diff --git a/0001-Add-a-solution-to-the-gpgkey-problem.patch b/0001-Add-a-solution-to-the-gpgkey-problem.patch index 12e9b82..0766079 100644 --- a/0001-Add-a-solution-to-the-gpgkey-problem.patch +++ b/0001-Add-a-solution-to-the-gpgkey-problem.patch @@ -2,7 +2,7 @@ From a46546cd6c9d3e085beac143eb3b7dcff7f118e5 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E5=A4=A7=E7=BD=97=E9=A9=AC=E7=9A=84=E5=A4=AA=E9=98=B3?= Date: Mon, 23 Nov 2020 22:55:24 +0800 -Subject: [PATCH 1/7] Add a solution to the gpgkey problem +Subject: [PATCH 01/17] Add a solution to the gpgkey problem --- README.md | 21 +++++++++++++++++++++ @@ -41,5 +41,5 @@ index 08467ddc..9b34d615 100644 We provide `systemd` service to start `iSulad`: ```sh -- -2.20.1 +2.25.1 diff --git a/0002-change-default-tmp-directory-from-var-tmp-to-var-lib.patch b/0002-change-default-tmp-directory-from-var-tmp-to-var-lib.patch index e835f97..3e97c7b 100644 --- a/0002-change-default-tmp-directory-from-var-tmp-to-var-lib.patch +++ b/0002-change-default-tmp-directory-from-var-tmp-to-var-lib.patch @@ -1,7 +1,7 @@ From e17d4ea9e2e6ec5555429cbc0363748e33170dea Mon Sep 17 00:00:00 2001 From: WangFengTu Date: Mon, 23 Nov 2020 16:52:56 +0800 -Subject: [PATCH 2/7] change default tmp directory from /var/tmp to +Subject: [PATCH 02/17] change default tmp directory from /var/tmp to /var/lib/isulad/tmp Signed-off-by: WangFengTu @@ -602,5 +602,5 @@ index fdf27cdb..03af3cc9 100644 void MockIsuladConf_SetMock(MockIsuladConf *mock); -- -2.20.1 +2.25.1 diff --git a/0003-update-api.proto-to-v1.19.3-according-to-kubelet.patch b/0003-update-api.proto-to-v1.19.3-according-to-kubelet.patch index 21ef81b..f5142a9 100644 --- a/0003-update-api.proto-to-v1.19.3-according-to-kubelet.patch +++ b/0003-update-api.proto-to-v1.19.3-according-to-kubelet.patch @@ -1,7 +1,7 @@ From 5720b90e9515a698b5f9cde21a99194848f2c66a Mon Sep 17 00:00:00 2001 From: gaohuatao Date: Fri, 13 Nov 2020 03:21:16 -0500 -Subject: [PATCH 3/7] update api.proto to v1.19.3 according to kubelet +Subject: [PATCH 03/17] update api.proto to v1.19.3 according to kubelet Signed-off-by: gaohuatao --- @@ -98,5 +98,5 @@ index 634e53ad..1d332261 100644 ModifyCommonNamespaceOptions(nsOpts, hostConfig); /* modify host network option for container */ -- -2.20.1 +2.25.1 diff --git a/0004-adapt-CI-ISULAD_TMPDIR-testcases.patch b/0004-adapt-CI-ISULAD_TMPDIR-testcases.patch index 70f7593..6029b4e 100644 --- a/0004-adapt-CI-ISULAD_TMPDIR-testcases.patch +++ b/0004-adapt-CI-ISULAD_TMPDIR-testcases.patch @@ -1,7 +1,7 @@ From 3a15d0174b16207915ab5736ee45f5018472b251 Mon Sep 17 00:00:00 2001 From: WangFengTu Date: Tue, 24 Nov 2020 14:51:57 +0800 -Subject: [PATCH 4/7] adapt CI ISULAD_TMPDIR testcases +Subject: [PATCH 04/17] adapt CI ISULAD_TMPDIR testcases Signed-off-by: WangFengTu --- @@ -46,5 +46,5 @@ index 22a6ad42..46849ae7 100644 msg_info "${test} finished with return ${ret}..." return ${ret} -- -2.20.1 +2.25.1 diff --git a/0005-listening-127.0.0.1-port-in-cri-stream-websocket-ser.patch b/0005-listening-127.0.0.1-port-in-cri-stream-websocket-ser.patch index aa7f13a..69e946a 100644 --- a/0005-listening-127.0.0.1-port-in-cri-stream-websocket-ser.patch +++ b/0005-listening-127.0.0.1-port-in-cri-stream-websocket-ser.patch @@ -1,7 +1,7 @@ From f3f2765e074a489ceeb2364fbb941a40d3232ff5 Mon Sep 17 00:00:00 2001 From: wujing Date: Tue, 24 Nov 2020 15:13:05 +0800 -Subject: [PATCH 5/7] listening 127.0.0.1:port in cri stream websocket server +Subject: [PATCH 05/17] listening 127.0.0.1:port in cri stream websocket server Signed-off-by: wujing --- @@ -71,5 +71,5 @@ index 0f613dd2..af8573ad 100644 ERROR("Failed to append image to digest: %s", names[i]); ret = -1; -- -2.20.1 +2.25.1 diff --git a/0006-using-64-bit-unique-token-in-CRI-websockets-server-R.patch b/0006-using-64-bit-unique-token-in-CRI-websockets-server-R.patch index ef1282b..dee9543 100644 --- a/0006-using-64-bit-unique-token-in-CRI-websockets-server-R.patch +++ b/0006-using-64-bit-unique-token-in-CRI-websockets-server-R.patch @@ -1,7 +1,7 @@ From 7b59f3cead750d00bafe406ab2150f3abd189acb Mon Sep 17 00:00:00 2001 From: wujing Date: Tue, 24 Nov 2020 17:09:08 +0800 -Subject: [PATCH 6/7] using 64 bit unique token in CRI websockets server +Subject: [PATCH 06/17] using 64 bit unique token in CRI websockets server Request Cache Signed-off-by: wujing @@ -46,5 +46,5 @@ index b0b7f491..024f3ba7 100644 #endif // DAEMON_ENTRY_CRI_REQUEST_CACHE_H -- -2.20.1 +2.25.1 diff --git a/0007-add-mock-conf_get_use_decrypted_key_flag-and-setup-a.patch b/0007-add-mock-conf_get_use_decrypted_key_flag-and-setup-a.patch index 1da8fab..e1bddd2 100644 --- a/0007-add-mock-conf_get_use_decrypted_key_flag-and-setup-a.patch +++ b/0007-add-mock-conf_get_use_decrypted_key_flag-and-setup-a.patch @@ -1,7 +1,7 @@ From c84953295a615da574aa1b42348a6f60105d5482 Mon Sep 17 00:00:00 2001 From: WangFengTu Date: Tue, 24 Nov 2020 20:00:42 +0800 -Subject: [PATCH 7/7] add mock conf_get_use_decrypted_key_flag and setup all +Subject: [PATCH 07/17] add mock conf_get_use_decrypted_key_flag and setup all common mocks Signed-off-by: WangFengTu @@ -52,5 +52,5 @@ index 25ddf694..4b264424 100644 } -- -2.20.1 +2.25.1 diff --git a/0008-show-all-mutl-network-ips.patch b/0008-show-all-mutl-network-ips.patch index 0665dab..38719de 100644 --- a/0008-show-all-mutl-network-ips.patch +++ b/0008-show-all-mutl-network-ips.patch @@ -1,7 +1,7 @@ From cd9d3524c53ee2090f6d3c8f079ad7905ca4bd41 Mon Sep 17 00:00:00 2001 From: haozi007 Date: Thu, 26 Nov 2020 09:30:05 +0800 -Subject: [PATCH 08/10] show all mutl network ips +Subject: [PATCH 08/17] show all mutl network ips Signed-off-by: haozi007 --- @@ -9,7 +9,7 @@ Signed-off-by: haozi007 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/daemon/entry/cri/cri_sandbox.cc b/src/daemon/entry/cri/cri_sandbox.cc -index b44c86c..772638a 100644 +index b44c86c1..772638a1 100644 --- a/src/daemon/entry/cri/cri_sandbox.cc +++ b/src/daemon/entry/cri/cri_sandbox.cc @@ -978,7 +978,7 @@ void CRIRuntimeServiceImpl::GetFormatIPsForMultNet(container_inspect *inspect, c diff --git a/0009-iSulad-only-qsort-the-configed-mounts.patch b/0009-iSulad-only-qsort-the-configed-mounts.patch index ff68713..980142b 100644 --- a/0009-iSulad-only-qsort-the-configed-mounts.patch +++ b/0009-iSulad-only-qsort-the-configed-mounts.patch @@ -1,7 +1,7 @@ From 25465336f77be1332c4536f90eb6ebd8edfd71de Mon Sep 17 00:00:00 2001 From: lifeng68 Date: Fri, 27 Nov 2020 11:29:58 +0800 -Subject: [PATCH 09/10] iSulad: only qsort the configed mounts +Subject: [PATCH 09/17] iSulad: only qsort the configed mounts Signed-off-by: lifeng68 --- @@ -10,7 +10,7 @@ Signed-off-by: lifeng68 2 files changed, 114 insertions(+), 103 deletions(-) diff --git a/src/daemon/entry/cri/cri_security_context.cc b/src/daemon/entry/cri/cri_security_context.cc -index 1d33226..cf5b300 100644 +index 1d332261..cf5b300e 100644 --- a/src/daemon/entry/cri/cri_security_context.cc +++ b/src/daemon/entry/cri/cri_security_context.cc @@ -179,7 +179,6 @@ static void ModifyContainerNamespaceOptions(const runtime::v1alpha2::NamespaceOp @@ -22,7 +22,7 @@ index 1d33226..cf5b300 100644 std::string targetPidNsMode = "container:" + nsOpts.target_id(); free(hostConfig->pid_mode); diff --git a/src/daemon/modules/spec/specs_mount.c b/src/daemon/modules/spec/specs_mount.c -index db7e4fd..6099a91 100644 +index db7e4fd8..6099a918 100644 --- a/src/daemon/modules/spec/specs_mount.c +++ b/src/daemon/modules/spec/specs_mount.c @@ -372,7 +372,8 @@ static defs_mount *mount_point_to_defs_mnt(container_config_v2_common_config_mou diff --git a/0010-CI-add-testcases-for-bind-proc-and-sys-fs.patch b/0010-CI-add-testcases-for-bind-proc-and-sys-fs.patch index 25ea977..a7919da 100644 --- a/0010-CI-add-testcases-for-bind-proc-and-sys-fs.patch +++ b/0010-CI-add-testcases-for-bind-proc-and-sys-fs.patch @@ -1,7 +1,7 @@ From 9ad5a2da26efc2a1a15564ddbb72059a1142ec85 Mon Sep 17 00:00:00 2001 From: lifeng68 Date: Fri, 27 Nov 2020 16:57:00 +0800 -Subject: [PATCH 10/10] CI: add testcases for bind /proc and /sys/fs +Subject: [PATCH 10/17] CI: add testcases for bind /proc and /sys/fs Signed-off-by: lifeng68 --- @@ -11,7 +11,7 @@ Signed-off-by: lifeng68 diff --git a/CI/test_cases/container_cases/bind_special_dir.sh b/CI/test_cases/container_cases/bind_special_dir.sh new file mode 100644 -index 0000000..0e61e34 +index 00000000..0e61e348 --- /dev/null +++ b/CI/test_cases/container_cases/bind_special_dir.sh @@ -0,0 +1,56 @@ diff --git a/0011-verify-peer-if-it-s-secure-registry.patch b/0011-verify-peer-if-it-s-secure-registry.patch new file mode 100644 index 0000000..aaf9c53 --- /dev/null +++ b/0011-verify-peer-if-it-s-secure-registry.patch @@ -0,0 +1,29 @@ +From 1f8f03ebc44a763a7686eda8cbf6341b9c057a6f Mon Sep 17 00:00:00 2001 +From: WangFengTu +Date: Sat, 28 Nov 2020 10:45:59 +0800 +Subject: [PATCH 11/17] verify peer if it's secure registry + +we verify peer only when CA file is provided before, +now we verify peer if it's secure registry + +Signed-off-by: WangFengTu +--- + src/daemon/modules/image/oci/registry/http_request.