packages/iSulad
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

!638 upgrade from upstream

Browse Source 
* upgrade from upstream
This commit is contained in:
zhongtao 2023-12-21 02:03:18 +00:00 committed by haozi007
parent 7da5d7790b
commit c36bc934aa
50 changed files with 12194 additions and 18 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

202
0016-improve-event-logs.patch Normal file
View File

@ -0,0 +1,202 @@
From d611f18abac0f4077c9bf85f76162719cc5e55eb Mon Sep 17 00:00:00 2001
From: haozi007 <liuhao27@huawei.com>
Date: Tue, 14 Nov 2023 15:12:39 +0800
Subject: [PATCH 16/64] improve event logs
Signed-off-by: haozi007 <liuhao27@huawei.com>
---
.../grpc/cri/v1/cri_v1_runtime_runtime_service.cc | 13 ++++++++-----
.../grpc/cri/v1alpha/cri_runtime_runtime_service.cc | 10 +++++++---
src/daemon/entry/cri/cni_network_plugin.cc | 6 +++---
.../cri/v1alpha/cri_pod_sandbox_manager_service.cc | 3 ++-
src/daemon/executor/volume_cb/volume_cb.c | 4 ++--
src/daemon/modules/network/native/adaptor_native.c | 8 ++++----
6 files changed, 26 insertions(+), 18 deletions(-)
diff --git a/src/daemon/entry/connect/grpc/cri/v1/cri_v1_runtime_runtime_service.cc b/src/daemon/entry/connect/grpc/cri/v1/cri_v1_runtime_runtime_service.cc
index b8d5746c..1db79307 100644
--- a/src/daemon/entry/connect/grpc/cri/v1/cri_v1_runtime_runtime_service.cc
+++ b/src/daemon/entry/connect/grpc/cri/v1/cri_v1_runtime_runtime_service.cc
@@ -75,7 +75,7 @@ grpc::Status RuntimeV1RuntimeServiceImpl::CreateContainer(grpc::ServerContext *c
return grpc::Status(grpc::StatusCode::INVALID_ARGUMENT, "Invalid input arguments");
}
- EVENT("Event: {Object: CRI, Type: Creating Container}");
+ EVENT("Event: {Object: CRI, Type: Creating Container for sandbox: %s}", request->pod_sandbox_id().c_str());
std::string responseID =
m_rService->CreateContainer(request->pod_sandbox_id(), request->config(), request->sandbox_config(), error);
@@ -316,17 +316,20 @@ grpc::Status RuntimeV1RuntimeServiceImpl::RunPodSandbox(grpc::ServerContext *con
ERROR("Invalid input arguments");
return grpc::Status(grpc::StatusCode::INVALID_ARGUMENT, "Invalid input arguments");
}
-
- EVENT("Event: {Object: CRI, Type: Running Pod}");
+ if (request->has_config() && request->config().has_metadata()) {
+ EVENT("Event: {Object: CRI, Type: Running Pod: %s}", request->config().metadata().name().c_str());
+ } else {
+ EVENT("Event: {Object: CRI, Type: Running Pod}");
+ }
std::string responseID = m_rService->RunPodSandbox(request->config(), request->runtime_handler(), error);
if (!error.Empty() || responseID.empty()) {
- ERROR("Object: CRI, Type: Failed to run pod:%s", error.GetMessage().c_str());
+ ERROR("Object: CRI, Type: Failed to run pod: %s", error.GetMessage().c_str());
return grpc::Status(grpc::StatusCode::UNKNOWN, error.GetMessage());
}
reply->set_pod_sandbox_id(responseID);
- EVENT("Event: {Object: CRI, Type: Run Pod success}");
+ EVENT("Event: {Object: CRI, Type: Run Pod: %s success}", responseID.c_str());
return grpc::Status::OK;
}
diff --git a/src/daemon/entry/connect/grpc/cri/v1alpha/cri_runtime_runtime_service.cc b/src/daemon/entry/connect/grpc/cri/v1alpha/cri_runtime_runtime_service.cc
index ec3f01cd..a56b167c 100644
