_path), "%s/%s", g_image_store->dir, id);
if (nret < 0 || (size_t)nret >= sizeof(image_path)) {
ERROR("Failed to get image path");
@@ -3675,6 +3680,8 @@ int append_image_by_directory_with_lock(const char *id)
}
ret = append_image_by_directory(image_path);
+
+out:
image_store_unlock();
return ret;
@@ -3689,7 +3696,14 @@ int remove_image_from_memory_with_lock(const char *id)
return -1;
}
+ if (map_search(g_image_store->byid, (void *)id) == NULL) {
+ DEBUG("remote image already remvoed, don't delete twice: %s", id);
+ goto out;
+ }
+
ret = remove_image_from_memory(id);
+
+out:
image_store_unlock();
return ret;
diff --git a/src/daemon/modules/image/oci/storage/layer_store/layer_remote_impl.c b/src/daemon/modules/image/oci/storage/layer_store/layer_remote_impl.c
index d03fc20b..d676458c 100644
--- a/src/daemon/modules/image/oci/storage/layer_store/layer_remote_impl.c
+++ b/src/daemon/modules/image/oci/storage/layer_store/layer_remote_impl.c
@@ -175,7 +175,7 @@ static int remote_support_add(void *data)
}
if (add_one_remote_layer(data, array_added[i]) != 0) {
- ERROR("Failed to add remote overlay layer: %s", array_added[i]);
+ ERROR("Failed to add remote layer: %s", array_added[i]);
ret = -1;
}
}
diff --git a/src/daemon/modules/image/oci/storage/layer_store/layer_store.c b/src/daemon/modules/image/oci/storage/layer_store/layer_store.c
index c00c3356..e88067bc 100644
--- a/src/daemon/modules/image/oci/storage/layer_store/layer_store.c
+++ b/src/daemon/modules/image/oci/storage/layer_store/layer_store.c
@@ -1852,6 +1852,11 @@ int load_one_layer(const char *id)
return -1;
}
+ if (map_search(g_metadata.by_id, (void *)id) != NULL) {
+ DEBUG("remote layer already exist, not added: %s", id);
+ goto unlock_out;
+ }
+
tl = load_one_layer_from_json(id);
if (tl == NULL) {
ret = -1;
@@ -2482,8 +2487,14 @@ int remove_memory_stores_with_lock(const char *id)
ERROR("Failed to lock layer store when handle: %s", id);
return -1;
}
+ if (map_search(g_metadata.by_id, (void *)id) == NULL) {
+ DEBUG("remote layer already removed, don't delete: %s", id);
+ goto unlock_out;
+ }
ret = remove_memory_stores(id);
+
+unlock_out:
layer_store_unlock();
return ret;
--
2.25.1

34
0043-bugfix-can-t-delete-layers-under-dir-overlay-layers.patch Normal file
View File

@ -0,0 +1,34 @@
From c8702b62fd6016a96794d74abcae2e74551a9c07 Mon Sep 17 00:00:00 2001
From: "Neil.wrz" <wangrunze13@huawei.com>
Date: Tue, 14 Mar 2023 20:32:23 -0700
Subject: [PATCH 43/53] bugfix can't delete layers under dir overlay-layers
Signed-off-by: Neil.wrz <wangrunze13@huawei.com>
---
.../modules/image/oci/storage/layer_store/layer_store.c | 8 ++++++--
1 file changed, 6 insertions(+), 2 deletions(-)
diff --git a/src/daemon/modules/image/oci/storage/layer_store/layer_store.c b/src/daemon/modules/image/oci/storage/layer_store/layer_store.c
index e88067bc..4edd0cad 100644
--- a/src/daemon/modules/image/oci/storage/layer_store/layer_store.c
+++ b/src/daemon/modules/image/oci/storage/layer_store/layer_store.c
@@ -1409,10 +1409,14 @@ static int do_delete_layer(const char *id)
}
#ifdef ENABLE_REMOTE_LAYER_STORE
- if (l->slayer->writable) {
+ if (!g_enable_remote_layer) {
ret = layer_store_remove_layer(l->slayer->id);
} else {
- ret = remote_layer_remove_ro_dir(l->slayer->id);
+ if (l->slayer->writable) {
+ ret = layer_store_remove_layer(l->slayer->id);
+ } else {
+ ret = remote_layer_remove_ro_dir(l->slayer->id);
+ }
}
#else
ret = layer_store_remove_layer(l->slayer->id);
--
2.25.1

396
0044-doc-add-document-about-support-remote-ro-directory.patch Normal file
View File