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/daemon/modules/image/oci/registry/http_request.c b/src/daemon/modules/image/oci/registry/http_request.c +index 60644ed5..fb44a7b6 100644 +--- a/src/daemon/modules/image/oci/registry/http_request.c ++++ b/src/daemon/modules/image/oci/registry/http_request.c +@@ -118,7 +118,7 @@ static int setup_ssl_config(pull_descriptor *desc, struct http_get_options *opti + } + } + +- if (options->ca_file != NULL) { ++ if (!desc->insecure_registry) { + options->ssl_verify_peer = true; + } + +-- +2.25.1 + diff --git a/0012-make-sure-all-certs-load-success-if-any-provided.patch b/0012-make-sure-all-certs-load-success-if-any-provided.patch new file mode 100644 index 0000000..6a80d7d --- /dev/null +++ b/0012-make-sure-all-certs-load-success-if-any-provided.patch @@ -0,0 +1,239 @@ +From a242455ecf86e4766ecb8989f8a5c62059c02e7c Mon Sep 17 00:00:00 2001 +From: WangFengTu +Date: Sat, 28 Nov 2020 11:37:09 +0800 +Subject: [PATCH 12/17] make sure all certs load success if any provided + +Signed-off-by: WangFengTu +--- + src/daemon/modules/image/oci/registry/certs.c | 161 ++++++++++++++++-- + 1 file changed, 149 insertions(+), 12 deletions(-) + +diff --git a/src/daemon/modules/image/oci/registry/certs.c b/src/daemon/modules/image/oci/registry/certs.c +index 6574d2bf..f9ef63c9 100644 +--- a/src/daemon/modules/image/oci/registry/certs.c ++++ b/src/daemon/modules/image/oci/registry/certs.c +@@ -26,9 +26,11 @@ + #include "utils.h" + #include "utils_file.h" + #include "utils_string.h" ++#include "err_msg.h" + + #define DEFAULT_ISULAD_CERTD "/etc/isulad/certs.d" + #define CLIENT_CERT_SUFFIX ".cert" ++#define CLIENT_KEY_SUFFIX ".key" + #define CA_SUFFIX ".crt" + + static char *g_certs_dir = DEFAULT_ISULAD_CERTD; +@@ -68,18 +70,117 @@ static char *corresponding_key_name(const char *cert_name) + return key_name; + } + ++static char *corresponding_cert_name(const char *key_name) ++{ ++ char cert_name[PATH_MAX] = {0}; ++ char *tmp_key_name = NULL; ++ int sret = 0; ++ ++ if (key_name == NULL) { ++ ERROR("Invalid NULL pointer"); ++ return NULL; ++ } ++ ++ if (strlen(key_name) <= strlen(CLIENT_KEY_SUFFIX)) { ++ ERROR("Invalid key name too short"); ++ return NULL; ++ } ++ ++ tmp_key_name = util_strdup_s(key_name); ++ tmp_key_name[strlen(tmp_key_name) - strlen(CLIENT_KEY_SUFFIX)] = 0; // strip suffix .key ++ ++ sret = snprintf(cert_name, sizeof(cert_name), "%s.cert", tmp_key_name); ++ if (sret < 0 || (size_t)sret >= sizeof(cert_name)) { ++ ERROR("Failed to sprintf cert name"); ++ free(tmp_key_name); ++ return NULL; ++ } ++ ++ return util_strdup_s(cert_name); ++} ++ ++static int get_path_by_cert_name(const char *path, const char *cert_name, char **cert_path, char **key_path) ++{ ++ int ret = 0; ++ char *key_name = NULL; ++ char *tmp_key_path = NULL; ++ char *tmp_cert_path = NULL; ++ ++ key_name = corresponding_key_name(cert_name); ++ if (key_name == NULL) { ++ ERROR("find corresponding key name for cert failed"); ++ ret = -1; ++ goto out; ++ } ++ tmp_key_path = util_path_join(path, key_name); ++ tmp_cert_path = util_path_join(path, cert_name); ++ if (tmp_cert_path == NULL || tmp_key_path == NULL) { ++ ret = -1; ++ ERROR("error join path"); ++ goto out; ++ } ++ ++ *cert_path = util_strdup_s(tmp_cert_path); ++ *key_path = util_strdup_s(tmp_key_path); ++ ++out: ++ free(key_name); ++ free(tmp_cert_path); ++ free(tmp_key_path); ++ ++ return ret; ++} ++ ++static int get_path_by_key_name(const char *path, const char *key_name, char **cert_path, char **key_path) ++{ ++ int ret = 0; ++ char *cert_name = NULL; ++ char *tmp_key_path = NULL; ++ char *tmp_cert_path = NULL; ++ ++ cert_name = corresponding_cert_name(key_name); ++ if (cert_name == NULL) { ++ ERROR("find corresponding key name for cert failed"); ++ ret = -1; ++ goto out; ++ } ++ tmp_key_path = util_path_join(path, key_name); ++ tmp_cert_path = util_path_join(path, cert_name); ++ if (tmp_cert_path == NULL || tmp_key_path == NULL) { ++ ret = -1; ++ ERROR("error join path"); ++ goto out; ++ } ++ ++ *cert_path = util_strdup_s(tmp_cert_path); ++ *key_path = util_strdup_s(tmp_key_path); ++ ++out: ++ free(cert_name); ++ free(tmp_cert_path); ++ free(tmp_key_path); ++ ++ return ret; ++} ++ + static int load_certs(const char *path, const char *name, bool use_decrypted_key, char **ca_file, char **cert_file, + char **key_file) + { + int ret = 0; + char *key_name = NULL; ++ char *tmp_key_file = NULL; ++ char *tmp_cert_file = NULL; + +- if (path == NULL || ca_file == NULL || cert_file == NULL || key_file == NULL) { ++ if (path == NULL || ca_file == NULL || cert_file == NULL || key_file == NULL || name == NULL) { + ERROR("Invalid NULL pointer"); + return -1; + } + +- if (*ca_file == NULL && util_has_suffix(name, CA_SUFFIX)) { ++ if (util_has_suffix(name, CA_SUFFIX)) { ++ if (*ca_file != NULL) { ++ ERROR("more than one ca file found, support only one ca file currently, continue to try"); ++ goto out; ++ } + *ca_file = util_path_join(path, name); + if (*ca_file == NULL) { + ret = -1; +@@ -87,20 +188,43 @@ static int load_certs(const char *path, const char *name, bool use_decrypted_key + goto out; + } + goto out; +- } else if (*cert_file == NULL && *key_file == NULL && util_has_suffix(name, CLIENT_CERT_SUFFIX)) { +- key_name = corresponding_key_name(name); +- if (key_name == NULL) { +- ERROR("find corresponding key name for cert failed"); ++ } else if (util_has_suffix(name, CLIENT_CERT_SUFFIX)) { ++ ret = get_path_by_cert_name(path, name, &tmp_cert_file, &tmp_key_file); ++ if (ret != 0) { ++ ERROR("get path of cert and key by cert name failed"); ++ isulad_try_set_error_message("get path of cert and key by cert name failed"); ++ goto out; ++ } ++ if (!util_file_exists(tmp_key_file)) { + ret = -1; ++ ERROR("lack corresponding key file for tls cert"); ++ isulad_try_set_error_message("lack corresponding key file for tls cert"); + goto out; + } +- *key_file = util_path_join(path, key_name); +- *cert_file = util_path_join(path, name); +- if (*cert_file == NULL || *key_file == NULL) { ++ if (*cert_file != NULL) { ++ ERROR("more than one cert file found, support only one cert file currently, continue to try"); ++ goto out; ++ } ++ *cert_file = util_strdup_s(tmp_cert_file); ++ goto out; ++ } else if (util_has_suffix(name, CLIENT_KEY_SUFFIX)) { ++ ret = get_path_by_key_name(path, name, &tmp_cert_file, &tmp_key_file); ++ if (ret != 0) { ++ ERROR("get path of cert and key by key name failed"); ++ isulad_try_set_error_message("get path of cert and key by key name failed"); ++ goto out; ++ } ++ if (!util_file_exists(tmp_cert_file)) { + ret = -1; +- ERROR("error join key name"); ++ ERROR("lack corresponding cert file for tls key"); ++ isulad_try_set_error_message("lack corresponding cert file for tls key"); ++ goto out; ++ } ++ if (*key_file != NULL) { ++ ERROR("more than one key file found, support only one key file currently, continue to try"); + goto out; + } ++ *key_file = util_strdup_s(tmp_key_file); + goto out; + } else { + goto out; +@@ -109,6 +233,8 @@ static int load_certs(const char *path, const char *name, bool use_decrypted_key + out: + free(key_name); + key_name = NULL; ++ free(tmp_cert_file); ++ free(tmp_key_file); + + if (ret != 0) { + free(*ca_file); +@@ -122,6 +248,15 @@ out: + return ret; + } + ++static bool valid_certs(char *ca_file, char *cert_file, char *key_file) ++{ ++ if ((ca_file == NULL && cert_file == NULL && key_file == NULL) || ++ (ca_file != NULL && cert_file != NULL && key_file != NULL)) { ++ return true; ++ } ++ return false; ++} ++ + int certs_load(char *host, bool use_decrypted_key, char **ca_file, char **cert_file, char **key_file) + { + int ret = 0; +@@ -170,8 +305,10 @@ int certs_load(char *host, bool use_decrypted_key, char **ca_file, char **cert_f + entry = readdir(dir); + } + +- if (*ca_file == NULL || *cert_file == NULL || *key_file == NULL) { +- ERROR("Loaded only part of certs, continue to try"); ++ if (!valid_certs(*ca_file, *cert_file, *key_file)) { ++ ERROR("failed to load all certs"); ++ isulad_try_set_error_message("failed to load all certs"); ++ ret = -1; + } + + out: +-- +2.25.1 + diff --git a/0013-add-ch-docs-for-install-iSulad.patch b/0013-add-ch-docs-for-install-iSulad.patch new file mode 100644 index 0000000..4a9a4d2 --- /dev/null +++ b/0013-add-ch-docs-for-install-iSulad.patch @@ -0,0 +1,305 @@ +From da5ab167ebc5765c91630846cd0850acd6ce8814 Mon Sep 17 00:00:00 2001 +From: haozi007 +Date: Thu, 26 Nov 2020 14:58:05 +0800 +Subject: [PATCH 13/17] add ch docs for install iSulad + +Signed-off-by: haozi007 +--- + README.md | 7 ++ + docs/build_guide.md | 22 +++--- + docs/build_guide_zh.md | 164 +++++++++++++++++++++++++++++++++++++++++ + 3 files changed, 182 insertions(+), 11 deletions(-) + create mode 100644 docs/build_guide_zh.md + +diff --git a/README.md b/README.md +index 9b34d615..1dd3cf1a 100644 +--- a/README.md ++++ b/README.md +@@ -4,9 +4,16 @@ + + `iSulad` is a lightweight container runtime daemon which is designed for IOT and Cloud infrastructure.