--- a/src/daemon/entry/connect/grpc/cri/v1alpha/cri_runtime_runtime_service.cc
+++ b/src/daemon/entry/connect/grpc/cri/v1alpha/cri_runtime_runtime_service.cc
@@ -73,7 +73,7 @@ grpc::Status RuntimeRuntimeServiceImpl::CreateContainer(grpc::ServerContext *con
return grpc::Status(grpc::StatusCode::INVALID_ARGUMENT, "Invalid input arguments");
}
- EVENT("Event: {Object: CRI, Type: Creating Container}");
+ EVENT("Event: {Object: CRI, Type: Creating Container for sandbox: %s}", request->pod_sandbox_id().c_str());
std::string responseID =
m_rService->CreateContainer(request->pod_sandbox_id(), request->config(), request->sandbox_config(), error);
@@ -315,7 +315,11 @@ grpc::Status RuntimeRuntimeServiceImpl::RunPodSandbox(grpc::ServerContext *conte
return grpc::Status(grpc::StatusCode::INVALID_ARGUMENT, "Invalid input arguments");
}
- EVENT("Event: {Object: CRI, Type: Running Pod}");
+ if (request->has_config() && request->config().has_metadata()) {
+ EVENT("Event: {Object: CRI, Type: Running Pod: %s}", request->config().metadata().name().c_str());
+ } else {
+ EVENT("Event: {Object: CRI, Type: Running Pod}");
+ }
std::string responseID = m_rService->RunPodSandbox(request->config(), request->runtime_handler(), error);
if (!error.Empty() || responseID.empty()) {
@@ -324,7 +328,7 @@ grpc::Status RuntimeRuntimeServiceImpl::RunPodSandbox(grpc::ServerContext *conte
}
reply->set_pod_sandbox_id(responseID);
- EVENT("Event: {Object: CRI, Type: Run Pod success}");
+ EVENT("Event: {Object: CRI, Type: Run Pod: %s success}", responseID.c_str());
return grpc::Status::OK;
}
diff --git a/src/daemon/entry/cri/cni_network_plugin.cc b/src/daemon/entry/cri/cni_network_plugin.cc
index 656fceda..377796ee 100644
--- a/src/daemon/entry/cri/cni_network_plugin.cc
+++ b/src/daemon/entry/cri/cni_network_plugin.cc
@@ -612,12 +612,12 @@ void CniNetworkPlugin::SetUpPod(const std::string &ns, const std::string &name,
if (g_isulad_errmsg != nullptr) {
err.SetError(g_isulad_errmsg);
} else {
- err.Errorf("setup cni for container: %s failed", id.c_str());
+ err.Errorf("setup cni for sandbox: %s failed", id.c_str());
}
// rollback all network plane
// if mutl-networks, one network plane failed, cause to left network can not be delete.
if (network_module_detach(config, NETWOKR_API_TYPE_CRI) != 0) {
- WARN("rollback all network for: %s failed", id.c_str());
+ WARN("rollback all network for sandbox: %s failed", id.c_str());
}
}
@@ -671,7 +671,7 @@ void CniNetworkPlugin::TearDownPod(const std::string &ns, const std::string &nam
}
if (network_module_detach(config, NETWOKR_API_TYPE_CRI) != 0) {
- err.Errorf("teardown cni for container: %s failed", id.c_str());
+ err.Errorf("teardown cni for sandbox: %s failed", id.c_str());
}
UnlockNetworkMap(err);
diff --git a/src/daemon/entry/cri/v1alpha/cri_pod_sandbox_manager_service.cc b/src/daemon/entry/cri/v1alpha/cri_pod_sandbox_manager_service.cc
index 8533bb8c..8eff22ac 100644
--- a/src/daemon/entry/cri/v1alpha/cri_pod_sandbox_manager_service.cc
+++ b/src/daemon/entry/cri/v1alpha/cri_pod_sandbox_manager_service.cc
@@ -618,6 +618,7 @@ auto PodSandboxManagerService::RunPodSandbox(const runtime::v1alpha2::PodSandbox
// Step 2: Create the sandbox container.