@ -0,0 +1,396 @@
From 6911c68b96f3a0fc35b40e5c387da51cd84e5461 Mon Sep 17 00:00:00 2001
From: "Neil.wrz" <wangrunze13@huawei.com>
Date: Mon, 13 Feb 2023 03:34:31 -0800
Subject: [PATCH 44/53] doc: add document about support remote ro directory
---
docs/design/README.md | 4 +-
docs/design/README_zh.md | 6 +-
.../design/detailed/Image/remote_ro_design.md | 333 ++++++++++++++++++
3 files changed, 340 insertions(+), 3 deletions(-)
create mode 100644 docs/design/detailed/Image/remote_ro_design.md
diff --git a/docs/design/README.md b/docs/design/README.md
index a9d357b4..cf29c0a1 100644
--- a/docs/design/README.md
+++ b/docs/design/README.md
@@ -34,6 +34,8 @@ This section contains some design documents for users who want to learn more abo
- You can see how the isula search are designed in [image_search_design](./detailed/Image/image_search_design_zh.md)
+- You can see how the remote ro are designed in [remote_ro_design](./detailed/Image/remote_ro_design.md)
+
## Network
- You can see how the cni operator modules are designed in [cni_operator_design](./detailed/Network/cni_operator_design.md).
@@ -54,4 +56,4 @@ This section contains some design documents for users who want to learn more abo
## Volume
-- You can see how the local volume modules are designed in [local_volume_design](./detailed/Volume/local_volume_design.md).
\ No newline at end of file
+- You can see how the local volume modules are designed in [local_volume_design](./detailed/Volume/local_volume_design.md).
diff --git a/docs/design/README_zh.md b/docs/design/README_zh.md
index f51930e4..1f1c94b5 100644
--- a/docs/design/README_zh.md
+++ b/docs/design/README_zh.md
@@ -32,7 +32,9 @@
- 查看 registry 模块的设计文档: [registry_degisn](./detailed/Image/registry_degisn_zh.md) 。
-- 查看 isula search 的设计文档:[image_search_design](./detailed/Image/image_search_design_zh.md)
+- 查看 isula search 的设计文档:[image_search_design](./detailed/Image/image_search_design_zh.md) 。
+
+- 查看 ro目录分离的设计文档 [remote_ro_design](./detailed/Image/remote_ro_design.md) 。
## Network
@@ -54,4 +56,4 @@
## Volume
-- 查看 local volume 模块的设计文档: [local_volume_design](./detailed/Volume/local_volume_design_zh.md).
\ No newline at end of file
+- 查看 local volume 模块的设计文档: [local_volume_design](./detailed/Volume/local_volume_design_zh.md).
diff --git a/docs/design/detailed/Image/remote_ro_design.md b/docs/design/detailed/Image/remote_ro_design.md
new file mode 100644
index 00000000..fee33835
--- /dev/null
+++ b/docs/design/detailed/Image/remote_ro_design.md
@@ -0,0 +1,333 @@
+| Author | 王润泽 |
+| ------ | ---------------------- |
+| Date | 2023-2-13 |
+| Email | wangrunze13@huawei.com |
+
+# 1. 方案目标
+目标有两个:
+1. 把isulad当前的layer store里的RO层分离出来把RW layer和RO layer分开到不同到目录存储。
+2. isulad在运行时如果在相关目录里恢复了正确的镜像数据(image和layer数据), 可实现不重启isulad, 直接使用新恢复的镜像。如果移除当前没有容器正在使用的镜像数据可实现不重启isuladisulad更新当前管理的镜像列表去除该镜像。只考虑完全正确的新增和删除。
+
+
+## 1.1 用法说明
+通过源码编译打开编译选项来开启功能cmake添加`cmake -DENABLE_REMOTE_LAYER_STORE=ON ..`, 然后`make -j`即可。启动iSulad之前还需要在配置文件`/etc/isulad/daemon.json`里面添加`"storage-enable-remote-layer": true`来打开开关。
+
+# 2. 总体设计
+
+*Modules Dependencies*
+```
+=> New Added Module:
+
+ +===================================+
+ | Remote Supporter Module |
+ +===================================+
+ | |
+ | +-------------------------+ |
+ | | maintainer submod | |
+ | +-------------------------+ |
+ | | global data initer | |
+ | | symbol link maintainer | |
+ | | global data getter | |
+ | +-------------------------+ |
+ | |
+ | +-------------------------+ |
+ | | Supporter submod | |
+ | +-------------------------+ |
+ | | supporter interface | |
+ | | overlay supporter impl | |
+ | | layer supporter impl | |
+ | | image supporter impl | |
+ | | remote refresh thread | |
+ | +-------------------------+ |
+ +-----------------------------------+
+
+
+=> Modified Modules:
+
+ +===================================+
+ | Storage Module |
+ +===================================+
+ | |
+ | +-------------------------+ |
+ | | Image Store submod | |
+ | | Added Functions | |
+ | +-------------------------+ |
+ | | add image in memory | |
+ | | delete image in memory | |
+ | | get image top layer | |
+ | | valid image manifest | |
+ | +-------------------------+ |
+ | |
+ | +-------------------------+ |
+ | | Layer Store submod | |
+ | | Added Functions | |
+ | +-------------------------+ |
+ | | add layer in memory | |
+ | | delete layer in memory | |
+ | +-------------------------+ |
+ | |
+ | +-------------------------+ |
+ | | Driver Overlay submod | |
+ | | Added Functions | |
+ | +-------------------------+ |
+ | | - | |
+ | +-------------------------+ |
+ +-----------------------------------+
+
+
+=> Modules Dependencies:
+
+ +-------------------------+ +---------------+
+ | Supporter submod | | Image Store |
+ +-------------------------+ +----▶| submod ---------+
+ | supporter interface | | +---------------+ |
+ | overlay supporter impl -----+ |
+ | layer supporter impl -----+ |
++----------------+ | image supporter impl | | +----------------+ |
+| storage module |-------▶| remote refresh thread | +----▶| Layer Store | | init +-----------------------+
++----------------+ +-------------------------+ | submod --------+--------▶| maintainer submod |
+ | +----------------+ | +-----------------------+
+ | | ▲
+ | | |
+ | +----------------+ | |
+ | | Layer Store | | |
+ | | submod --------+ |
+ | +----------------+ |
+ | |
+ +------------------------------------------------------------------------+
+ get global data
+```
+
+
+总体来说有两部分的功能:
+- iSulad原有的image storage适配分离的RO目录结构*分离的RO目录*可用于远程挂载
+- iSulad实例同步内存数据镜像数据和layer数据*定期更新*,不通过`isula pull` 和 `isula rmi` 等命令,直接通过分离目录里面的数据来更新镜像数据。
+
+*分离RO目录*
+修改前后storage目录结构对比
+
+```
+old:
+overlay-layer
+├── b703587
+│ └── layer.json
+└── b64792c
+ └── layer.json
+ └── b64792.tar.gz
+
+new:
+overlay-layer
+├── b64792c -> ../RO/b64792c
+├── b703587
+│ └── layer.json
+└── RO
+ └── b64792c
+ └── layer.json
+ └── b64792.tar.gz
+```
+
+以overlay-layers目录为例创建新layer时如果是只读层就把层数据放到RO目录下在RO上层目录创建软连接指向真实数据。删除layer时需要额外删除软连接。
+
+
+*定期更新*
+定期更新通过启动一个线程周期扫描`overlay`, `overlay-layers`, `overlay-image`这三个目录通过比较当前时刻与上一时刻的目录差异来获取镜像和层的删减情况进而同步isulad的storage内存数据和维护软链接。
+
+```
++---------------------+ +---------------------+ +---------------------+ +-----------------------+
+| refresh thread loop | | overlay remote impl | | layer remote impl | | image remote impl |
++---------------------+ +---------------------+ +---------------------+ +-----------------------+
+ | | | |
+ | refresh start | | |
+ |-----------------------------▶| | |
+ | | overlay dir scan | |
+ | | | |
+ | | to added layers | |
+ | | memory and symlink add | |
+ | | to deleted layers | |
+ | | memory and symlink del | |
+ | | valid overlay layers | |
+ | |---------------------------------▶| |
+ | | next scan | |
+ | | | |
+ | | | |
+ | | | |
+ | | | overlay-layers dir scan |
+ | | check overlay layer ready | |
+ | |◀---------------------------------| to added layers |