`iSulad` has the characteristics of light, fast and not limited by hardware specifications and architecture, and can be applied more widely. + ++## Documentation ++ ++- [en build guide](./docs/build_guide.md) ++- [cn build guide](./docs/build_guide_zh.md) ++- [more usage guide](https://openeuler.org/zh/docs/20.09/docs/Container/iSula%E5%AE%B9%E5%99%A8%E5%BC%95%E6%93%8E.html) ++ + ## Getting Started + + ### Installing ++ + To install iSulad, you can use `rpm` or `yum` package manager command with `openEuler` repository. + + Or write repository file by hand: +diff --git a/docs/build_guide.md b/docs/build_guide.md +index 912139fa..2ee12c39 100644 +--- a/docs/build_guide.md ++++ b/docs/build_guide.md +@@ -7,12 +7,12 @@ If you intend to contribute on iSulad. Thanks for your effort. Every contributio + These dependencies are required for build: + + ### install basic dependencies based on Centos distribution +-```sh ++```bash + $ sudo yum --enablerepo='*' install -y automake autoconf libtool cmake make libcap libcap-devel libselinux libselinux-devel libseccomp libseccomp-devel yajl-devel git libcgroup tar python3 python3-pip device-mapper-devel libarchive libarchive-devel libcurl-devel zlib-devel glibc-headers openssl-devel gcc gcc-c++ systemd-devel systemd-libs golang libtar libtar-devel + ``` + + ### install basic dependencies based on Ubuntu distribution +-```sh ++```bash + $ sudo apt install -y libtool automake autoconf cmake make pkg-config libyajl-dev zlib1g-dev libselinux-dev libseccomp-dev libcap-dev libsystemd-dev git libcurl4-gnutls-dev openssl libdevmapper-dev golang python3 libtar libtar-dev + ``` + +@@ -24,13 +24,13 @@ Please use the protobuf and grpc came with your distribution, if not exists then + Note: grpc-1.22 can not support GCC 9+. + + ### set ldconfig and pkgconfig +-``` ++```bash + $ export PKG_CONFIG_PATH=/usr/local/lib/pkgconfig:$PKG_CONFIG_PATH + $ export LD_LIBRARY_PATH=/usr/local/lib:/usr/lib:$LD_LIBRARY_PATH + $ sudo -E echo "/usr/local/lib" >> /etc/ld.so.conf + ``` + ### build and install protobuf +-``` ++```bash + $ git clone https://gitee.com/src-openeuler/protobuf.git + $ cd protobuf + $ git checkout openEuler-20.03-LTS-tag +@@ -44,7 +44,7 @@ $ sudo -E ldconfig + ``` + + ### build and install c-ares +-``` ++```bash + $ git clone https://gitee.com/src-openeuler/c-ares.git + $ cd c-ares + $ git checkout openEuler-20.03-LTS-tag +@@ -58,7 +58,7 @@ $ sudo -E ldconfig + ``` + + ### build and install grpc +-``` ++```bash + $ git clone https://gitee.com/src-openeuler/grpc.git + $ cd grpc + $ git checkout openEuler-20.03-LTS-tag +@@ -70,7 +70,7 @@ $ sudo -E ldconfig + ``` + + ### build and install http-parser +-``` ++```bash + $ git clone https://gitee.com/src-openeuler/http-parser.git + $ cd http-parser + $ git checkout openEuler-20.03-LTS-tag +@@ -82,7 +82,7 @@ $ sudo -E ldconfig + ``` + + ### build and install libwebsockets +-``` ++```bash + $ git clone https://gitee.com/src-openeuler/libwebsockets.git + $ cd libwebsockets + $ git checkout openEuler-20.03-LTS-tag +@@ -101,7 +101,7 @@ $ sudo -E ldconfig + iSulad depend on some specific versions dependencies. + + ### build and install lxc +-``` ++```bash + $ git clone https://gitee.com/src-openeuler/lxc.git + $ cd lxc + $ tar -zxf lxc-4.0.3.tar.gz +@@ -114,7 +114,7 @@ $ sudo -E make install + ``` + + ### build and install lcr +-``` ++```bash + $ git clone https://gitee.com/openeuler/lcr.git + $ cd lcr + $ mkdir build +@@ -125,7 +125,7 @@ $ sudo -E make install + ``` + + ### build and install clibcni +-``` ++```bash + $ git clone https://gitee.com/openeuler/clibcni.git + $ cd clibcni + $ mkdir build +diff --git a/docs/build_guide_zh.md b/docs/build_guide_zh.md +new file mode 100644 +index 00000000..182d6fec +--- /dev/null ++++ b/docs/build_guide_zh.md +@@ -0,0 +1,164 @@ ++# 源码编译iSulad ++ ++我们感谢为iSulad做的任何贡献。 ++ ++## 各发行版本的基本依赖安装 ++ ++这些依赖是编译依赖的基础组件: ++ ++### openEuler的安装命令 ++ ++openEuler可以直接通过编译依赖自动安装的方式(其他rpm的发行版本也可以参考,但是存在部分包名不一致的情况),具体如下: ++ ++```bash ++dnf builddep iSulad.spec ++``` ++ ++注:iSulad.spec直接用源码中的文件即可。 ++ ++### Centos的安装命令 ++ ++```bash ++$ sudo yum --enablerepo='*' install -y automake autoconf libtool cmake make libcap libcap-devel libselinux libselinux-devel libseccomp libseccomp-devel yajl-devel git libcgroup tar python3 python3-pip device-mapper-devel libarchive libarchive-devel libcurl-devel zlib-devel glibc-headers openssl-devel gcc gcc-c++ systemd-devel systemd-libs libtar libtar-devel ++``` ++ ++### Ubuntu的安装命令 ++```bash ++$ sudo apt install -y libtool automake autoconf cmake make pkg-config libyajl-dev zlib1g-dev libselinux-dev libseccomp-dev libcap-dev libsystemd-dev git libcurl4-gnutls-dev openssl libdevmapper-dev python3 libtar libtar-dev ++``` ++ ++## 从源码构建和安装关键依赖 ++下面的依赖组件,你的包管理中可能不存在,或者版本不满足要求。因此,需要从源码编译安装。protobuf和grpc建议直接通过包管理安装,除非没有或者版本太老。 ++ ++***注意:grpc-1.22不支持GCC 9+。*** ++ ++### 设置ldconfig和pkgconfig的路径 ++ ++编译安装的默认路径为`/usr/local/lib/`,因此需要把该路径添加到`PKG_CONFIG_PATH`和`LD_LIBRARY_PATH`,从而系统能找到我们编译安装的软件包和lib库。如果安装的`/usr/lib/`,可以忽略这一步。 ++ ++```bash ++$ export PKG_CONFIG_PATH=/usr/local/lib/pkgconfig:$PKG_CONFIG_PATH ++$ export LD_LIBRARY_PATH=/usr/local/lib:/usr/lib:$LD_LIBRARY_PATH ++$ sudo -E echo "/usr/local/lib" >> /etc/ld.so.conf ++``` ++### 编译安装protobuf ++```bash ++$ git clone https://gitee.com/src-openeuler/protobuf.git ++$ cd protobuf ++$ git checkout openEuler-20.03-LTS-tag ++$ tar -xzvf protobuf-all-3.9.0.tar.gz ++$ cd protobuf-3.9.0 ++$ sudo -E ./autogen.sh ++$ sudo -E ./configure ++$ sudo -E make -j $(nproc) ++$ sudo -E make install ++$ sudo -E ldconfig ++``` ++ ++### 编译安装c-ares ++```bash ++$ git clone https://gitee.com/src-openeuler/c-ares.git ++$ cd c-ares ++$ git checkout openEuler-20.03-LTS-tag ++$ tar -xzvf c-ares-1.15.0.tar.gz ++$ cd c-ares-1.15.0 ++$ sudo -E autoreconf -if ++$ sudo -E ./configure --enable-shared --disable-dependency-tracking ++$ sudo -E make -j $(nproc) ++$ sudo -E make install ++$ sudo -E ldconfig ++``` ++ ++### 编译安装grpc ++```bash ++$ git clone https://gitee.com/src-openeuler/grpc.git ++$ cd grpc ++$ git checkout openEuler-20.03-LTS-tag ++$ tar -xzvf grpc-1.22.0.tar.gz ++$ cd grpc-1.22.0 ++$ sudo -E make -j $(nproc) ++$ sudo -E make install ++$ sudo -E ldconfig ++``` ++ ++### 编译安装http-parser ++```bash ++$ git clone https://gitee.com/src-openeuler/http-parser.git ++$ cd http-parser ++$ git checkout openEuler-20.03-LTS-tag ++$ tar -xzvf http-parser-2.9.2.tar.gz ++$ cd http-parser-2.9.2 ++$ sudo -E make -j CFLAGS="-Wno-error" ++$ sudo -E make CFLAGS="-Wno-error" install ++$ sudo -E ldconfig ++``` ++ ++### 编译安装libwebsockets ++```bash ++$ git clone https://gitee.com/src-openeuler/libwebsockets.git ++$ cd libwebsockets ++$ git checkout openEuler-20.03-LTS-tag ++$ tar -xzvf libwebsockets-2.4.2.tar.gz ++$ cd libwebsockets-2.4.2 ++$ patch -p1 -F1 -s < ../libwebsockets-fix-coredump.patch ++$ mkdir build ++$ cd build ++$ sudo -E cmake -DLWS_WITH_SSL=0 -DLWS_MAX_SMP=32 -DCMAKE_BUILD_TYPE=Debug ../ ++$ sudo -E make -j $(nproc) ++$ sudo -E make install ++$ sudo -E ldconfig ++``` ++ ++## 编译安装特定依赖版本 ++iSulad依赖一些特定版本的组件,由于各组件是通过函数接口使用,因此,**必须保证各组件版本一致**。例如: ++ ++- 统一使用各组件的master分支的代码进行构建; ++- 后续的releases版本会增加依赖的组件的版本号; ++- 也统一可以从[openEuler](https://openeuler.org/zh/download/)的特定OS版本,通过包管理工具获取各组件的`src.rpm`包的方式获取源码; ++- 也可以到[src-openeuler](https://gitee.com/src-openeuler)社区获取各组件相同分支的代码; ++ ++### 编译安装lxc ++```bash ++$ git clone https://gitee.com/src-openeuler/lxc.git ++$ cd lxc ++$ tar -zxf lxc-4.0.3.tar.gz ++$ ./apply-patches ++$ cd lxc-4.0.3 ++$ sudo -E ./autogen.sh ++$ sudo -E ./configure ++$ sudo -E make -j $(nproc) ++$ sudo -E make install ++``` ++ ++### 编译安装lcr ++```bash ++$ git clone https://gitee.com/openeuler/lcr.git ++$ cd lcr ++$ mkdir build ++$ cd build ++$ sudo -E cmake .. ++$ sudo -E make -j $(nproc) ++$ sudo -E make install ++``` ++ ++### 编译安装clibcni ++```bash ++$ git clone https://gitee.com/openeuler/clibcni.git ++$ cd clibcni ++$ mkdir build ++$ cd build ++$ sudo -E cmake .. ++$ sudo -E make -j $(nproc) ++$ sudo -E make install ++``` ++ ++### 编译安装iSulad ++```bash ++$ git clone https://gitee.com/openeuler/iSulad.git ++$ cd iSulad ++$ mkdir build ++$ cd build ++$ sudo -E cmake .. ++$ sudo -E make -j $(nproc) ++$ sudo -E make install ++``` +-- +2.25.1 + diff --git a/0014-error-out-if-unpack-layer-failed.patch b/0014-error-out-if-unpack-layer-failed.patch new file mode 100644 index 0000000..cafa9cf --- /dev/null +++ b/0014-error-out-if-unpack-layer-failed.patch @@ -0,0 +1,34 @@ +From ff793d00c408810e2f434800fa3811f5ba2501a7 Mon Sep 17 00:00:00 2001 +From: WangFengTu +Date: Thu, 3 Dec 2020 10:32:57 +0800 +Subject: [PATCH 14/17] error out if unpack layer failed + +Signed-off-by: WangFengTu +--- + .../modules/image/oci/storage/layer_store/layer_store.c | 5 ++--- + 1 file changed, 2 insertions(+), 3 deletions(-) + +diff --git a/src/daemon/modules/image/oci/storage/layer_store/layer_store.c b/src/daemon/modules/image/oci/storage/layer_store/layer_store.c +index 704dbd63..87e49d07 100644 +--- a/src/daemon/modules/image/oci/storage/layer_store/layer_store.c ++++ b/src/daemon/modules/image/oci/storage/layer_store/layer_store.c +@@ -1061,14 +1061,13 @@ static int apply_diff(layer_t *l, const struct io_read_wrapper *diff) + { + int64_t size = 0; + int ret = 0; +- int nret = 0; + + if (diff == NULL) { + return 0; + } + +- nret = graphdriver_apply_diff(l->slayer->id, diff); +- if (nret != 0) { ++ ret = graphdriver_apply_diff(l->slayer->id, diff); ++ if (ret != 0) { + goto out; + } + +-- +2.25.1 + diff --git a/0015-ignore-get-ip-error-for-mutlnetwork.patch b/0015-ignore-get-ip-error-for-mutlnetwork.patch new file mode 100644 index 0000000..c51ddde --- /dev/null +++ b/0015-ignore-get-ip-error-for-mutlnetwork.patch @@ -0,0 +1,27 @@ +From b0b1bc36bf4672ce45c0dd2be877083894b62350 Mon Sep 17 00:00:00 2001 +From: haozi007 +Date: Thu, 3 Dec 2020 15:44:27 +0800 +Subject: [PATCH 15/17] ignore