response_id = CreateSandboxContainer(config, image, jsonCheckpoint, runtimeHandler, error);
if (error.NotEmpty()) {
+ ERROR("Create sandbox failed: %s", error.GetCMessage());
goto cleanup;
}
@@ -672,7 +673,7 @@ auto PodSandboxManagerService::RunPodSandbox(const runtime::v1alpha2::PodSandbox
UpdatePodSandboxNetworkSettings(response_id, network_setting_json, tmpErr);
// If saving network settings failed, ignore error
if (tmpErr.NotEmpty()) {
- WARN("%s", tmpErr.GetCMessage());
+ WARN("Update sandbox network setting err: %s", tmpErr.GetCMessage());
}
}
goto cleanup;
diff --git a/src/daemon/executor/volume_cb/volume_cb.c b/src/daemon/executor/volume_cb/volume_cb.c
index 2148922e..ff5973b8 100644
--- a/src/daemon/executor/volume_cb/volume_cb.c
+++ b/src/daemon/executor/volume_cb/volume_cb.c
@@ -52,7 +52,7 @@ static int volume_list_cb(const volume_list_volume_request *request, volume_list
goto err_out;
}
- EVENT("Volume Event: {Object: list volumes, Type: listing}");
+ INFO("Volume Event: {Object: list volumes, Type: listing}");
list = volume_list();
if (list == NULL) {
@@ -85,7 +85,7 @@ static int volume_list_cb(const volume_list_volume_request *request, volume_list
}
out:
- EVENT("Volume Event: {Object: list volumes, Type: listed");
+ INFO("Volume Event: {Object: list volumes, Type: listed");
err_out:
if (*response != NULL) {
diff --git a/src/daemon/modules/network/native/adaptor_native.c b/src/daemon/modules/network/native/adaptor_native.c
index 45288d7e..baaecc32 100644
--- a/src/daemon/modules/network/native/adaptor_native.c
+++ b/src/daemon/modules/network/native/adaptor_native.c
@@ -1510,7 +1510,7 @@ int native_config_inspect(const char *name, char **network_json)
return -1;
}
- EVENT("Event: {Object: network, Type: inspecting, Target: %s}", name);
+ INFO("Event: {Object: network, Type: inspecting, Target: %s}", name);
if (!native_store_lock(SHARED)) {
return -1;
@@ -1538,7 +1538,7 @@ int native_config_inspect(const char *name, char **network_json)
// TODO: inspect the linked containers ip info
- EVENT("Event: {Object: network, Type: inspected, Target: %s}", name);
+ INFO("Event: {Object: network, Type: inspected, Target: %s}", name);
goto out;
}
@@ -1635,7 +1635,7 @@ int native_config_list(const struct filters_args *filters, network_network_info
return -1;
}
- EVENT("Event: {Object: network, Type: listing}");
+ INFO("Event: {Object: network, Type: listing}");
if (!native_store_lock(SHARED)) {
return -1;
@@ -1693,7 +1693,7 @@ int native_config_list(const struct filters_args *filters, network_network_info
*networks_len = nets_len;
nets_len = 0;
- EVENT("Event: {Object: network, Type: listed}");
+ INFO("Event: {Object: network, Type: listed}");
out:
map_itor_free(itor);
--
2.42.0

8
0016-open-ENABLE_GRPC_REMOTE_CONNECT-in-CI.patch → 0017-2251-open-ENABLE_GRPC_REMOTE_CONNECT-in-CI.patch
View File

@ -1,9 +1,9 @@
From d903cd356a9fb47ddbc7d23e2f4fe2f72b6242ef Mon Sep 17 00:00:00 2001
From 48dc6f0adda72d7f4742afe1b8380370debfe4f4 Mon Sep 17 00:00:00 2001
From: zhongtao <zhongtao17@huawei.com>
Date: Wed, 15 Nov 2023 10:25:40 +0800
Subject: [PATCH 16/16] open ENABLE_GRPC_REMOTE_CONNECT in CI
Date: Wed, 15 Nov 2023 03:10:15 +0000
Subject: [PATCH 17/64] !2251 open ENABLE_GRPC_REMOTE_CONNECT in CI * open
ENABLE_GRPC_REMOTE_CONNECT in CI
Signed-off-by: zhongtao <zhongtao17@huawei.com>
---
CI/make-and-install.sh | 4 ++--
CI/only_build_isulad.sh | 2 +-

57
0018-Add-compatibility-between-iSulad-and-k8s.patch Normal file
View File

@ -0,0 +1,57 @@
From bec48dcd219885abd72cb9973a2e810e3f504269 Mon Sep 17 00:00:00 2001
From: jikai <jikai11@huawei.com>
Date: Wed, 15 Nov 2023 10:51:01 +0800
Subject: [PATCH 18/64] Add compatibility between iSulad and k8s
Signed-off-by: jikai<jikai11@huawei.com>
---
README.md | 13 ++++++++++++-
README_zh.md | 12 +++++++++++-
2 files changed, 23 insertions(+), 2 deletions(-)
diff --git a/README.md b/README.md
index 7e4b6de1..e7949dee 100644
--- a/README.md
+++ b/README.md
@@ -233,4 +233,15 @@ The standard specification versions that `iSulad` is compatible with are as foll
- Compatible with OCI 1.0.0.
- Compatible with CNI 0.3.0 and above.
-- Compatible with lcr 2.1.x and above.
\ No newline at end of file
+- Compatible with lcr 2.1.x and above.
+
+## Kubernetes Support
+
+`iSulad` supports Kubernetes version 1.13 and above. The following table shows the compatibility between `iSulad` and Kubernetes.
+It lists the minimum `iSulad` version required for some given Kubernetes versions.