+ | |---------------------------------▶| filter invalid layers |
+ | | result | memory and symlink add |
+ | | | to deleted layers |
+ | | | memory and symlink del |
+ | | | valid overlay layers |
+ | | |---------------------------------▶|
+ | | | next scan |
+ | | | |
+ | | | |
+ | | | |
+ | | | | overlay-image dir scan
+ | | | check layers ready |
+ | | |◀---------------------------------| to added images
+ | | |---------------------------------▶| filter invalid images
+ | | | result | memory add images
+ | | | | to deleted images
+ | | | | memory del images
+ | | | |
+ |◀---------------------------------------------------------------------------------------------------|
+ | refresh end | | |
+ | | | |
++---------------------+ +---------------------+ +---------------------+ +-----------------------+
+| refresh thread loop | | image remote module | | layer remote module | | overlay remote module |
++---------------------+ +---------------------+ +---------------------+ +-----------------------+
+
+```
+
+# 3. 接口描述
+
+```c
+// 初始化remote模块里的layer data
+int remote_layer_init(const char *root_dir);
+
+// 初始化remote模块里的overlay data
+int remote_overlay_init(const char *driver_home);
+
+// 清理remote模块的资源
+void remote_maintain_cleanup();
+
+// 启动 定期更新的thread
+int start_refresh_thread(void);
+
+// 创建新layer目录
+int remote_layer_build_ro_dir(const char *id);
+
+// 创建新overlay目录
+int remote_overlay_build_ro_dir(const char *id);
+
+// 删除layer目录
+int remote_layer_remove_ro_dir(const char *id);
+
+// 删除overlay目录
+int remote_overlay_remove_ro_dir(const char *id);
+```
+
+# 4. 详细设计
+分离RO目录的关键在于适配原来的代码逻辑原先的代码在操作镜像和层的时候不管是RO层还是RW层从创建到删除都是在当前目录下进行的这就是我们额外创建一个软连接的作用:
+- RO目录的作用是为了支持远程挂载
+- 软连接的作用是模拟原来的目录结构
+
+这样以来image module的逻辑几乎不需要改动除了以下几点需要注意
+- 创建和删除的时候需要处理一个额外的资源:软连接,之前只需要关注目录即可,现在如果创建的是只读层,就需要额外创建软连接,如果删除的是只读层,就需要额外删除软连接
+- 以`overlay-layers`目录为例isulad启动时会以正则规则扫描当前目录下的子目录是否合法所以需要屏蔽`RO`目录
+
+定时刷新的逻辑如下:
+以`overlay-image`目录的刷新为例,通过维护两个集合`new` 和 `old`, 这两个集合初始都为空通过扫描目录里面所有的子目录把合法的image id 加入`new`集合, 通过计算两个集合的差, 在集合`new`里面存在而在集合`old`里面不存在的id则为新增加的镜像 在集合`old`里面存在而在集合`new`里面不存在的id则为删除的镜像。处理新增加的镜像还需要额外的一个判断就是判断镜像的层数据是否已经加载如果没加载则该镜像本轮不加载。`overlay-layers` 和 `overlay` 目录的处理逻辑类似。
+
+
+*可能的使用场景*
+一个可能的使用场景就是通过远程文件共享(nfs)让多台启动的isulad实例共享某些只读的数据具体来说在两个host A和B上都启动了iSulad, 如果A pull或者load了镜像busybox, 那么B上的isulad同样可以使用这个镜像。
+
+```
+operations:
+
++--------------------+ +--------------------+ +--------------------+
+| isula pull busybox | | without pull | | without pull |
+| isula pull nginx | | isula run busybox | | isula run ngxinx |
+| isula pull ... | | isula run ... | | isula run centos |
++--------------------+ +--------------------+ +--------------------+
+ | | |
+ ▼ ▼ ▼
++======================+ +======================+ +======================+
+| isulad on Host A | | isulad on Host B | | isulad on Host C |
++======================+ +======================+ +======================+
+| image store module | | image store module | | image store module |
++----------------------+ +----------------------+ +----------------------+
+| refresh thread off | | refresh thread on | | refresh thread on |
++----------------------+ +----------------------+ +----------------------+
+| local rw | remote ro | | local rw | remote ro | | local rw | remote ro |
++----------------------+ +----------------------+ +----------------------+
+ | | |
+ | enable nfs | mounted on | mounted on
+ ▼ ▼ ▼
+ +=====================================================================+
+ | nfs directory over network |
+ +=====================================================================+
+ | image store |
+ +---------------------------------------------------------------------+
+ | image | image | image | image | image |
+ | busybox | nginx | my-app | ubuntu | centos |
+ | 4MB | 100MB | 1.2GB | 5MB | 6MB |
+ +---------------------------------------------------------------------+
+ | layers store |
+ +---------------------------------------------------------------------+
+ | layer | layer | layer |
+ | 05c361054 | 8a9d75caad | 789d605ac |
+ +---------------------------------------------------------------------+
+```
+
+*同步问题*
+共享资源并发使用发生竞争的条件是:`two process access the same resource concurrently and at least one of the access is a writer`。这里的共享资源有:
+
+```
++============================+ +=====================================+
+| Sharing Resource | | Storage |
++============================+ +=====================================+
+| read-only overlay layers | mounted | /var/lib/isulad/overlay/RO |
++----------------------------+ ======▶ +-------------------------------------+
+| reald-only layers metadata | shared | /var/lib/isulad/overlay-layers/RO |
++----------------------------+ +-------------------------------------+
+| reald-only images | | /var/lib/isulad/overlay-images |
++----------------------------+ +-------------------------------------+
+
+```
+而分布在不同host上的isulad进程通过网络共享这些资源如果不考虑新增删除的情况不会出现资源竞争所有的节点都是reader。
+
+对于主节点pull镜像其他节点使用镜像的情况主节点是writer其他节点是reader。这时候可能出现的问题是主节点pull镜像的流程没有完全结束但是其他节点开始使用这个不完整的镜像。对于这个问题的解决方案是通过扫描image目录来新增镜像通过这种方式能确保一定该新增镜像的信息完整。
+
+```
++---------------------+ +--------------------+ +-----------------------+ +-----------------------+
+| registry | | image module | | layer store module | | driver overlay module |
++---------------------+ +--------------------+ +-----------------------+ +-----------------------+
+ | | | |
+ | | | |
+ | registry_pull | | |
+ | fetch_manifest | | |
+ | check reuse and fetch | | |
+ | +----------------+ | | |
+ | | register_layer | | | |
+ | +----------------+ | | |
+ |-----------------------------------------------------------------▶| |
+ | | | layer_store_create |
+ | | |--------------------------------▶|
+ | | | | driver_create_layer
+ | | | | +--------------------+
+ | | | | | setup overlay dir |
+ | | | | +--------------------+
+ | | | | driver_create_layer done
+ | | |◀--------------------------------|
+ | | | +------------+ |
+ | | | | save layer | |
+ | | | +------------+ |
+ | | | layer create done |
+ |◀-----------------------------------------------------------------| |
+ | all layer setup | | |
+ | +----------------+ | | |
+ | | register image | | | |
+ | +----------------+ | | |
+ |-------------------------------▶| | |
+ | | storage_img_create | |
+ | | set img top layer | |
+ | | img create | |
+ | | +------------+ | |
+ | | | save image | | |
+ | | +------------+ | |
+ | | create image done | |
+ |◀-------------------------------| | |
+ | pull img done | | |
+ | | | |
+ | | | |
++---------------------+ +--------------------+ +-----------------------+ +-----------------------+
+| registry | | image module | | layer store module | | driver overlay module |
++---------------------+ +--------------------+ +-----------------------+ +-----------------------+
+
+```
+
+至于主节点删除镜像的情况主节点是writer其他节点是reader可能出现的情况是其他节点还有容器在使用镜像的时候镜像被删除但是根据需求场景暂不处理这种情况。其他的处理与新增镜像相同依然以image dir作为入口扫描发现删除的镜像。删除时需要关注layer和overlay目录下的软链接。
--
2.25.1