get ip error for mutlnetwork + +Signed-off-by: haozi007 +--- + src/daemon/entry/cri/cri_sandbox.cc | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/src/daemon/entry/cri/cri_sandbox.cc b/src/daemon/entry/cri/cri_sandbox.cc +index 772638a1..2d623097 100644 +--- a/src/daemon/entry/cri/cri_sandbox.cc ++++ b/src/daemon/entry/cri/cri_sandbox.cc +@@ -985,7 +985,8 @@ void CRIRuntimeServiceImpl::GetFormatIPsForMultNet(container_inspect *inspect, c + m_pluginManager->GetPodNetworkStatus(metadata.namespace_(), metadata.name(), elems[i]->interface, inspect->id, status, + error); + if (error.NotEmpty()) { +- goto out; ++ WARN("get status for network: %s failed: %s", elems[i]->name, error.GetCMessage()); ++ error.Clear(); + } + // add a sentry to make ips of mutlnetwork store from position 2 + if (result.size() < 2) { +-- +2.25.1 + diff --git a/0016-support-default-container-log-options.patch b/0016-support-default-container-log-options.patch new file mode 100644 index 0000000..4980c12 --- /dev/null +++ b/0016-support-default-container-log-options.patch @@ -0,0 +1,1303 @@ +From f4c5700bcf82bacc85e4e25b7afe94d65d3e54f4 Mon Sep 17 00:00:00 2001 +From: haozi007 +Date: Sat, 14 Nov 2020 18:44:08 +0800 +Subject: [PATCH 16/17] support default container log options + +Signed-off-by: haozi007 +--- + src/cmd/isula/base/create.c | 141 +-------- + src/cmd/isula/client_arguments.c | 1 - + src/cmd/isulad/isulad_commands.c | 84 ++++++ + src/cmd/isulad/isulad_commands.h | 38 ++- + src/cmd/isulad/main.c | 73 +++++ + src/cmd/options/opt_log.c | 276 ++++++++++++++++++ + src/cmd/options/opt_log.h | 39 +++ + src/common/constants.h | 4 + + src/contrib/config/daemon.json | 3 + + src/daemon/config/daemon_arguments.c | 12 +- + src/daemon/config/daemon_arguments.h | 54 ++-- + src/daemon/config/isulad_config.c | 84 +++++- + src/daemon/config/isulad_config.h | 2 + + .../executor/container_cb/execution_create.c | 150 +++++++--- + .../modules/service/service_container.c | 1 + + 15 files changed, 750 insertions(+), 212 deletions(-) + create mode 100644 src/cmd/options/opt_log.c + create mode 100644 src/cmd/options/opt_log.h + +diff --git a/src/cmd/isula/base/create.c b/src/cmd/isula/base/create.c +index a79b18b9..87c1086b 100644 +--- a/src/cmd/isula/base/create.c ++++ b/src/cmd/isula/base/create.c +@@ -38,6 +38,7 @@ + #include "pull.h" + #include "constants.h" + #include "connect.h" ++#include "opt_log.h" + + #include "utils_array.h" + #include "utils_convert.h" +@@ -1348,120 +1349,6 @@ static int add_new_annotation(const char *key, const char *value, struct client_ + return 0; + } + +-typedef int (*log_opt_callback_t)(const char *key, const char *value, struct client_arguments *args); +- +-typedef struct log_opt_parse { +- const char *key; +- const char *anno_key; +- log_opt_callback_t cb; +-} log_opt_parse_t; +- +-static int log_opt_common_cb(const char *key, const char *value, struct client_arguments *args) +-{ +- return add_new_annotation(key, value, args); +-} +- +-static int log_opt_max_file_cb(const char *key, const char *value, struct client_arguments *args) +-{ +- unsigned int ptr = 0; +- int ret = -1; +- +- if (util_safe_uint(value, &ptr)) { +- return ret; +- } +- if (ptr == 0) { +- COMMAND_ERROR("Invalid option 'max-file', value:%s", value); +- return ret; +- } +- +- return add_new_annotation(key, value, args); +-} +- +-static int log_opt_syslog_facility(const char *key, const char *value, struct client_arguments *args) +-{ +-#define FACILITIES_LEN 20 +- const char *facility_keys[FACILITIES_LEN] = { "kern", "user", "mail", "daemon", "auth", +- "syslog", "lpr", "news", "uucp", "cron", +- "authpriv", "ftp", "local0", "local1", "local2", +- "local3", "local4", "local5", "local6", "local7" +- }; +- int i; +- +- for (i = 0; i < FACILITIES_LEN; i++) { +- if (strcmp(facility_keys[i], value) == 0) { +- break; +- } +- } +- +- if (i == FACILITIES_LEN) { +- return -1; +- } +- +- return add_new_annotation(key, value, args); +-} +- +-static int log_opt_disable_log_cb(const char *key, const char *value, struct client_arguments *args) +-{ +- int ret = -1; +- +- if (strcmp(value, "true") == 0) { +- ret = add_new_annotation(key, "none", args); +- } else if (strcmp(value, "false") == 0) { +- ret = 0; +- } else { +- COMMAND_ERROR("Invalid option 'disable-log', value:%s", value); +- } +- +- return ret; +-} +- +-static int log_opt_parse_options(struct client_arguments *args, const char *optkey, const char *value) +-{ +-#define OPTIONS_MAX 5 +- log_opt_parse_t log_opts[OPTIONS_MAX] = { +- { +- .key = "max-size", +- .anno_key = CONTAINER_LOG_CONFIG_KEY_SIZE, +- .cb = &log_opt_common_cb, +- }, +- { +- .key = "max-file", +- .anno_key = CONTAINER_LOG_CONFIG_KEY_ROTATE, +- .cb = &log_opt_max_file_cb, +- }, +- { +- .key = "disable-log", +- .anno_key = CONTAINER_LOG_CONFIG_KEY_FILE, +- .cb = &log_opt_disable_log_cb, +- }, +- { +- .key = "syslog-tag", +- .anno_key = CONTAINER_LOG_CONFIG_KEY_SYSLOG_TAG, +- .cb = &log_opt_common_cb, +- }, +- { +- .key = "syslog-facility", +- .anno_key = CONTAINER_LOG_CONFIG_KEY_SYSLOG_FACILITY, +- .cb = &log_opt_syslog_facility, +- }, +- }; +- int ret = -1; +- int i; +- +- for (i = 0; i < OPTIONS_MAX; i++) { +- if (strcmp(optkey, log_opts[i].key) == 0) { +- ret = log_opts[i].cb(log_opts[i].anno_key, value, args); +- break; +- } +- } +- +- if (i == OPTIONS_MAX) { +- COMMAND_ERROR("Unsupported log opt: %s", optkey); +- } +- +- return ret; +-} +- + int log_opt_parser(struct client_arguments *args, const char *option) + { + int ret = -1; +@@ -1504,10 +1391,22 @@ int log_opt_parser(struct client_arguments *args, const char *option) + tmp[len] = '\0'; + value += 1; + +- ret = log_opt_parse_options(args, optkey, value); ++ if (args->annotations == NULL) { ++ args->annotations = util_common_calloc_s(sizeof(json_map_string_string)); ++ if (args->annotations == NULL) { ++ COMMAND_ERROR("Out of Memory"); ++ goto out; ++ } ++ } + ++ if (!parse_container_log_opt(optkey, value, args->annotations)) { ++ ret = -1; ++ goto out; ++ } ++ ++ ret = 0; + out: +- if (ret < 0) { ++ if (ret != 0) { + COMMAND_ERROR("Invalid option: %s", option); + } + free(tmp); +@@ -1523,21 +1422,13 @@ int callback_log_opt(command_option_t *option, const char *value) + + int callback_log_driver(command_option_t *option, const char *value) + { +-#define DRIVER_MAX 2 +- const char *drivers[] = { CONTAINER_LOG_CONFIG_JSON_FILE_DRIVER, CONTAINER_LOG_CONFIG_SYSLOG_DRIVER }; +- int i = 0; + struct client_arguments *args = (struct client_arguments *)option->data; + + if (value == NULL) { + return -1; + } + +- for (; i < DRIVER_MAX; i++) { +- if (strcmp(value, drivers[i]) == 0) { +- break; +- } +- } +- if (i == DRIVER_MAX) { ++ if (!check_opt_container_log_driver(value)) { + return -1; + } + +diff --git a/src/cmd/isula/client_arguments.c b/src/cmd/isula/client_arguments.c +index ad6ba40c..ffe40c2e 100644 +--- a/src/cmd/isula/client_arguments.c ++++ b/src/cmd/isula/client_arguments.c +@@ -123,7 +123,6 @@ int client_arguments_init(struct client_arguments *args) + } else { + args->socket = util_strdup_s(DEFAULT_UNIX_SOCKET); + } +- args->log_driver = util_strdup_s("json-file"); + + (void)memset(&args->custom_conf, 0, sizeof(struct custom_configs)); + (void)memset(&args->cr, 0, sizeof(struct args_cgroup_resources)); +diff --git a/src/cmd/isulad/isulad_commands.c b/src/cmd/isulad/isulad_commands.c +index 11e166fc..d0ab029c 100644 +--- a/src/cmd/isulad/isulad_commands.c ++++ b/src/cmd/isulad/isulad_commands.c +@@ -32,6 +32,7 @@ + #include "utils_string.h" + #include "utils_verify.h" + #include "opt_ulimit.h" ++#include "opt_log.h" + + const char isulad_desc[] = "GLOBAL OPTIONS:"; + const char isulad_usage[] = "[global options]"; +@@ -103,6 +104,89 @@ out: + return ret; + } + ++int server_callback_container_log_driver(command_option_t *option, const char *value) ++{ ++ int ret = 0; ++ struct service_arguments *args = NULL; ++ ++ if (option == NULL || value == NULL) { ++ COMMAND_ERROR("Invalid input arguments"); ++ ret = -1; ++ goto out; ++ } ++ if (!check_opt_container_log_driver(value)) { ++ ret = -1; ++ goto out; ++ } ++ ++ args = (struct service_arguments *)option->data; ++ ++ free(args->json_confs->container_log->driver); ++ args->json_confs->container_log->driver = util_strdup_s(value); ++ ++out: ++ return ret; ++} ++ ++int server_callback_container_log(command_option_t *option, const char *value) ++{ ++ int ret = 0; ++ struct service_arguments *args = NULL; ++ json_map_string_string *log_opts = NULL; ++ char **split_opts = NULL; ++ size_t i; ++ ++ if (option == NULL || value == NULL) { ++ COMMAND_ERROR("Invalid input arguments"); ++ ret = -1; ++ goto out; ++ } ++ split_opts = util_string_split_multi(value, '='); ++ // value must be format of 'key = value' ++ if (util_array_len((const char **)split_opts) != 2) { ++ COMMAND_ERROR("Invalid input arguments: %s", value); ++ ret = -1; ++ goto out; ++ } ++ ++ if (!check_raw_log_opt(split_opts[0])) { ++ COMMAND_ERROR("Unsupport container log key: %s", split_opts[0]); ++ ret = -1; ++ goto out; ++ } ++ ++ args = (struct service_arguments *)option->data; ++ if (args->json_confs->container_log->opts == NULL) { ++ args->json_confs->container_log->opts = util_common_calloc_s(sizeof(json_map_string_string)); ++ } ++ log_opts = args->json_confs->container_log->opts; ++ if (log_opts == NULL) { ++ COMMAND_ERROR("Out of memory"); ++ ret = -1; ++ goto out; ++ } ++ ++ for (i = 0; i < log_opts->len; i++) { ++ // just update found key-value ++ if (strcmp(split_opts[0], log_opts->keys[i]) == 0) { ++ free(log_opts->values[i]); ++ log_opts->values[i] = util_strdup_s(split_opts[1]); ++ goto out; ++ } ++ } ++ ++ ret = append_json_map_string_string(log_opts, split_opts[0], split_opts[1]); ++ if (ret != 0) { ++ COMMAND_ERROR("Out of memory"); ++ ret = -1; ++ goto out; ++ } ++ ++out: ++ util_free_array(split_opts); ++ return ret; ++} ++ + static void command_init_isulad(command_t *self, command_option_t *options, int options_len, int argc, + const char **argv, const char *description, const char *usage) + { +diff --git a/src/cmd/isulad/isulad_commands.h b/src/cmd/isulad/isulad_commands.h +index 78ec5846..02007f3c 100644 +--- a/src/cmd/isulad/isulad_commands.h ++++ b/src/cmd/isulad/isulad_commands.h +@@ -37,14 +37,14 @@ int update_hosts(struct service_arguments *args); + int update_default_ulimit(struct service_arguments *args); + int command_default_ulimit_append(command_option_t *option, const char *arg); + +-#define ISULAD_OPTIONS(cmdargs) \ +- { CMD_OPT_TYPE_CALLBACK, \ +- false, \ +- "host", \ +- 'H', \ +- &(cmdargs)->hosts, \ +- "The socket name used to create gRPC server", \ +- command_valid_socket_append_array }, \ ++#define ISULAD_OPTIONS(cmdargs) \ ++ { CMD_OPT_TYPE_CALLBACK, \ ++ false, \ ++ "host", \ ++ 'H', \ ++ &(cmdargs)->hosts, \ ++ "The socket name used to create gRPC server", \ ++ command_valid_socket_append_array }, \ + { CMD_OPT_TYPE_STRING_DUP, false, "pidfile", 'p', &(cmdargs)->json_confs->pidfile, \ + "Save pid into this file", NULL }, \ + { CMD_OPT_TYPE_BOOL, false, "help", 0, &(cmdargs)->help, "Show help", NULL }, \ +@@ -99,13 +99,27 @@ int command_default_ulimit_append(command_option_t *option, const char *arg); + (cmdargs), \ + "Set daemon log driver options, such as: log-path=/tmp/logs/ to set directory where to store daemon logs", \ + server_callback_log_opt }, \ ++ { CMD_OPT_TYPE_CALLBACK, \ ++ false, \ ++ "container-log-driver", \ ++ 0, \ ++ (cmdargs), \ ++ "Set default container log driver, such as: json-file", \ ++ server_callback_container_log_driver }, \ ++ { CMD_OPT_TYPE_CALLBACK, \ ++ false, \ ++ "container-log-opts", \ ++ 0, \ ++ (cmdargs), \ ++ "Set default container log driver options, such as: max-file=7 to set max number of container log files", \ ++ server_callback_container_log }, \ + { CMD_OPT_TYPE_BOOL, false, "version", 'V', &(cmdargs)->version, "Print the version", NULL }, \ + { CMD_OPT_TYPE_STRING_DUP, \ + false, \ + "group", \ + 'G', \ + &(cmdargs)->json_confs->group, \ +- "Group for the unix socket(default is isula)", \ ++ "Group for the unix socket(default is isula)", \ + NULL }, \ + { CMD_OPT_TYPE_STRING_DUP, \ + false, \ +@@ -249,9 +263,9 @@ int command_default_ulimit_append(command_option_t *option, const char *arg); + &(cmdargs)->json_confs->websocket_server_listening_port, \ + "CRI websocket streaming service listening port (default 10350)", \ + command_convert_uint }, \ +- { \ +- CMD_OPT_TYPE_BOOL, false, "selinux-enabled", 0, &(cmdargs)->json_confs->selinux_enabled, \ +- "Enable selinux support", NULL \ ++ { CMD_OPT_TYPE_BOOL, \ ++ false, "selinux-enabled", 0, &(cmdargs)->json_confs->selinux_enabled, \ ++ "Enable selinux support", NULL \ + } + + #ifdef __cplusplus +diff --git a/src/cmd/isulad/main.c b/src/cmd/isulad/main.c +index bef78f87..ce93eaa0 100644 +--- a/src/cmd/isulad/main.c ++++ b/src/cmd/isulad/main.c +@@ -70,6 +70,7 @@ + #include "utils_string.h" + #include "utils_verify.h" + #include "volume_api.h" ++#include "opt_log.h" + + #ifdef GRPC_CONNECTOR + #include "clibcni/api.h" +@@ -836,6 +837,73 @@ static int configure_kernel_security_support(const struct service_arguments *arg + } + #endif + ++static int use_default_log_opts_for_json_file(bool rotate_found, bool size_found, ++ isulad_daemon_configs_container_log *conf) ++{ ++ int nret = 0; ++ ++ if (conf->opts == NULL) { ++ conf->opts = util_common_calloc_s(sizeof(json_map_string_string)); ++ } ++ if (conf->opts == NULL) { ++ ERROR("Out of memory"); ++ return -1; ++ } ++ ++ if (!rotate_found) { ++ nret = append_json_map_string_string(conf->opts, CONTAINER_LOG_CONFIG_KEY_ROTATE, "7"); ++ if (nret != 0) { ++ ERROR("Out of memory"); ++ return -1; ++ } ++ } ++ ++ if (!size_found) { ++ nret = append_json_map_string_string(conf->opts, CONTAINER_LOG_CONFIG_KEY_SIZE, "1MB"); ++ if (nret != 0) { ++ ERROR("Out of memory"); ++ return -1; ++ } ++ } ++ ++ return 0; ++} ++ ++static int update_container_log_configs(isulad_daemon_configs_container_log *conf) ++{ ++ bool rotate_found = false; ++ bool size_found = false; ++ size_t i; ++ ++ if (conf->driver == NULL) { ++ conf->driver = util_strdup_s(CONTAINER_LOG_CONFIG_JSON_FILE_DRIVER); ++ } ++ ++ if (!parse_container_log_opts(&conf->opts)) { ++ return -1; ++ } ++ ++ /* validate daemon container log configs */ ++ for (i = 0; conf->opts != NULL && i < conf->opts->len; i++) { ++ if (!check_opt_container_log_opt(conf->driver, conf->opts->keys[i])) { ++ return -1; ++ } ++ ++ if (strcmp(CONTAINER_LOG_CONFIG_KEY_ROTATE, conf->opts->keys[i]) == 0) { ++ rotate_found = true; ++ } else if (strcmp(CONTAINER_LOG_CONFIG_KEY_SIZE, conf->opts->keys[i]) == 0) { ++ size_found = true; ++ } ++ } ++ ++ // set default log opts for json file driver ++ if (strcmp(conf->driver, CONTAINER_LOG_CONFIG_JSON_FILE_DRIVER) == 0) { ++ return use_default_log_opts_for_json_file(rotate_found, size_found, conf); ++ } ++ ++ return 0; ++} ++ + static int update_server_args(struct service_arguments *args) + { + int ret = 0; +@@ -860,6 +928,11 @@ static int update_server_args(struct service_arguments *args) + goto out; + } + ++ if (update_container_log_configs(args->json_confs->container_log) != 0) { ++ ret = -1; ++ goto out; ++ } ++ + /* check args */ + if (check_args(args)) { + ret = -1; +diff --git a/src/cmd/options/opt_log.c b/src/cmd/options/opt_log.c +new file mode 100644 +index 00000000..f6c18b23 +--- /dev/null ++++ b/src/cmd/options/opt_log.c +@@ -0,0 +1,276 @@ ++/****************************************************************************** ++ * Copyright (c) Huawei Technologies Co., Ltd. 2020. All rights reserved. ++ * iSulad licensed under the Mulan PSL v2. ++ * You can use this software according to the terms and conditions of the Mulan PSL v2. ++ * You may obtain a copy of Mulan PSL v2 at: ++ * http://license.coscl.org.cn/MulanPSL2 ++ * THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR ++ * IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR ++ * PURPOSE. ++ * See the Mulan PSL v2 for more details. ++ * Author: haozi007 ++ * Create: 2020-11-16 ++ * Description: provide log options parse function ++ ******************************************************************************/ ++#include "opt_log.h" ++ ++#include ++#include ++#include ++ ++#include ++ ++#include "constants.h" ++#include "utils.h" ++#include "utils_array.h" ++#include "utils_convert.h" ++#include "utils_string.h" ++ ++#define DRIVER_MAX 2 ++ ++typedef int (*log_opt_callback_t)(const char *key, const char *value, char **parsed_val); ++ ++typedef struct log_opt_parse { ++ const char *key; ++ const char *real_key; ++ log_opt_callback_t cb; ++} log_opt_parse_t; ++ ++static int log_opt_common_cb(const char *key, const char *value, char **parsed_val) ++{ ++ *parsed_val = util_strdup_s(value); ++ return 0; ++} ++ ++static int log_opt_max_file_cb(const char *key, const char *value, char **parsed_val) ++{ ++ unsigned int ptr = 0; ++ int ret = -1; ++ ++ if (util_safe_uint(value, &ptr)) { ++ return ret; ++ } ++ if (ptr == 0) { ++ ERROR("Invalid option 'max-file', value:%s", value); ++ return ret; ++ } ++ ++ *parsed_val = util_strdup_s(value); ++ return 0; ++} ++ ++static int log_opt_syslog_facility(const char *key, const char *value, char **parsed_val) ++{ ++ const char *facility_values[] = { "kern", "user", "mail", "daemon", "auth", ++ "syslog", "lpr", "news", "uucp", "cron", ++ "authpriv", "ftp", "local0", "local1", "local2", ++ "local3", "local4", "local5", "local6", "local7" ++ }; ++ int i; ++ size_t f_len = sizeof(facility_values) / sizeof(const char *); ++ ++ for (i = 0; i < f_len; i++) { ++ if (strcmp(facility_values[i], value) == 0) { ++ break; ++ } ++ } ++ ++ if (i == f_len) { ++ ERROR("Invalid option 'syslog-facility', value:%s", value); ++ return -1; ++ } ++ ++ *parsed_val = util_strdup_s(value); ++ return 0; ++} ++ ++static int log_opt_disable_log_cb(const char *key, const char *value, char **parsed_val) ++{ ++ int ret = -1; ++ ++ if (strcmp(value, "true") == 0) { ++ *parsed_val = util_strdup_s("none"); ++ ret = 0; ++ } else if (strcmp(value, "false") == 0) { ++ ret = 0; ++ } ++ ++ if (ret != 0) { ++ ERROR("Invalid option 'disable-log', value:%s", value); ++ } ++ ++ return ret; ++} ++ ++bool parse_container_log_opt(const char *key, const char *val, json_map_string_string *opts) ++{ ++#define LOG_PARSER_MAX 5 ++ size_t i, j; ++ log_opt_parse_t support_parsers[LOG_PARSER_MAX] = { ++ { ++ .key = "max-size", ++ .real_key = CONTAINER_LOG_CONFIG_KEY_SIZE, ++ .cb = &log_opt_common_cb, ++ }, ++ { ++ .key = "max-file", ++ .real_key = CONTAINER_LOG_CONFIG_KEY_ROTATE, ++ .cb = &log_opt_max_file_cb, ++ }, ++ { ++ .key = "disable-log", ++ .real_key = CONTAINER_LOG_CONFIG_KEY_FILE, ++ .cb = &log_opt_disable_log_cb, ++ }, ++ { ++ .key = "syslog-tag", ++ .real_key = CONTAINER_LOG_CONFIG_KEY_SYSLOG_TAG, ++ .cb = &log_opt_common_cb, ++ }, ++ { ++ .key = "syslog-facility", ++ .real_key = CONTAINER_LOG_CONFIG_KEY_SYSLOG_FACILITY, ++ .cb = &log_opt_syslog_facility, ++ }, ++ }; ++ ++ if (key == NULL || opts == NULL) { ++ return false; ++ } ++ ++ for (i = 0; i < LOG_PARSER_MAX; i++) { ++ if (strcmp(key, support_parsers[i].key) == 0) { ++ char *parsed_val = NULL; ++ int nret; ++ ++ nret = support_parsers[i].cb(support_parsers[i].real_key, val, &parsed_val); ++ if (nret != 0) { ++ return false; ++ } ++ if (parsed_val == NULL) { ++ return true; ++ } ++ ++ // check whether seted option, if setted, ust replace ++ for (j = 0; j < opts->len; j++) { ++ if (strcmp(opts->keys[j], support_parsers[i].real_key) == 0) { ++ free(opts->values[j]); ++ opts->values[j] = parsed_val; ++ return true; ++ } ++ } ++ nret = append_json_map_string_string(opts, support_parsers[i].real_key, parsed_val); ++ return true; ++ } ++ } ++ ERROR("Unknow log opts: %s = %s", key, val); ++ return false; ++} ++ ++bool parse_container_log_opts(json_map_string_string **opts) ++{ ++ size_t i; ++ json_map_string_string *result = NULL; ++ ++ if (opts == NULL || *opts == NULL) { ++ return true; ++ } ++ result = util_common_calloc_s(sizeof(json_map_string_string)); ++ if (result == NULL) { ++ ERROR("Out of memory"); ++ return false; ++ } ++ ++ for (i = 0; i < (*opts)->len; i++) { ++ if ((*opts)->values[i] == NULL || strlen((*opts)->values[i]) > OPT_MAX_LEN) { ++ ERROR("Too large value: %s for key:%s", (*opts)->values[i], (*opts)->keys[i]); ++ free_json_map_string_string(result); ++ return false; ++ } ++ ++ if (!parse_container_log_opt((*opts)->keys[i], (*opts)->values[i], result)) { ++ free_json_map_string_string(result); ++ return false; ++ } ++ } ++ ++ free_json_map_string_string(*opts); ++ *opts = result; ++ return true; ++} ++ ++bool check_opt_container_log_opt(const char *driver, const char *opt_key) ++{ ++#define DRIVER_MAX 2 ++#define MAX_SUPPORT_KEY_LEN 3 ++ const char *support_keys[][MAX_SUPPORT_KEY_LEN] = { ++ { CONTAINER_LOG_CONFIG_KEY_FILE, CONTAINER_LOG_CONFIG_KEY_ROTATE, CONTAINER_LOG_CONFIG_KEY_SIZE }, ++ { CONTAINER_LOG_CONFIG_KEY_SYSLOG_TAG, CONTAINER_LOG_CONFIG_KEY_SYSLOG_FACILITY, NULL} ++ }; ++ const char *driver_idx[] = { CONTAINER_LOG_CONFIG_JSON_FILE_DRIVER, CONTAINER_LOG_CONFIG_SYSLOG_DRIVER }; ++ size_t i, idx; ++ ++ if (driver == NULL || opt_key == NULL) { ++ return false; ++ } ++ for (idx = 0; idx < DRIVER_MAX; idx++) { ++ if (strcmp(driver_idx[idx], driver) == 0) { ++ break; ++ } ++ } ++ if (idx == DRIVER_MAX) { ++ ERROR("Unsupport driver: %s", driver); ++ return false; ++ } ++ ++ for (i = 0; i < MAX_SUPPORT_KEY_LEN; i++) { ++ if (support_keys[idx][i] == NULL) { ++ break; ++ } ++ if (strcmp(support_keys[idx][i], opt_key) == 0) { ++ return true; ++ } ++ } ++ ++ ERROR("driver: %s, unsupport opts: %s", driver, opt_key); ++ return false; ++} ++ ++bool check_raw_log_opt(const char *key) ++{ ++ size_t i; ++ const char *support_keys[] = { ++ "max-size", "max-file", "disable-log", "syslog-tag", "syslog-facility" ++ }; ++ ++ if (key == NULL) { ++ return false; ++ } ++ ++ for (i = 0; i < sizeof(support_keys) / sizeof(const char *); i++) { ++ if (strcmp(key, support_keys[i]) == 0) { ++ return true; ++ } ++ } ++ ++ return false; ++} ++ ++bool check_opt_container_log_driver(const char *driver) ++{ ++ const char *supported_drivers[] = { CONTAINER_LOG_CONFIG_JSON_FILE_DRIVER, CONTAINER_LOG_CONFIG_SYSLOG_DRIVER }; ++ int i = 0; ++ ++ if (driver == NULL) { ++ return false; ++ } ++ ++ for (; i < DRIVER_MAX; i++) { ++ if (strcmp(driver, supported_drivers[i]) == 0) { ++ return true; ++ } ++ } ++ ++ return false; ++} ++ +diff --git a/src/cmd/options/opt_log.h b/src/cmd/options/opt_log.h +new file mode 100644 +index 00000000..f9daa02d +--- /dev/null ++++ b/src/cmd/options/opt_log.h +@@ -0,0 +1,39 @@ ++/****************************************************************************** ++ * Copyright (c) Huawei Technologies Co., Ltd. 2020. All rights reserved. ++ * iSulad licensed under the Mulan PSL v2. ++ * You can use this software according to the terms and conditions of the Mulan PSL v2. ++ * You may obtain a copy of Mulan PSL v2 at: ++ * http://license.coscl.org.cn/MulanPSL2 ++ * THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR ++ * IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR ++ * PURPOSE. ++ * See the Mulan PSL v2 for more details. ++ * Author: haozi007 ++ * Create: 2020-11-13 ++ * Description: provide log options parse function ++ ******************************************************************************/ ++#ifndef CMD_OPTIONS_LOG_H ++#define CMD_OPTIONS_LOG_H ++ ++#include ++#include ++ ++#ifdef __cplusplus ++extern "C" { ++#endif ++ ++bool check_raw_log_opt(const char *key); ++ ++bool check_opt_container_log_opt(const char *driver, const char *opt); ++ ++bool check_opt_container_log_driver(const char *driver); ++ ++bool parse_container_log_opt(const char *key, const char *val, json_map_string_string *opts); ++ ++bool parse_container_log_opts(json_map_string_string **opts); ++ ++#ifdef __cplusplus ++} ++#endif ++ ++#endif +diff --git a/src/common/constants.h b/src/common/constants.h +index 457e2423..dd2f3e5e 100644 +--- a/src/common/constants.h ++++ b/src/common/constants.h +@@ -82,6 +82,8 @@ extern "C" { + + #define CONTAINER_LOG_CONFIG_JSON_FILE_DRIVER "json-file" + #define CONTAINER_LOG_CONFIG_SYSLOG_DRIVER "syslog" ++ ++#define CONTAINER_LOG_CONFIG_KEY_PREFIX "log.console." + #define CONTAINER_LOG_CONFIG_KEY_DRIVER "log.console.driver" + #define CONTAINER_LOG_CONFIG_KEY_FILE "log.console.file" + #define CONTAINER_LOG_CONFIG_KEY_ROTATE "log.console.filerotate" +@@ -121,6 +123,8 @@ extern "C" { + + #define MAX_HOSTS 10 + ++#define OPT_MAX_LEN 255 ++ + #define EVENT_ARGS_MAX 255 + #define EVENT_EXTRA_ANNOTATION_MAX 255 + +diff --git a/src/contrib/config/daemon.json b/src/contrib/config/daemon.json +index 9ffb08ef..d2ce4d02 100644 +--- a/src/contrib/config/daemon.json ++++ b/src/contrib/config/daemon.json +@@ -13,6 +13,9 @@ + "max-size": "30KB" + }, + "log-driver": "stdout", ++ "container-log": { ++ "driver": "json-file" ++ }, + "hook-spec": "/etc/default/isulad/hooks/default.json", + "start-timeout": "2m", + "storage-driver": "overlay2", +diff --git a/src/daemon/config/daemon_arguments.c b/src/daemon/config/daemon_arguments.c +index ef287645..ba41a9a5 100644 +--- a/src/daemon/config/daemon_arguments.c ++++ b/src/daemon/config/daemon_arguments.c +@@ -137,6 +137,14 @@ int service_arguments_init(struct service_arguments *args) + args->max_file = 7; + args->max_size = 1024 * 1024; + ++ // init container log configs ++ args->json_confs->container_log = (isulad_daemon_configs_container_log *)util_common_calloc_s(sizeof( ++ isulad_daemon_configs_container_log)); ++ if (args->json_confs->container_log == NULL) { ++ ERROR("Out of memory"); ++ goto free_out; ++ } ++ + args->json_confs->pidfile = util_strdup_s("/var/run/isulad.pid"); + args->json_confs->storage_driver = util_strdup_s("overlay2"); + args->json_confs->native_umask = util_strdup_s(UMASK_SECURE); +@@ -149,7 +157,6 @@ int service_arguments_init(struct service_arguments *args) + *(args->json_confs->use_decrypted_key) = true; + args->json_confs->insecure_skip_verify_enforce = false; + +- args->image_opt_timeout = 5 * 60; // default image operation timeout 300s + if (set_daemon_default_tls_options(args) != 0) { + goto free_out; + } +@@ -241,6 +248,7 @@ int server_log_opt_parser(struct service_arguments *args, const char *option) + ret = append_json_map_string_string(args->json_confs->log_opts, key, value); + } + ++ tmp[len] = '='; + out: + free(tmp); + return ret; +@@ -310,4 +318,4 @@ void free_default_ulimit(host_config_ulimits_element **default_ulimit) + free_host_config_ulimits_element(*p); + } + free(default_ulimit); +-} +\ No newline at end of file ++} +diff --git a/src/daemon/config/daemon_arguments.h b/src/daemon/config/daemon_arguments.h +index 77feb4d1..54099c81 100644 +--- a/src/daemon/config/daemon_arguments.h ++++ b/src/daemon/config/daemon_arguments.h +@@ -31,38 +31,40 @@ extern "C" { + typedef void (*service_arguments_help_t)(void); + + struct service_arguments { +- char *progname; + service_arguments_help_t print_help; + +- bool quiet; +- bool help; +- bool version; +- char **hosts; +- size_t hosts_len; +- +- // struct service_arguments *server_conf; ++ struct { /* common args */ ++ char *progname; ++ bool quiet; ++ bool help; ++ bool version; ++ char **hosts; ++ size_t hosts_len; ++ unsigned int websocket_server_listening_port; ++ }; ++ ++ struct { /* default configs for container */ ++ // daemon hooks config ++ oci_runtime_spec_hooks *hooks; ++ ++ host_config_ulimits_element **default_ulimit; ++ size_t default_ulimit_len; ++ ++ unsigned int start_timeout; ++ }; ++ ++ struct { /* daemon log configs */ ++ unsigned int log_file_mode; ++ char *logpath; ++ int64_t max_size; ++ int max_file; ++ }; ++ ++ // store all daemon.json configs + isulad_daemon_configs *json_confs; + +- /* parsed configs */ +- oci_runtime_spec_hooks *hooks; +- +- unsigned int start_timeout; +- unsigned int image_opt_timeout; +- +- /* log-opts */ +- unsigned int log_file_mode; +- char *logpath; +- int64_t max_size; +- int max_file; +- +- /* default configs */ +- host_config_ulimits_element **default_ulimit; +- size_t default_ulimit_len; +- unsigned int websocket_server_listening_port; +- + // remaining arguments + char * const *argv; +- + int argc; + }; + +diff --git a/src/daemon/config/isulad_config.c b/src/daemon/config/isulad_config.c +index f6e5ffdb..314545fa 100644 +--- a/src/daemon/config/isulad_config.c ++++ b/src/daemon/config/isulad_config.c +@@ -27,9 +27,9 @@ + #include + #include + #include ++#include + + #include "constants.h" +-#include "isula_libutils/log.h" + #include "utils.h" + #include "sysinfo.h" + #include "err_msg.h" +@@ -815,6 +815,61 @@ out: + return logdriver; + } + ++/* conf get default container log opts */ ++int conf_get_container_log_opts(isulad_daemon_configs_container_log **opts) ++{ ++ struct service_arguments *conf = NULL; ++ isulad_daemon_configs_container_log *result = NULL; ++ isulad_daemon_configs_container_log *work = NULL; ++ size_t i; ++ int ret = 0; ++ ++ if (isulad_server_conf_rdlock() != 0) { ++ return -1; ++ } ++ ++ conf = conf_get_server_conf(); ++ if (conf == NULL || conf->json_confs->container_log == NULL) { ++ goto out; ++ } ++ work = conf->json_confs->container_log; ++ ++ result = util_common_calloc_s(sizeof(isulad_daemon_configs_container_log)); ++ if (result == NULL) { ++ ERROR("Out of memory"); ++ ret = -1; ++ goto out; ++ } ++ result->driver = util_strdup_s(work->driver); ++ if (work->opts == NULL) { ++ *opts = result; ++ result = NULL; ++ goto out; ++ } ++ if (work->opts->len > 0) { ++ result->opts = util_common_calloc_s(sizeof(json_map_string_string)); ++ if (result->opts == NULL) { ++ ERROR("Out of memory"); ++ ret = -1; ++ goto out; ++ } ++ } ++ for (i = 0; i < work->opts->len; i++) { ++ if (append_json_map_string_string(result->opts, work->opts->keys[i], work->opts->values[i]) != 0) { ++ ERROR("Out of memory"); ++ ret = -1; ++ goto out; ++ } ++ } ++ ++ *opts = result; ++ result = NULL; ++out: ++ (void)isulad_server_conf_unlock(); ++ free_isulad_daemon_configs_container_log(result); ++ return ret; ++} ++ + /* conf get image layer check flag */ + bool conf_get_image_layer_check_flag() + { +@@ -1311,7 +1366,7 @@ static int merge_hosts_conf_into_global(struct service_arguments *args, const is + return 0; + } + +-static int merge_logs_conf_into_global(struct service_arguments *args, isulad_daemon_configs *tmp_json_confs) ++static int do_merge_daemon_logs_conf(struct service_arguments *args, isulad_daemon_configs *tmp_json_confs) + { + size_t i; + +@@ -1334,6 +1389,31 @@ static int merge_logs_conf_into_global(struct service_arguments *args, isulad_da + return 0; + } + ++// just mask isulad config to args ++static int do_merge_container_logs_conf(struct service_arguments *args, isulad_daemon_configs *tmp_json_confs) ++{ ++ if (tmp_json_confs->container_log == NULL) { ++ return 0; ++ } ++ ++ // do not check valid of json log opts at here; ++ // while all config ready to do check. ++ free_isulad_daemon_configs_container_log(args->json_confs->container_log); ++ args->json_confs->container_log = tmp_json_confs->container_log; ++ tmp_json_confs->container_log = NULL; ++ ++ return 0; ++} ++ ++static int merge_logs_conf_into_global(struct service_arguments *args, isulad_daemon_configs *tmp_json_confs) ++{ ++ if (do_merge_daemon_logs_conf(args, tmp_json_confs)) { ++ return -1; ++ } ++ ++ return do_merge_container_logs_conf(args, tmp_json_confs); ++} ++ + static int merge_authorization_conf_into_global(struct service_arguments *args, isulad_daemon_configs *tmp_json_confs) + { + args->json_confs->tls = tmp_json_confs->tls; +diff --git a/src/daemon/config/isulad_config.h b/src/daemon/config/isulad_config.h +index b5c64c54..fb523e5d 100644 +--- a/src/daemon/config/isulad_config.h ++++ b/src/daemon/config/isulad_config.h +@@ -51,6 +51,8 @@ char *conf_get_isulad_log_gather_fifo_path(); + + int conf_get_cgroup_cpu_rt(int64_t *cpu_rt_period, int64_t *cpu_rt_runtime); + ++int conf_get_container_log_opts(isulad_daemon_configs_container_log **opts); ++ + char *conf_get_isulad_log_file(); + char *conf_get_engine_log_file(); + char *conf_get_enable_plugins(); +diff --git a/src/daemon/executor/container_cb/execution_create.c b/src/daemon/executor/container_cb/execution_create.c +index 188d58b2..c2ddf88b 100644 +--- a/src/daemon/executor/container_cb/execution_create.c ++++ b/src/daemon/executor/container_cb/execution_create.c +@@ -57,6 +57,7 @@ + #include "utils_timestamp.h" + #include "utils_verify.h" + #include "selinux_label.h" ++#include "opt_log.h" + + static int do_init_cpurt_cgroups_path(const char *path, int recursive_depth, const char *mnt_root, + int64_t cpu_rt_period, int64_t cpu_rt_runtime); +@@ -213,67 +214,128 @@ static container_config *get_container_spec_from_request(const container_create_ + return container_spec; + } + +-static int add_default_log_config_to_container_spec(const char *id, const char *runtime_root, +- container_config *container_spec) ++static void set_container_log_config_driver(isulad_daemon_configs_container_log *opts, container_config *container_spec) + { +- int ret = 0; +- int i = 0; +- bool file_found = false; +- bool rotate_found = false; +- bool size_found = false; ++ if (container_spec->log_driver != NULL) { ++ return; ++ } ++ ++ // use daemon container log driver ++ container_spec->log_driver = util_strdup_s(opts->driver); ++ if (container_spec->log_driver != NULL) { ++ return; ++ } ++ ++ // use default container log driver ++ container_spec->log_driver = util_strdup_s(CONTAINER_LOG_CONFIG_JSON_FILE_DRIVER); ++} + +- /* generate default log path */ +- if (container_spec->log_driver != NULL && +- strcmp(CONTAINER_LOG_CONFIG_SYSLOG_DRIVER, container_spec->log_driver) == 0) { ++static int merge_container_log_config_opts(const char *daemon_driver, const json_map_string_string *daemon_opts, ++ container_config *spec) ++{ ++ size_t i, j; ++ ++ if (daemon_driver == NULL || strcmp(daemon_driver, spec->log_driver) != 0) { ++ // daemon driver different with spec, just ignore log opts of daemon + return 0; + } + +- if (container_spec->annotations == NULL) { +- container_spec->annotations = util_common_calloc_s(sizeof(json_map_string_string)); ++ // merge daemon container log opts into spec ++ for (i = 0; daemon_opts != NULL && i < daemon_opts->len; i++) { ++ for (j = 0; j < spec->annotations->len; j++) { ++ if (strcmp(spec->annotations->keys[j], daemon_opts->keys[i]) == 0) { ++ break; ++ } ++ } ++ if (j == spec->annotations->len && ++ append_json_map_string_string(spec->annotations, daemon_opts->keys[i], daemon_opts->values[i]) != 0) { ++ ERROR("Out of memory"); ++ return -1; ++ } + } +- if (container_spec->annotations == NULL) { ++ ++ return 0; ++} ++ ++static int do_set_default_log_path_for_json_file(const char *id, const char *root, bool file_found, ++ container_config *spec) ++{ ++ int nret = 0; ++ char default_path[PATH_MAX] = { 0 }; ++ ++ nret = snprintf(default_path, PATH_MAX, "%s/%s/console.log", root, id); ++ if (nret < 0 || nret >= PATH_MAX) { ++ ERROR("Create default log path for container %s failed", id); ++ return -1; ++ } ++ nret = append_json_map_string_string(spec->annotations, CONTAINER_LOG_CONFIG_KEY_FILE, default_path); ++ if (nret != 0) { + ERROR("Out of memory"); +- ret = -1; +- goto out; ++ return -1; + } + +- for (; i < container_spec->annotations->len; i++) { +- const char *tmp_key = container_spec->annotations->keys[i]; ++ return 0; ++} ++ ++static int do_check_container_log_config_opts(const char *id, const char *root, container_config *spec) ++{ ++ size_t i; ++ bool file_found = false; ++ ++ // check log opts is support by driver ++ for (i = 0; i < spec->annotations->len; i++) { ++ const char *tmp_key = spec->annotations->keys[i]; ++ if (strncmp(tmp_key, CONTAINER_LOG_CONFIG_KEY_PREFIX, strlen(CONTAINER_LOG_CONFIG_KEY_PREFIX)) != 0) { ++ // ignore other configs ++ continue; ++ } ++ DEBUG("check log opt key: %s for driver: %s", tmp_key, spec->log_driver); ++ if (!check_opt_container_log_opt(spec->log_driver, tmp_key)) { ++ isulad_set_error_message("container log driver: %s, unsupport: %s", spec->log_driver, tmp_key); ++ return -1; ++ } ++ + if (strcmp(CONTAINER_LOG_CONFIG_KEY_FILE, tmp_key) == 0) { + file_found = true; +- } else if (strcmp(CONTAINER_LOG_CONFIG_KEY_ROTATE, tmp_key) == 0) { +- rotate_found = true; +- } else if (strcmp(CONTAINER_LOG_CONFIG_KEY_SIZE, tmp_key) == 0) { +- size_found = true; + } + } +- if (!file_found) { +- char default_path[PATH_MAX] = { 0 }; +- int nret = snprintf(default_path, PATH_MAX, "%s/%s/console.log", runtime_root, id); +- if (nret < 0 || nret >= PATH_MAX) { +- ERROR("Create default log path for container %s failed", id); +- ret = -1; +- goto out; +- } +- ret = append_json_map_string_string(container_spec->annotations, CONTAINER_LOG_CONFIG_KEY_FILE, default_path); +- if (ret != 0) { +- goto out; +- } ++ ++ if (!file_found && strcmp(spec->log_driver, CONTAINER_LOG_CONFIG_JSON_FILE_DRIVER) == 0) { ++ return do_set_default_log_path_for_json_file(id, root, file_found, spec); + } +- if (!rotate_found) { +- ret = append_json_map_string_string(container_spec->annotations, CONTAINER_LOG_CONFIG_KEY_ROTATE, "7"); +- if (ret != 0) { +- goto out; +- } ++ ++ return 0; ++} ++ ++static int set_container_log_config_to_container_spec(const char *id, const char *runtime_root, ++ container_config *container_spec) ++{ ++ int ret = 0; ++ isulad_daemon_configs_container_log *daemon_container_opts = NULL; ++ ++ if (conf_get_container_log_opts(&daemon_container_opts) != 0) { ++ return -1; + } +- if (!size_found) { +- ret = append_json_map_string_string(container_spec->annotations, CONTAINER_LOG_CONFIG_KEY_SIZE, "30KB"); +- if (ret != 0) { +- goto out; +- } ++ ++ set_container_log_config_driver(daemon_container_opts, container_spec); ++ ++ if (container_spec->annotations == NULL) { ++ container_spec->annotations = util_common_calloc_s(sizeof(json_map_string_string)); ++ } ++ if (container_spec->annotations == NULL) { ++ ERROR("Out of memory"); ++ ret = -1; ++ goto out; ++ } ++ ++ ret = merge_container_log_config_opts(daemon_container_opts->driver, daemon_container_opts->opts, container_spec); ++ if (ret != 0) { ++ goto out; + } ++ ret = do_check_container_log_config_opts(id, runtime_root, container_spec); + + out: ++ free_isulad_daemon_configs_container_log(daemon_container_opts); + return ret; + } + +@@ -287,7 +349,7 @@ static container_config *get_container_spec(const char *id, const char *runtime_ + return NULL; + } + +- if (add_default_log_config_to_container_spec(id, runtime_root, container_spec)) { ++ if (set_container_log_config_to_container_spec(id, runtime_root, container_spec)) { + goto error_out; + } + +diff --git a/src/daemon/modules/service/service_container.c b/src/daemon/modules/service/service_container.c +index 529a68de..ae5db17d 100644 +--- a/src/daemon/modules/service/service_container.c ++++ b/src/daemon/modules/service/service_container.c +@@ -770,6 +770,7 @@ static int do_start_container(container_t *cont, const char *console_fifos[], bo + goto close_exit_fd; + } + ++ + create_params.bundle = bundle; + create_params.state = cont->state_path; + create_params.oci_config_data = oci_spec; +-- +2.25.1 + diff --git a/0017-add-testcase-for-default-container-log-configs.patch b/0017-add-testcase-for-default-container-log-configs.patch new file mode 100644 index 0000000..42856a0 --- /dev/null +++ b/0017-add-testcase-for-default-container-log-configs.patch @@ -0,0 +1,231 @@ +From acbcd786e29a9d3764d69db02ad485d94da1315c Mon Sep 17 00:00:00 2001 +From: haozi007 +Date: Thu, 3 Dec 2020 10:36:07 +0800 +Subject: [PATCH 17/17] add testcase for default container log configs + +Signed-off-by: haozi007 +--- + CI/test_cases/container_cases/log_test.sh | 166 ++++++++++++++++++ + .../container_cases/test_data/daemon.json | 37 ++++ + 2 files changed, 203 insertions(+) + create mode 100755 CI/test_cases/container_cases/log_test.sh + create mode 100644 CI/test_cases/container_cases/test_data/daemon.json + +diff --git a/CI/test_cases/container_cases/log_test.sh b/CI/test_cases/container_cases/log_test.sh +new file mode 100755 +index 00000000..08abf212 +--- /dev/null ++++ b/CI/test_cases/container_cases/log_test.sh +@@ -0,0 +1,166 @@ ++#!/bin/bash ++# ++# attributes: isulad container log ++# concurrent: NA ++# spend time: 46 ++ ++curr_path=$(dirname $(readlink -f "$0")) ++data_path=$(realpath $curr_path/test_data) ++source ../helpers.sh ++ ++function do_pre() ++{ ++ mv /etc/isulad/daemon.json /etc/isulad/daemon.bak ++ cp ${data_path}/daemon.json /etc/isulad/daemon.json ++} ++ ++function do_post() ++{ ++ cp -f /etc/isulad/daemon.bak /etc/isulad/daemon.json ++ check_valgrind_log ++ start_isulad_with_valgrind ++} ++ ++function do_check_item() ++{ ++ cat ${ISULAD_ROOT_PATH}/engine/lcr/$1/config | grep console | grep "$2" ++ if [ $? -ne 0 ]; then ++ msg_err "expect $2" ++ TC_RET_T=$(($TC_RET_T+1)) ++ fi ++} ++ ++function do_test_syslog_helper() ++{ ++ msg_info "this is $0 do_test" ++ ++ crictl pull busybox ++ if [ $? -ne 0 ]; then ++ msg_err "Failed to pull busybox image" ++ TC_RET_T=$(($TC_RET_T+1)) ++ fi ++ ++ cid=`isula run -tid busybox sh` ++ if [ $? -ne 0 ]; then ++ msg_err "Failed to run container" ++ TC_RET_T=$(($TC_RET_T+1)) ++ fi ++ ++ do_check_item ${cid} "logdriver = syslog" ++ ++ if [ "x$1" != "x" ]; then ++ do_check_item ${cid} "syslog_tag = $1" ++ fi ++ ++ isula rm -f ${cid} ++ if [ $? -ne 0 ]; then ++ msg_err "Failed to remove container" ++ TC_RET_T=$(($TC_RET_T+1)) ++ fi ++ ++ return $TC_RET_T ++} ++ ++function do_test_json_file_helper() ++{ ++ msg_info "this is $0 do_test" ++ local file_cnt=7 ++ local file_size=1MB ++ ++ if [ "x$1" != "x" ]; then ++ file_cnt=$1 ++ fi ++ if [ "x$2" != "x" ]; then ++ file_size=$2 ++ fi ++ ++ cid=`isula run -tid busybox sh` ++ if [ $? -ne 0 ]; then ++ msg_err "Failed to run container" ++ TC_RET_T=$(($TC_RET_T+1)) ++ fi ++ ++ do_check_item ${cid} "logdriver = json-file" ++ do_check_item ${cid} "rotate = $file_cnt" ++ do_check_item ${cid} "size = $file_size" ++ ++ isula rm -f ${cid} ++ if [ $? -ne 0 ]; then ++ msg_err "Failed to remove container" ++ TC_RET_T=$(($TC_RET_T+1)) ++ fi ++ ++ return $TC_RET_T ++} ++ ++function do_test_container_log() ++{ ++ msg_info "this is $0 do_test" ++ ++ cid=`isula run -tid --log-driver=json-file busybox sh` ++ if [ $? -ne 0 ]; then ++ msg_err "Failed to run container" ++ TC_RET_T=$(($TC_RET_T+1)) ++ fi ++ do_check_item ${cid} "logdriver = json-file" ++ do_check_item ${cid} "rotate = 7" ++ do_check_item ${cid} "size = 1MB" ++ ++ cid=`isula run -tid --log-driver=json-file --log-opt="max-file=8" busybox sh` ++ if [ $? -ne 0 ]; then ++ msg_err "Failed to run container" ++ TC_RET_T=$(($TC_RET_T+1)) ++ fi ++ do_check_item ${cid} "logdriver = json-file" ++ do_check_item ${cid} "rotate = 8" ++ do_check_item ${cid} "size = 1MB" ++ ++ cid=`isula run -tid --log-driver=json-file --log-opt="max-size=128KB" busybox sh` ++ if [ $? -ne 0 ]; then ++ msg_err "Failed to run container" ++ TC_RET_T=$(($TC_RET_T+1)) ++ fi ++ do_check_item ${cid} "logdriver = json-file" ++ do_check_item ${cid} "rotate = 7" ++ do_check_item ${cid} "size = 128KB" ++ ++ cid=`isula run -tid --log-driver=json-file --log-opt="disable-log=true" busybox sh` ++ if [ $? -ne 0 ]; then ++ msg_err "Failed to run container" ++ TC_RET_T=$(($TC_RET_T+1)) ++ fi ++ cat ${ISULAD_ROOT_PATH}/engine/lcr/${cid}/config | grep console | grep "logfile =" ++ if [ $? -eq 0 ]; then ++ msg_err "Failed to disable log" ++ TC_RET_T=$(($TC_RET_T+1)) ++ fi ++ ++ isula rm -f `isula ps -aq` ++ return $TC_RET_T ++} ++ ++function do_test() { ++ check_valgrind_log ++ start_isulad_with_valgrind --log-opts="syslog-tag=xxxx" ++ ++ do_test_syslog_helper "xxxx" ++ ++ check_valgrind_log ++ start_isulad_with_valgrind --log-driver=json-file --log-opts="max-size=10MB" --log-opts="max-file=3" ++ do_test_json_file_helper "3" "10MB" ++ ++ check_valgrind_log ++ start_isulad_with_valgrind ++ do_test_container_log ++} ++ ++ret=0 ++ ++do_pre ++if [ $? -ne 0 ];then ++ let "ret=$ret + 1" ++fi ++ ++do_post ++ ++show_result $ret "cni base test" +diff --git a/CI/test_cases/container_cases/test_data/daemon.json b/CI/test_cases/container_cases/test_data/daemon.json +new file mode 100644 +index 00000000..f8914ed4 +--- /dev/null ++++ b/CI/test_cases/container_cases/test_data/daemon.json +@@ -0,0 +1,37 @@ ++{ ++ "group": "isula", ++ "default-runtime": "lcr", ++ "graph": "/var/lib/isulad", ++ "state": "/var/run/isulad", ++ "engine": "lcr", ++ "log-level": "ERROR", ++ "pidfile": "/var/run/isulad.pid", ++ "log-opts": { ++ "log-file-mode": "0600", ++ "log-path": "/var/lib/isulad", ++ "max-file": "1", ++ "max-size": "30KB" ++ }, ++ "log-driver": "stdout", ++ "container-log": { ++ "driver": "syslog" ++ }, ++ "hook-spec": "/etc/default/isulad/hooks/default.json", ++ "start-timeout": "2m", ++ "storage-driver": "overlay2", ++ "storage-opts": [ ++ "overlay2.override_kernel_check=true" ++ ], ++ "registry-mirrors": [ ++ ], ++ "insecure-registries": [ ++ ], ++ "pod-sandbox-image": "", ++ "native.umask": "secure", ++ "network-plugin": "", ++ "cni-bin-dir": "", ++ "cni-conf-dir": "", ++ "image-layer-check": false, ++ "use-decrypted-key": true, ++ "insecure-skip-verify-enforce": false ++} +-- +2.25.1 + diff --git a/iSulad.spec b/iSulad.spec index 6c87a09..331b8d8 100644 --- a/iSulad.spec +++ b/iSulad.spec @@ -1,5 +1,5 @@ %global _version 2.0.7 -%global _release 20201128.095506.git1e1623a5 +%global _release 20201203.190902.git48f598fd %global is_systemd 1 Name: iSulad @@ -22,6 +22,13 @@ Patch0007: 0007-add-mock-conf_get_use_decrypted_key_flag-and-setup-a.patch Patch0008: 0008-show-all-mutl-network-ips.patch Patch0009: 0009-iSulad-only-qsort-the-configed-mounts.patch Patch0010: 0010-CI-add-testcases-for-bind-proc-and-sys-fs.patch +Patch0011: 0011-verify-peer-if-it-s-secure-registry.patch +Patch0012: 0012-make-sure-all-certs-load-success-if-any-provided.patch +Patch0013: 0013-add-ch-docs-for-install-iSulad.patch +Patch0014: 0014-error-out-if-unpack-layer-failed.patch +Patch0015: 0015-ignore-get-ip-error-for-mutlnetwork.patch +Patch0016: 0016-support-default-container-log-options.patch +Patch0017: 0017-add-testcase-for-default-container-log-configs.patch %ifarch x86_64 aarch64 Provides: libhttpclient.so()(64bit) @@ -224,6 +231,12 @@ fi %endif %changelog +* Thu Dec 3 2020 haozi007 - 2.0.7-20201203.190902.git48f598fd +- Type:update from master +- ID:NA +- SUG:NA +- DESC: update from master + * Sat Nov 28 2020 lifeng - 2.0.7-20201128.095506.git1e1623a5 - Type: bugfix - ID:NA