+
+iSulad Version | Kubernetes Version | CRI Version
+--- | --- | ---
+v2.0.0+ | v1.13-v1.18 | v1alpha2
+v2.0.8+ | v1.19-v1.22 | v1alpha2
+v2.1.4+ | v1.23-v1.26 | v1, v1alpha2
diff --git a/README_zh.md b/README_zh.md
index 72942765..1c4dff4f 100755
--- a/README_zh.md
+++ b/README_zh.md
@@ -229,4 +229,14 @@ $ sudo isula rm test
- 兼容 1.0.0 版本的OCI
- 兼容 0.3.0 版本以上的CNI
-- 兼容 2.1.x 版本以上的lcr
\ No newline at end of file
+- 兼容 2.1.x 版本以上的lcr
+
+## Kubernetes Support
+
+`iSulad`提供对Kubernetes 1.13 版本以上的支持。以下表格显示了 `iSulad` 与 Kubernetes 之间的兼容性。它给出了指定Kubernetes版本下所需要的最低 `iSulad` 版本。
+
+iSulad 版本 | Kubernetes 版本 | CRI 版本
+--- | --- | ---
+v2.0.0+ | v1.13-v1.18 | v1alpha2
+v2.0.8+ | v1.19-v1.22 | v1alpha2
+v2.1.4+ | v1.23-v1.26 | v1, v1alpha2
--
2.42.0

384
0019-2254-lcr-container-with-a-damaged-config-file-will-r.patch Normal file
View File

@ -0,0 +1,384 @@
From 21bca2bb054ed7a1b9b78e01965f8a6d9c3fd28d Mon Sep 17 00:00:00 2001
From: zhongtao <zhongtao17@huawei.com>
Date: Mon, 20 Nov 2023 12:58:26 +0000
Subject: [PATCH 19/64] !2254 lcr container with a damaged config file will
rebuild the config during restore * lcr container with a damaged config file
will rebuild the config during restore
---
src/common/constants.h | 2 +
src/daemon/modules/api/runtime_api.h | 7 ++
.../modules/container/restore/restore.c | 28 ++++--
.../modules/runtime/engines/lcr/lcr_rt_ops.c | 99 ++++++++++++++++++-
.../modules/runtime/engines/lcr/lcr_rt_ops.h | 1 +
.../modules/runtime/isula/isula_rt_ops.c | 6 ++
.../modules/runtime/isula/isula_rt_ops.h | 1 +
src/daemon/modules/runtime/runtime.c | 24 +++++
src/daemon/modules/runtime/shim/shim_rt_ops.c | 6 ++
src/daemon/modules/runtime/shim/shim_rt_ops.h | 2 +
10 files changed, 167 insertions(+), 9 deletions(-)
diff --git a/src/common/constants.h b/src/common/constants.h
index caf9b793..5f12ae25 100644
--- a/src/common/constants.h
+++ b/src/common/constants.h
@@ -86,6 +86,8 @@ extern "C" {
#define LOG_MAX_RETRIES 10
+#define INVALID_CONFIG_ERR_CODE 2
+
#define MAX_MSG_BUFFER_SIZE (32 * 1024)
#define DEFAULT_WEBSOCKET_SERVER_LISTENING_PORT 10350
diff --git a/src/daemon/modules/api/runtime_api.h b/src/daemon/modules/api/runtime_api.h
index 3c2100f5..08558f42 100644
--- a/src/daemon/modules/api/runtime_api.h
+++ b/src/daemon/modules/api/runtime_api.h
@@ -41,6 +41,7 @@ typedef enum {
struct runtime_container_status_info {
bool has_pid;
uint32_t pid;
+ int error_code;
Runtime_Container_Status status;
};
@@ -197,6 +198,10 @@ typedef struct _rt_exec_resize_params_t {
unsigned int width;
} rt_exec_resize_params_t;
+typedef struct _rt_runtime_rebuild_config_params_t {
+ const char *rootpath;
+} rt_rebuild_config_params_t;
+
struct rt_ops {
/* detect whether runtime is of this runtime type */
bool (*detect)(const char *runtime);
@@ -233,6 +238,7 @@ struct rt_ops {
rt_listpids_out_t *out);
int (*rt_resize)(const char *name, const char *runtime, const rt_resize_params_t *params);
int (*rt_exec_resize)(const char *name, const char *runtime, const rt_exec_resize_params_t *params);
+ int (*rt_rebuild_config)(const char *name, const char *runtime, const rt_rebuild_config_params_t *params);
};
int runtime_create(const char *name, const char *runtime, const rt_create_params_t *params);
@@ -253,6 +259,7 @@ int runtime_attach(const char *name, const char *runtime, const rt_attach_params
int runtime_update(const char *name, const char *runtime, const rt_update_params_t *params);
int runtime_listpids(const char *name, const char *runtime, const rt_listpids_params_t *params, rt_listpids_out_t *out);
+int runtime_rebuild_config(const char *name, const char *runtime, const rt_rebuild_config_params_t *params);
void free_rt_listpids_out_t(rt_listpids_out_t *out);
int runtime_resize(const char *name, const char *runtime, const rt_resize_params_t *params);
int runtime_exec_resize(const char *name, const char *runtime, const rt_exec_resize_params_t *params);