34
0045-Refine-a-minor-log-message.patch Normal file
View File

@ -0,0 +1,34 @@
From 9b7e37018612f7443a0f8f966106995da31cc292 Mon Sep 17 00:00:00 2001
From: sailorvii <chenw66@chinaunicom.cn>
Date: Fri, 17 Mar 2023 06:34:37 +0000
Subject: [PATCH 45/53] Refine a minor log message.
---
src/daemon/modules/network/native/adaptor_native.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/src/daemon/modules/network/native/adaptor_native.c b/src/daemon/modules/network/native/adaptor_native.c
index 02ff3642..8bc386d1 100644
--- a/src/daemon/modules/network/native/adaptor_native.c
+++ b/src/daemon/modules/network/native/adaptor_native.c
@@ -1764,8 +1764,7 @@ bool has_connected_container(native_network *network)
message[pos - 1] = '\0';
}
- ERROR("network %s has connected containers [ %s ]", network->conflist->list->name, message);
- isulad_set_error_message("network %s has connected containers [ %s ]", network->conflist->list->name, message);
+ INFO("network %s has connected containers [ %s ]", network->conflist->list->name, message);
out:
native_network_unlock(network);
@@ -1923,6 +1922,7 @@ int native_config_remove(const char *name, char **res_name)
}
if (has_connected_container(network)) {
+ isulad_set_error_message("network %s has connected containers", network->conflist->list->name);
ret = -1;
goto out;
}
--
2.25.1

44
0046-modify-the-return-value-of-the-util_waitpid_with_tim.patch Normal file
View File

@ -0,0 +1,44 @@
From ea8962c6ee3ed05cfabe84c58c47cf56e3388242 Mon Sep 17 00:00:00 2001
From: zhongtao <zhongtao17@huawei.com>
Date: Mon, 20 Mar 2023 14:17:00 +0800
Subject: [PATCH 46/53] modify the return value of the
util_waitpid_with_timeout to status
Signed-off-by: zhongtao <zhongtao17@huawei.com>
---
src/utils/cutils/utils.c | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/src/utils/cutils/utils.c b/src/utils/cutils/utils.c
index 983d81d8..3500d8f8 100644
--- a/src/utils/cutils/utils.c
+++ b/src/utils/cutils/utils.c
@@ -319,6 +319,7 @@ rep:
int util_waitpid_with_timeout(pid_t pid, const int64_t timeout, handle_timeout_callback_t cb)
{
int nret = 0;
+ int st;
time_t start_time = time(NULL);
time_t end_time;
double interval;
@@ -328,7 +329,7 @@ int util_waitpid_with_timeout(pid_t pid, const int64_t timeout, handle_timeout_c
}
for (;;) {
- nret = waitpid(pid, NULL, WNOHANG);
+ nret = waitpid(pid, &st, WNOHANG);
if (nret == pid) {
break;
}
@@ -347,7 +348,7 @@ int util_waitpid_with_timeout(pid_t pid, const int64_t timeout, handle_timeout_c
// sleep some time instead to avoid cpu full running and then retry.
usleep(100);
}
- return 0;
+ return st;
}
int util_wait_for_pid_status(pid_t pid)
--
2.25.1