diff --git a/src/daemon/modules/container/restore/restore.c b/src/daemon/modules/container/restore/restore.c
index c26cf561..f6218fe6 100644
--- a/src/daemon/modules/container/restore/restore.c
+++ b/src/daemon/modules/container/restore/restore.c
@@ -16,15 +16,18 @@
#include <stdio.h>
#include <unistd.h>
#include <limits.h>
-#include <isula_libutils/container_config_v2.h>
-#include <isula_libutils/host_config.h>
#include <stdbool.h>
#include <stdint.h>
#include <stdlib.h>
#include <string.h>
+#include <isula_libutils/container_config_v2.h>
+#include <isula_libutils/host_config.h>
+#include <isula_libutils/log.h>
+#include <isula_libutils/auto_cleanup.h>
+
#include "isulad_config.h"
-#include "isula_libutils/log.h"
+
#include "container_api.h"
#include "supervisor.h"
#include "containers_gc.h"
@@ -276,9 +279,22 @@ static void restore_state(container_t *cont)
#endif
nret = runtime_status(id, runtime, &params, &real_status);
if (nret != 0) {
- WARN("Failed to restore container %s, make real status to STOPPED. Due to can not load container with status %d",
- id, status);
- real_status.status = RUNTIME_CONTAINER_STATUS_STOPPED;
+ bool rebuild_config = (real_status.error_code == INVALID_CONFIG_ERR_CODE);
+ int tempret = -1;
+ // only the lcr container with a damaged config file will rebuild the config
+ if (rebuild_config) {
+ rt_rebuild_config_params_t rebuild_params = { 0 };
+ rebuild_params.rootpath = cont->root_path;
+ nret = runtime_rebuild_config(id, runtime, &rebuild_params);
+ EVENT("Rebuild config for container: %s, result : %d", id, nret);
+ if (nret == 0) {
+ tempret = runtime_status(id, runtime, &params, &real_status);
+ }
+ }
+ if (tempret != 0) {
+ WARN("Failed to restore container %s, make real status to STOPPED. Due to cannot load container with status %d", id, status);
+ real_status.status = RUNTIME_CONTAINER_STATUS_STOPPED;
+ }
}
if (real_status.status == RUNTIME_CONTAINER_STATUS_STOPPED) {
diff --git a/src/daemon/modules/runtime/engines/lcr/lcr_rt_ops.c b/src/daemon/modules/runtime/engines/lcr/lcr_rt_ops.c
index f61316d0..2f42909b 100644
--- a/src/daemon/modules/runtime/engines/lcr/lcr_rt_ops.c
+++ b/src/daemon/modules/runtime/engines/lcr/lcr_rt_ops.c
@@ -16,15 +16,18 @@
#include <stdio.h>
#include <limits.h>
#include <errno.h>
-#include <isula_libutils/defs.h>
-#include <isula_libutils/host_config.h>
#include <stdint.h>
#include <stdlib.h>
#include <string.h>
#include <strings.h>
+#include <isula_libutils/log.h>
+#include <isula_libutils/defs.h>
+#include <isula_libutils/host_config.h>
+#include <isula_libutils/auto_cleanup.h>
+#include <isula_libutils/oci_runtime_spec.h>
+
#include "lcr_rt_ops.h"
-#include "isula_libutils/log.h"
#include "engine.h"
#include "error.h"
#include "isulad_config.h"
@@ -32,6 +35,8 @@
#include "runtime_api.h"
#include "utils_file.h"
+#define LCR_CONFIG_FILE "config"
+
bool rt_lcr_detect(const char *runtime)
{
/* now we just support lcr engine */
@@ -276,6 +281,17 @@ int rt_lcr_status(const char *name, const char *runtime, const rt_status_params_
nret = engine_ops->engine_get_container_status_op(name, params->rootpath, status);
if (nret != 0) {
ret = -1;
+ const char *tmpmsg = NULL;
+ if (engine_ops->engine_get_errmsg_op != NULL) {
+ tmpmsg = engine_ops->engine_get_errmsg_op();
+ }
+ if (tmpmsg != NULL && strstr(tmpmsg, "Failed to load config") != NULL) {
+ status->error_code = INVALID_CONFIG_ERR_CODE;
+ }
+ isulad_set_error_message("Runtime state container error: %s",
+ (tmpmsg != NULL && strcmp(tmpmsg, DEF_SUCCESS_STR)) != 0 ? tmpmsg : DEF_ERR_RUNTIME_STR);
+ ERROR("Runtime state container error: %s",
+ (tmpmsg != NULL && strcmp(tmpmsg, DEF_SUCCESS_STR)) != 0 ? tmpmsg : DEF_ERR_RUNTIME_STR);
goto out;
}
@@ -756,3 +772,80 @@ int rt_lcr_kill(const char *id, const char *runtime, const rt_kill_params_t *par
return 0;
}
+
+int rt_lcr_rebuild_config(const char *name, const char *runtime, const rt_rebuild_config_params_t *params)