74
0047-fix-util_getgrent_r-overflow.patch Normal file
View File

File diff suppressed because one or more lines are too long

188
0048-add-ut-for-runc.patch Normal file
View File

@ -0,0 +1,188 @@
From c20a580a7d8c6a8a16273513c6d11edd827b90b0 Mon Sep 17 00:00:00 2001
From: zhongtao <zhongtao17@huawei.com>
Date: Thu, 23 Feb 2023 14:39:23 +0800
Subject: [PATCH 48/53] add ut for runc
Signed-off-by: zhongtao <zhongtao17@huawei.com>
---
.../modules/runtime/isula/isula_rt_ops.c | 5 ++
test/cutils/utils_utils/CMakeLists.txt | 2 +
test/cutils/utils_utils/utils_utils_ut.cc | 61 +++++++++++++++++++
test/runtime/isula/isula_rt_ops_ut.cc | 56 +++++++++++++++++
4 files changed, 124 insertions(+)
diff --git a/src/daemon/modules/runtime/isula/isula_rt_ops.c b/src/daemon/modules/runtime/isula/isula_rt_ops.c
index 5ec0e639..fe0f227c 100644
--- a/src/daemon/modules/runtime/isula/isula_rt_ops.c
+++ b/src/daemon/modules/runtime/isula/isula_rt_ops.c
@@ -1553,6 +1553,11 @@ out:
int rt_isula_kill(const char *id, const char *runtime, const rt_kill_params_t *params)
{
+ if (id == NULL || runtime == NULL || params == NULL || params->pid < 0) {
+ ERROR("Invalid arguments not allowed");
+ return -1;
+ }
+
if (util_process_alive(params->pid, params->start_time) == false) {
if (params->signal == params->stop_signal || params->signal == SIGKILL) {
WARN("Process %d is not alive", params->pid);
diff --git a/test/cutils/utils_utils/CMakeLists.txt b/test/cutils/utils_utils/CMakeLists.txt
index 99a83e7a..6d276390 100644
--- a/test/cutils/utils_utils/CMakeLists.txt
+++ b/test/cutils/utils_utils/CMakeLists.txt
@@ -12,6 +12,8 @@ target_include_directories(${EXE} PUBLIC
${CMAKE_CURRENT_SOURCE_DIR}/../../../src/utils/cutils/map
${CMAKE_CURRENT_SOURCE_DIR}/../../../src/utils/cutils
)
+
+set_target_properties(${EXE} PROPERTIES LINK_FLAGS "-Wl,--wrap,waitpid")
target_link_libraries(${EXE} ${GTEST_BOTH_LIBRARIES} ${CMAKE_THREAD_LIBS_INIT} ${ISULA_LIBUTILS_LIBRARY} libutils_ut -lcrypto -lyajl -lz)
add_test(NAME ${EXE} COMMAND ${EXE} --gtest_output=xml:${EXE}-Results.xml)
set_tests_properties(${EXE} PROPERTIES TIMEOUT 120)
diff --git a/test/cutils/utils_utils/utils_utils_ut.cc b/test/cutils/utils_utils/utils_utils_ut.cc
index 5308351a..18f0a506 100644
--- a/test/cutils/utils_utils/utils_utils_ut.cc
+++ b/test/cutils/utils_utils/utils_utils_ut.cc
@@ -15,6 +15,44 @@
#include <gtest/gtest.h>
#include "utils.h"
+#include "mock.h"
+
+static pid_t test_pid = -1;
+
+extern "C" {
+ DECLARE_WRAPPER_V(waitpid, pid_t, (__pid_t pid, int *stat_loc, int options));
+ DEFINE_WRAPPER_V(waitpid, pid_t, (__pid_t pid, int *stat_loc, int options),(pid, stat_loc, options));
+}
+
+static pid_t waitpid_none_zero(__pid_t pid, int *stat_loc, int options)
+{
+ *stat_loc = 256;
+ return test_pid;
+}
+
+static pid_t waitpid_zero(__pid_t pid, int *stat_loc, int options)
+{
+ *stat_loc = 0;
+ return test_pid;
+}
+
+#define ExitSignalOffset 128
+static int status_to_exit_code(int status)
+{
+ int exit_code = 0;
+
+ if (WIFEXITED(status)) {
+ exit_code = WEXITSTATUS(status);
+ } else {
+ exit_code = -1;
+ }
+ if (WIFSIGNALED(status)) {
+ int signal;
+ signal = WTERMSIG(status);
+ exit_code = ExitSignalOffset + signal;
+ }
+ return exit_code;
+}
TEST(utils_utils, test_util_mem_realloc)
{
@@ -284,4 +322,27 @@ TEST(utils_utils, test_do_retry_call)
DO_RETRY_CALL(10, 100, nret, retry_call_test, 11);
ASSERT_EQ(global_total, 10);
ASSERT_EQ(nret, -1);
+}
+
+TEST(utils_utils, test_util_waitpid_with_timeout)
+{
+ int64_t timeout = 2;
+ pid_t pid = getpid();
+ int status = 0;
+
+ test_pid = pid;
+ MOCK_SET_V(waitpid, waitpid_none_zero);
+ status = util_waitpid_with_timeout(test_pid, timeout, nullptr);
+ ASSERT_EQ(status, 256);
+ ASSERT_EQ(status_to_exit_code(status), 1);
+ MOCK_CLEAR(waitpid);
+
+ MOCK_SET_V(waitpid, waitpid_zero);
+ status = util_waitpid_with_timeout(test_pid, timeout, nullptr);
+ ASSERT_EQ(status, 0);
+ ASSERT_EQ(status_to_exit_code(status), 0);
+ MOCK_CLEAR(waitpid);
+
+ ASSERT_EQ(util_waitpid_with_timeout(pid, timeout, nullptr), -1);
+
}
\ No newline at end of file
diff --git a/test/runtime/isula/isula_rt_ops_ut.cc b/test/runtime/isula/isula_rt_ops_ut.cc
index 03c213a5..f37e62a0 100644
--- a/test/runtime/isula/isula_rt_ops_ut.cc
+++ b/test/runtime/isula/isula_rt_ops_ut.cc
@@ -163,3 +163,59 @@ TEST_F(IsulaRtOpsUnitTest, test_rt_isula_exec_resize)
close(fd);
ASSERT_EQ(system(rm_path.c_str()), 0);
}
+
+TEST_F(IsulaRtOpsUnitTest, test_rt_isula_update)
+{
+ rt_update_params_t params = {};
+ ASSERT_EQ(rt_isula_update(nullptr, nullptr, nullptr), -1);
+
+ ASSERT_EQ(rt_isula_update("123", nullptr, nullptr), -1);
+ ASSERT_EQ(rt_isula_update("123", "runtime", nullptr), -1);
+ ASSERT_EQ(rt_isula_update("123", "runtime", &params), -1);
+}
+
+TEST_F(IsulaRtOpsUnitTest, test_rt_isula_pause)
+{
+ rt_pause_params_t params = {};
+ ASSERT_EQ(rt_isula_pause(nullptr, nullptr, nullptr), -1);
+
+ ASSERT_EQ(rt_isula_pause("123", nullptr, nullptr), -1);
+ ASSERT_EQ(rt_isula_pause("123", "runtime", nullptr), -1);
+ ASSERT_EQ(rt_isula_pause("123", "runtime", &params), -1);
+}
+
+TEST_F(IsulaRtOpsUnitTest, test_rt_isula_resume)
+{
+ rt_resume_params_t params = {};
+ ASSERT_EQ(rt_isula_resume(nullptr, nullptr, nullptr), -1);
+
+ ASSERT_EQ(rt_isula_resume("123", nullptr, nullptr), -1);
+ ASSERT_EQ(rt_isula_resume("123", "runtime", nullptr), -1);
+ ASSERT_EQ(rt_isula_resume("123", "runtime", &params), -1);
+}
+
+TEST_F(IsulaRtOpsUnitTest, test_rt_isula_resources_stats)
+{
+ rt_stats_params_t params = {};
+ struct runtime_container_resources_stats_info stats = {};
+
+ ASSERT_EQ(rt_isula_resources_stats(nullptr, nullptr, nullptr, nullptr), -1);
+
+ ASSERT_EQ(rt_isula_resources_stats("123", nullptr, nullptr, nullptr), -1);
+ ASSERT_EQ(rt_isula_resources_stats("123", "runtime", nullptr, nullptr), -1);
+ ASSERT_EQ(rt_isula_resources_stats("123", "runtime", &params, nullptr), -1);
+ params.state = "/var/run/isulad/runtime";
+ ASSERT_EQ(rt_isula_resources_stats("123", "runtime", &params, &stats), -1);
+}
+
+TEST_F(IsulaRtOpsUnitTest, test_rt_isula_kill)
+{
+ rt_kill_params_t kill_params = {
+ .pid = -1,
+ };
+ ASSERT_EQ(rt_isula_kill(nullptr, nullptr, nullptr), -1);
+
+ ASSERT_EQ(rt_isula_kill("123", nullptr, nullptr), -1);
+ ASSERT_EQ(rt_isula_kill("123", "runtime", nullptr), -1);
+ ASSERT_EQ(rt_isula_kill("123", "runtime", &kill_params), -1);
+}
\ No newline at end of file
--
2.25.1

506
0049-add-runc-doc.patch Normal file
View File

File diff suppressed because one or more lines are too long

28
0050-fix-isula_rt_ops_ut-bugs.patch Normal file
View File

@ -0,0 +1,28 @@
From e2382f841c7bc3215793fdd8ce29132871281810 Mon Sep 17 00:00:00 2001
From: zhongtao <zhongtao17@huawei.com>
Date: Wed, 22 Mar 2023 08:02:51 +0800
Subject: [PATCH 50/53] fix isula_rt_ops_ut bugs
Signed-off-by: zhongtao <zhongtao17@huawei.com>
---
test/runtime/isula/isula_rt_ops_ut.cc | 3 +++
1 file changed, 3 insertions(+)
diff --git a/test/runtime/isula/isula_rt_ops_ut.cc b/test/runtime/isula/isula_rt_ops_ut.cc
index f37e62a0..9e014ac3 100644
--- a/test/runtime/isula/isula_rt_ops_ut.cc
+++ b/test/runtime/isula/isula_rt_ops_ut.cc
@@ -211,7 +211,10 @@ TEST_F(IsulaRtOpsUnitTest, test_rt_isula_resources_stats)
TEST_F(IsulaRtOpsUnitTest, test_rt_isula_kill)
{
rt_kill_params_t kill_params = {
+ .signal = SIGTERM,
+ .stop_signal = SIGKILL,
.pid = -1,
+ .start_time = 12345,
};
ASSERT_EQ(rt_isula_kill(nullptr, nullptr, nullptr), -1);
--
2.25.1

2089
0051-refactor-remote-ro-code.patch Normal file
View File

File diff suppressed because it is too large Load Diff

1666
0052-add-ci-for-runc.patch Normal file
View File

File diff suppressed because it is too large Load Diff

319
0053-bugfix-when-refresh-can-t-load-or-pull-images.patch Normal file
View File