+{
+ int ret = -1;
+ int nret = 0;
+ char config_file[PATH_MAX] = { 0 };
+ char bak_config_file[PATH_MAX] = { 0 };
+ char oci_config_file[PATH_MAX] = { 0 };
+ struct engine_operation *engine_ops = NULL;
+ oci_runtime_spec *oci_spec = NULL;
+ __isula_auto_free char *json_container = NULL;
+ __isula_auto_free parser_error err = NULL;
+
+ engine_ops = engines_get_handler(runtime);
+ if (engine_ops == NULL || engine_ops->engine_create_op == NULL) {
+ ERROR("Failed to get engine rebuild config operations");
+ return -1;
+ }
+
+ nret = snprintf(config_file, PATH_MAX, "%s/%s/%s", params->rootpath, name, LCR_CONFIG_FILE);
+ if (nret < 0 || (size_t)nret >= PATH_MAX) {
+ ERROR("Failed to snprintf config file for container %s", name);
+ return -1;
+ }
+
+ nret = snprintf(bak_config_file, PATH_MAX, "%s/%s/%s", params->rootpath, name, ".tmp_config_bak");
+ if (nret < 0 || (size_t)nret >= PATH_MAX) {
+ ERROR("Failed to snprintf bak config file for container %s", name);
+ return -1;
+ }
+
+ nret = snprintf(oci_config_file, sizeof(oci_config_file), "%s/%s/%s", params->rootpath, name, OCI_CONFIG_JSON);
+ if (nret < 0 || (size_t)nret >= sizeof(oci_config_file)) {
+ ERROR("Failed to snprintf for config json");
+ return -1;
+ }
+
+ oci_spec = oci_runtime_spec_parse_file(oci_config_file, NULL, &err);
+ if (oci_spec == NULL) {
+ ERROR("Failed to parse oci config file:%s", err);
+ return -1;
+ }
+
+ // delete the bak config file to prevent the remnants of the previous bak file
+ if (util_fileself_exists(bak_config_file) && util_path_remove(bak_config_file) != 0) {
+ ERROR("Failed to remove bak_config_file for container: %s", name);
+ goto out;
+ }
+
+ if (util_fileself_exists(config_file) && rename(config_file, bak_config_file) != 0) {
+ ERROR("Failed to backup old config for container: %s", name);
+ goto out;
+ }
+
+ nret = engine_ops->engine_create_op(name, params->rootpath, (void *)oci_spec);
+ if (nret != 0) {
+ // delete the invalid config file to prevent rename failed
+ if (util_fileself_exists(config_file) && util_path_remove(config_file) != 0) {
+ WARN("Failed to remove bak_config_file for container %s", name);
+ }
+ if (util_fileself_exists(bak_config_file) && rename(bak_config_file, config_file) != 0) {
+ WARN("Failed to rename backup old config to config for container %s", name);
+ }
+ }
+
+ ret = 0;
+
+out:
+ if (engine_ops != NULL && engine_ops->engine_clear_errmsg_op != NULL) {
+ engine_ops->engine_clear_errmsg_op();
+ }
+ if (util_fileself_exists(bak_config_file) && util_path_remove(bak_config_file) != 0) {
+ WARN("Failed to remove bak_config_file for %s", name);
+ }
+ free_oci_runtime_spec(oci_spec);
+ return ret;
+}
diff --git a/src/daemon/modules/runtime/engines/lcr/lcr_rt_ops.h b/src/daemon/modules/runtime/engines/lcr/lcr_rt_ops.h
index 5b74ad6c..7403544d 100644
--- a/src/daemon/modules/runtime/engines/lcr/lcr_rt_ops.h
+++ b/src/daemon/modules/runtime/engines/lcr/lcr_rt_ops.h
@@ -47,6 +47,7 @@ int rt_lcr_resources_stats(const char *name, const char *runtime, const rt_stats
int rt_lcr_resize(const char *id, const char *runtime, const rt_resize_params_t *params);
int rt_lcr_exec_resize(const char *id, const char *runtime, const rt_exec_resize_params_t *params);
int rt_lcr_kill(const char *id, const char *runtime, const rt_kill_params_t *params);
+int rt_lcr_rebuild_config(const char *name, const char *runtime, const rt_rebuild_config_params_t *params);
#ifdef __cplusplus
}
#endif
diff --git a/src/daemon/modules/runtime/isula/isula_rt_ops.c b/src/daemon/modules/runtime/isula/isula_rt_ops.c
index 1787170b..83214c1a 100644
--- a/src/daemon/modules/runtime/isula/isula_rt_ops.c
+++ b/src/daemon/modules/runtime/isula/isula_rt_ops.c
@@ -2013,3 +2013,9 @@ int rt_isula_kill(const char *id, const char *runtime, const rt_kill_params_t *p
return 0;
}
+
+// the config file of oci runtime is config.json. If it is damaged, it cannot be rebuilt.