@ -0,0 +1,319 @@
From 9d6df0b3065867d5ca1a597bedb10eab5a1c9235 Mon Sep 17 00:00:00 2001
From: "Neil.wrz" <wangrunze13@huawei.com>
Date: Mon, 20 Mar 2023 23:47:25 -0700
Subject: [PATCH 53/53] bugfix when refresh can't load or pull images
Signed-off-by: Neil.wrz <wangrunze13@huawei.com>
---
src/daemon/modules/image/oci/oci_image.c | 105 +++++++++++++++++-
.../remote_layer_support/remote_support.c | 34 +++++-
.../remote_layer_support/remote_support.h | 4 +-
.../modules/image/oci/storage/storage.c | 2 +-
.../modules/image/oci/storage/storage.h | 2 +
5 files changed, 143 insertions(+), 4 deletions(-)
diff --git a/src/daemon/modules/image/oci/oci_image.c b/src/daemon/modules/image/oci/oci_image.c
index fa92a861..40e9a88f 100644
--- a/src/daemon/modules/image/oci/oci_image.c
+++ b/src/daemon/modules/image/oci/oci_image.c
@@ -44,6 +44,39 @@
struct oci_image_module_data g_oci_image_module_data = { 0 };
+#ifdef ENABLE_REMOTE_LAYER_STORE
+// intend to make remote refresh and oci ops exlusive
+static bool g_enable_remote;
+static pthread_rwlock_t g_remote_lock = PTHREAD_RWLOCK_INITIALIZER;
+
+static inline bool oci_remote_lock(pthread_rwlock_t *remote_lock, bool writable)
+{
+ int nret = 0;
+
+ if (writable) {
+ nret = pthread_rwlock_wrlock(remote_lock);
+ } else {
+ nret = pthread_rwlock_rdlock(remote_lock);
+ }
+ if (nret != 0) {
+ ERROR("Lock memory store failed: %s", strerror(nret));
+ return false;
+ }
+
+ return true;
+}
+
+static inline void oci_remote_unlock(pthread_rwlock_t *remote_lock)
+{
+ int nret = 0;
+
+ nret = pthread_rwlock_unlock(remote_lock);
+ if (nret != 0) {
+ FATAL("Unlock memory store failed: %s", strerror(nret));
+ }
+}
+#endif
+
static void free_oci_image_data(void)
{
free(g_oci_image_module_data.root_dir);
@@ -220,6 +253,7 @@ static int storage_module_init_helper(const isulad_daemon_configs *args)
#ifdef ENABLE_REMOTE_LAYER_STORE
storage_opts->enable_remote_layer = args->storage_enable_remote_layer;
+ storage_opts->remote_lock = &g_remote_lock;
#endif
if (util_dup_array_of_strings((const char **)args->storage_opts, args->storage_opts_len, &storage_opts->driver_opts,
@@ -303,6 +337,10 @@ int oci_init(const isulad_daemon_configs *args)
goto out;
}
+#ifdef ENABLE_REMOTE_LAYER_STORE
+ g_enable_remote = args->storage_enable_remote_layer;
+#endif
+
if (storage_module_init_helper(args) != 0) {
ret = -1;
goto out;
@@ -321,6 +359,7 @@ void oci_exit()
int oci_pull_rf(const im_pull_request *request, im_pull_response *response)
{
+ int ret = 0;
if (request == NULL || request->image == NULL || response == NULL) {
ERROR("Invalid NULL param");
return -1;
@@ -331,8 +370,24 @@ int oci_pull_rf(const im_pull_request *request, im_pull_response *response)
isulad_try_set_error_message("Invalid image name: %s", request->image);
return -1;
}
+#ifdef ENABLE_REMOTE_LAYER_STORE
+ // read lock here because pull have exclusive access against remote refresh
+ // pull can work concurrently with other oci operations.
+ if (g_enable_remote && !oci_remote_lock(&g_remote_lock, false)) {
+ ERROR("Failed to lock oci remote lock when load image");
+ return -1;
+ }
+#endif
+
+ ret = oci_do_pull_image(request, response);
+
+#ifdef ENABLE_REMOTE_LAYER_STORE
+ if (g_enable_remote) {
+ oci_remote_unlock(&g_remote_lock);
+ }
+#endif
- return oci_do_pull_image(request, response);
+ return ret;
}
int oci_prepare_rf(const im_prepare_request *request, char **real_rootfs)
@@ -441,6 +496,15 @@ int oci_rmi(const im_rmi_request *request)
return -1;
}
+#ifdef ENABLE_REMOTE_LAYER_STORE
+ // read lock here because load have exclusive access against remote refresh
+ // load can work concurrently with other oci operations.
+ if (g_enable_remote && !oci_remote_lock(&g_remote_lock, false)) {
+ ERROR("Failed to lock oci remote lock when load image");
+ return -1;
+ }
+#endif
+
if (!util_valid_image_name(request->image.image)) {
ERROR("Invalid image name: %s", request->image.image);
isulad_try_set_error_message("Invalid image name: %s", request->image.image);
@@ -502,6 +566,11 @@ int oci_rmi(const im_rmi_request *request)
}
out:
+#ifdef ENABLE_REMOTE_LAYER_STORE
+ if (g_enable_remote) {
+ oci_remote_unlock(&g_remote_lock);
+ }
+#endif
free(real_image_name);
free(image_ID);
util_free_array_by_len(image_names, image_names_len);
@@ -527,7 +596,24 @@ int oci_import(const im_import_request *request, char **id)
goto err_out;
}
+#ifdef ENABLE_REMOTE_LAYER_STORE
+ // read lock here because import have exclusive access against remote refresh
+ // import can work concurrently with other oci operations.
+ if (g_enable_remote && !oci_remote_lock(&g_remote_lock, false)) {
+ ERROR("Failed to lock oci remote lock when load image");
+ ret = -1;
+ goto err_out;
+ }
+#endif
+
ret = oci_do_import(request->file, dest_name, id);
+
+#ifdef ENABLE_REMOTE_LAYER_STORE
+ if (g_enable_remote) {
+ oci_remote_unlock(&g_remote_lock);
+ }
+#endif
+
if (ret != 0) {
goto err_out;
}
@@ -677,7 +763,24 @@ int oci_load_image(const im_load_request *request)
goto out;
}
+#ifdef ENABLE_REMOTE_LAYER_STORE
+ // read lock here because load have exclusive access against remote refresh
+ // load can work concurrently with other oci operations.
+ if (g_enable_remote && !oci_remote_lock(&g_remote_lock, false)) {
+ ERROR("Failed to lock oci remote lock when load image");
+ ret = -1;
+ goto out;
+ }
+#endif
+
ret = oci_do_load(request);
+
+#ifdef ENABLE_REMOTE_LAYER_STORE
+ if (g_enable_remote) {
+ oci_remote_unlock(&g_remote_lock);
+ }
+#endif
+
if (ret != 0) {
ERROR("Failed to load image");
goto out;
diff --git a/src/daemon/modules/image/oci/storage/remote_layer_support/remote_support.c b/src/daemon/modules/image/oci/storage/remote_layer_support/remote_support.c
index 3c7d0f54..7d457755 100644
--- a/src/daemon/modules/image/oci/storage/remote_layer_support/remote_support.c
+++ b/src/daemon/modules/image/oci/storage/remote_layer_support/remote_support.c
@@ -24,10 +24,38 @@ struct supporters {
struct remote_image_data *image_data;
struct remote_layer_data *layer_data;
struct remote_overlay_data *overlay_data;
+ pthread_rwlock_t *remote_lock;
};
static struct supporters supporters;
+static inline bool remote_refresh_lock(pthread_rwlock_t *remote_lock, bool writable)
+{
+ int nret = 0;
+
+ if (writable) {
+ nret = pthread_rwlock_wrlock(remote_lock);
+ } else {
+ nret = pthread_rwlock_rdlock(remote_lock);
+ }
+ if (nret != 0) {
+ ERROR("Lock memory store failed: %s", strerror(nret));
+ return false;
+ }
+
+ return true;
+}
+
+static inline void remote_refresh_unlock(pthread_rwlock_t *remote_lock)
+{
+ int nret = 0;
+
+ nret = pthread_rwlock_unlock(remote_lock);
+ if (nret != 0) {
+ FATAL("Unlock memory store failed: %s", strerror(nret));
+ }
+}
+
static void *remote_refresh_ro_symbol_link(void *arg)
{
struct supporters *refresh_supporters = (struct supporters *)arg;
@@ -37,16 +65,18 @@ static void *remote_refresh_ro_symbol_link(void *arg)
util_usleep_nointerupt(5 * 1000 * 1000);
DEBUG("remote refresh start\n");
+ remote_refresh_lock(supporters.remote_lock, true);
remote_overlay_refresh(refresh_supporters->overlay_data);
remote_layer_refresh(refresh_supporters->layer_data);
remote_image_refresh(refresh_supporters->image_data);
+ remote_refresh_unlock(supporters.remote_lock);
DEBUG("remote refresh end\n");
}
return NULL;
}
-int remote_start_refresh_thread(void)
+int remote_start_refresh_thread(pthread_rwlock_t *remote_lock)
{
int res = 0;
pthread_t a_thread;
@@ -67,6 +97,8 @@ int remote_start_refresh_thread(void)
goto free_out;
}
+ supporters.remote_lock = remote_lock;
+
res = pthread_create(&a_thread, NULL, remote_refresh_ro_symbol_link, (void *)&supporters);
if (res != 0) {
CRIT("Thread creation failed");
diff --git a/src/daemon/modules/image/oci/storage/remote_layer_support/remote_support.h b/src/daemon/modules/image/oci/storage/remote_layer_support/remote_support.h
index 892a9155..30e3ebb0 100644
--- a/src/daemon/modules/image/oci/storage/remote_layer_support/remote_support.h
+++ b/src/daemon/modules/image/oci/storage/remote_layer_support/remote_support.h
@@ -16,6 +16,8 @@
#ifndef DAEMON_MODULES_IMAGE_OCI_STORAGE_LAYER_STORE_REMOTE_LAYER_SUPPORT_REMOTE_SUPPORT_H
#define DAEMON_MODULES_IMAGE_OCI_STORAGE_LAYER_STORE_REMOTE_LAYER_SUPPORT_REMOTE_SUPPORT_H
+#include <pthread.h>
+
#include "linked_list.h"
#include "map.h"
#include "ro_symlink_maintain.h"
@@ -64,7 +66,7 @@ void remote_overlay_refresh(struct remote_overlay_data *data);
bool remote_overlay_layer_valid(const char *layer_id);
// start refresh remote
-int remote_start_refresh_thread(void);
+int remote_start_refresh_thread(pthread_rwlock_t *remote_lock);
// extra map utils
char **remote_deleted_layers(const map_t *old, const map_t *new_l);
diff --git a/src/daemon/modules/image/oci/storage/storage.c b/src/daemon/modules/image/oci/storage/storage.c
index f9830ac3..836ccf4d 100644
--- a/src/daemon/modules/image/oci/storage/storage.c
+++ b/src/daemon/modules/image/oci/storage/storage.c
@@ -1874,7 +1874,7 @@ int storage_module_init(struct storage_module_init_options *opts)
}
#ifdef ENABLE_REMOTE_LAYER_STORE
- if (opts->enable_remote_layer && remote_start_refresh_thread() != 0) {
+ if (opts->enable_remote_layer && remote_start_refresh_thread(opts->remote_lock) != 0) {
ERROR("Failed to start remote refresh thread");
}
#endif
diff --git a/src/daemon/modules/image/oci/storage/storage.h b/src/daemon/modules/image/oci/storage/storage.h
index 7404ee54..df9fd761 100644
--- a/src/daemon/modules/image/oci/storage/storage.h
+++ b/src/daemon/modules/image/oci/storage/storage.h
@@ -18,6 +18,7 @@
#include <stdint.h>
#include <stdbool.h>
#include <stddef.h>
+#include <pthread.h>
#include <isula_libutils/imagetool_image.h>
#include <isula_libutils/json_common.h>
@@ -72,6 +73,7 @@ struct storage_module_init_options {
bool integration_check;
#ifdef ENABLE_REMOTE_LAYER_STORE
bool enable_remote_layer;
+ pthread_rwlock_t *remote_lock;
#endif
};
--
2.25.1