+int rt_isula_rebuild_config(const char *name, const char *runtime, const rt_rebuild_config_params_t *params)
+{
+ return 0;
+}
\ No newline at end of file
diff --git a/src/daemon/modules/runtime/isula/isula_rt_ops.h b/src/daemon/modules/runtime/isula/isula_rt_ops.h
index 49b6cc0e..1e5e049a 100644
--- a/src/daemon/modules/runtime/isula/isula_rt_ops.h
+++ b/src/daemon/modules/runtime/isula/isula_rt_ops.h
@@ -46,6 +46,7 @@ int rt_isula_resources_stats(const char *name, const char *runtime, const rt_sta
int rt_isula_resize(const char *id, const char *runtime, const rt_resize_params_t *params);
int rt_isula_exec_resize(const char *id, const char *runtime, const rt_exec_resize_params_t *params);
int rt_isula_kill(const char *id, const char *runtime, const rt_kill_params_t *params);
+int rt_isula_rebuild_config(const char *name, const char *runtime, const rt_rebuild_config_params_t *params);
#ifdef __cplusplus
}
diff --git a/src/daemon/modules/runtime/runtime.c b/src/daemon/modules/runtime/runtime.c
index cb383970..d9a332af 100644
--- a/src/daemon/modules/runtime/runtime.c
+++ b/src/daemon/modules/runtime/runtime.c
@@ -45,6 +45,7 @@ static const struct rt_ops g_lcr_rt_ops = {
.rt_resize = rt_lcr_resize,
.rt_exec_resize = rt_lcr_exec_resize,
.rt_kill = rt_lcr_kill,
+ .rt_rebuild_config = rt_lcr_rebuild_config,
};
static const struct rt_ops g_isula_rt_ops = {
@@ -65,6 +66,7 @@ static const struct rt_ops g_isula_rt_ops = {
.rt_resize = rt_isula_resize,
.rt_exec_resize = rt_isula_exec_resize,
.rt_kill = rt_isula_kill,
+ .rt_rebuild_config = rt_isula_rebuild_config,
};
#ifdef ENABLE_SHIM_V2
@@ -86,6 +88,7 @@ static const struct rt_ops g_shim_rt_ops = {
.rt_resize = rt_shim_resize,
.rt_exec_resize = rt_shim_exec_resize,
.rt_kill = rt_shim_kill,
+ .rt_rebuild_config = rt_shim_rebuild_config,
};
#endif
@@ -465,6 +468,27 @@ out:
return ret;
}
+int runtime_rebuild_config(const char *name, const char *runtime, const rt_rebuild_config_params_t *params)
+{
+ int ret = 0;
+ const struct rt_ops *ops = NULL;
+
+ if (name == NULL || runtime == NULL || params == NULL) {
+ ERROR("Invalid arguments for runtime rebuild config");
+ return -1;
+ }
+
+ ops = rt_ops_query(runtime);
+ if (ops == NULL) {
+ ERROR("Failed to get runtime ops");
+ return -1;
+ }
+
+ ret = ops->rt_rebuild_config(name, runtime, params);
+
+ return ret;
+}
+
int runtime_resize(const char *name, const char *runtime, const rt_resize_params_t *params)
{
int ret = 0;
diff --git a/src/daemon/modules/runtime/shim/shim_rt_ops.c b/src/daemon/modules/runtime/shim/shim_rt_ops.c
index 550b17f3..56fc43c2 100644
--- a/src/daemon/modules/runtime/shim/shim_rt_ops.c
+++ b/src/daemon/modules/runtime/shim/shim_rt_ops.c
@@ -805,3 +805,9 @@ int rt_shim_kill(const char *id, const char *runtime, const rt_kill_params_t *pa
return 0;
}
+
+// the config file of oci runtime is config.json. If it is damaged, it cannot be rebuilt.