40
iSulad.spec
View File

@ -1,5 +1,5 @@
%global _version 2.1.1
%global _release 5
%global _release 6
%global is_systemd 1
%global enable_shimv2 1
%global is_embedded 1
@ -35,7 +35,37 @@ Patch0019: 0019-cleancode-for-read-write.patch
Patch0020: 0020-add-crictl-timeout-and-sync-for-CI.patch
Patch0021: 0021-unlock-m_podsLock-if-new-failed.patch
Patch0022: 0022-Update-CRI.patch
Patch0023: 0023-use-CURLOPT_XFERINFOFUNCTION-instead-of-deprecated-C.patch
Patch0023: 0023-add-cgroup-cpu-ut.patch
Patch0024: 0024-remove-temp-variables.patch
Patch0025: 0025-fix-read-member-error-from-struct.patch
Patch0026: 0026-Fix-PR-runc.patch
Patch0027: 0027-allow-the-paused-container-to-be-stopped.patch
Patch0028: 0028-Refine.patch
Patch0029: 0029-support-isula-update-when-runtime-is-runc.patch
Patch0030: 0030-Refine-as-others-feedback.patch
Patch0031: 0031-fix-CRI-SetupPod-and-TearDownPod-deadlock.patch
Patch0032: 0032-remote-layer-store-demo.patch
Patch0033: 0033-add-ci-for-remote-ro.patch
Patch0034: 0034-change-sleep-to-usleep-to-avoid-lossing-of-accuracy.patch
Patch0035: 0035-fix-compile-error-when-not-enable-remote-ro.patch
Patch0036: 0036-adapt-to-repo-of-openeuler-url-changed.patch
Patch0037: 0037-change-goto-branch.patch
Patch0038: 0038-CI-not-enable-remote-ro-for-ut.patch
Patch0039: 0039-use-auto-free-to-proc_t.patch
Patch0040: 0040-modifying-cpurt-file-permissions.patch
Patch0041: 0041-use-CURLOPT_XFERINFOFUNCTION-instead-of-deprecated-C.patch
Patch0042: 0042-bugfix-remote-ro-try-add-or-remove-image-layer-twice.patch
Patch0043: 0043-bugfix-can-t-delete-layers-under-dir-overlay-layers.patch
Patch0044: 0044-doc-add-document-about-support-remote-ro-directory.patch
Patch0045: 0045-Refine-a-minor-log-message.patch
Patch0046: 0046-modify-the-return-value-of-the-util_waitpid_with_tim.patch
Patch0047: 0047-fix-util_getgrent_r-overflow.patch
Patch0048: 0048-add-ut-for-runc.patch
Patch0049: 0049-add-runc-doc.patch
Patch0050: 0050-fix-isula_rt_ops_ut-bugs.patch
Patch0051: 0051-refactor-remote-ro-code.patch
Patch0052: 0052-add-ci-for-runc.patch
Patch0053: 0053-bugfix-when-refresh-can-t-load-or-pull-images.patch
%ifarch x86_64 aarch64
Provides: libhttpclient.so()(64bit)
@ -278,6 +308,12 @@ fi
%endif
%changelog
* Fri Mar 24 2023 wangrunze <wangrunze13@huawei.com> - 2.1.1-6
- Type: bugfix
- ID: NA
- SUG: NA
- DESC: update from upstream to include remote feature
* Thu Mar 16 2023 zhangxiaoyu <zhangxiaoyu58@huawei.com> - 2.1.1-5
- Type: bugfix
- ID: NA