+int rt_shim_rebuild_config(const char *name, const char *runtime, const rt_rebuild_config_params_t *params)
+{
+ return 0;
+}
\ No newline at end of file
diff --git a/src/daemon/modules/runtime/shim/shim_rt_ops.h b/src/daemon/modules/runtime/shim/shim_rt_ops.h
index 03b7c018..2df34f4c 100644
--- a/src/daemon/modules/runtime/shim/shim_rt_ops.h
+++ b/src/daemon/modules/runtime/shim/shim_rt_ops.h
@@ -62,6 +62,8 @@ int rt_shim_exec_resize(const char *id, const char *runtime, const rt_exec_resiz
bool is_valid_v2_runtime(const char* name);
+int rt_shim_rebuild_config(const char *name, const char *runtime, const rt_rebuild_config_params_t *params);
+
#ifdef __cplusplus
}
#endif
--
2.42.0

39
0020-2253-bugfix-for-runc-container-exec.patch Normal file
View File

@ -0,0 +1,39 @@
From 6b636051af158fac017998732d7d121b8ea71081 Mon Sep 17 00:00:00 2001
From: zhongtao <zhongtao17@huawei.com>
Date: Mon, 20 Nov 2023 12:59:09 +0000
Subject: [PATCH 20/64] !2253 bugfix for runc container exec * bugfix for runc
container exec
---
src/daemon/modules/runtime/isula/isula_rt_ops.c | 9 ++++-----
1 file changed, 4 insertions(+), 5 deletions(-)
diff --git a/src/daemon/modules/runtime/isula/isula_rt_ops.c b/src/daemon/modules/runtime/isula/isula_rt_ops.c
index 83214c1a..e61d1f91 100644
--- a/src/daemon/modules/runtime/isula/isula_rt_ops.c
+++ b/src/daemon/modules/runtime/isula/isula_rt_ops.c
@@ -1386,17 +1386,16 @@ int rt_isula_exec(const char *id, const char *runtime, const rt_exec_params_t *p
}
ret = shim_create(fg_exec(params), id, workdir, bundle, cmd, exit_code, timeout, &shim_exit_code);
- if (ret != 0) {
- ERROR("%s: failed create shim process for exec %s", id, exec_id);
- goto errlog_out;
- }
-
if (shim_exit_code == SHIM_EXIT_TIMEOUT) {
ret = -1;
isulad_set_error_message("Exec container error;exec timeout");
ERROR("isulad-shim %d exit for execing timeout", pid);
goto errlog_out;
}
+ if (ret != 0) {
+ ERROR("%s: failed create shim process for exec %s", id, exec_id);
+ goto errlog_out;
+ }
pid = get_container_process_pid(workdir);
if (pid < 0) {
--
2.42.0

58
0021-bugfix-of-update-restart-policy-for-auto-remove-cont.patch Normal file
View File

@ -0,0 +1,58 @@
From ea51fa836464660fcca245e7e36a2b4cdf1e5997 Mon Sep 17 00:00:00 2001
From: zhangxiaoyu <zhangxiaoyu58@huawei.com>
Date: Tue, 21 Nov 2023 10:23:26 +0800
Subject: [PATCH 21/64] bugfix of update restart policy for auto remove
container
Signed-off-by: zhangxiaoyu <zhangxiaoyu58@huawei.com>
---
.../executor/container_cb/execution_extend.c | 18 +++++++++++-------
1 file changed, 11 insertions(+), 7 deletions(-)
diff --git a/src/daemon/executor/container_cb/execution_extend.c b/src/daemon/executor/container_cb/execution_extend.c
index 6759a4fc..de017b4e 100644
--- a/src/daemon/executor/container_cb/execution_extend.c
+++ b/src/daemon/executor/container_cb/execution_extend.c
@@ -1113,15 +1113,14 @@ static int update_host_config_check(container_t *cont, host_config *hostconfig)
ret = verify_host_config_settings(hostconfig, true);
if (ret != 0) {
- goto out;
+ return -1;
}
if (container_is_removal_in_progress(cont->state) || container_is_dead(cont->state)) {
ERROR("Container is marked for removal and cannot be \"update\".");
isulad_set_error_message(
"Cannot update container %s: Container is marked for removal and cannot be \"update\".", id);
- ret = -1;
- goto out;
+ return -1;
}
if (container_is_running(cont->state) && hostconfig->kernel_memory) {
@@ -1129,12 +1128,17 @@ static int update_host_config_check(container_t *cont, host_config *hostconfig)
isulad_set_error_message("Cannot update container %s: Can not update kernel memory to a running container,"
" please stop it first.",
id);
- ret = -1;
- goto out;
+ return -1;
}
-out:
- return ret;
+ if (cont->hostconfig->auto_remove && hostconfig->restart_policy != NULL &&
+ hostconfig->restart_policy->name != NULL && strcmp("no", hostconfig->restart_policy->name) != 0) {
+ ERROR("Cannot update restart policy for the auto remove container %s", id);
+ isulad_set_error_message("Cannot update restart policy for the auto remove container %s", id);
+ return -1;
+ }
+
+ return 0;
}
static int do_update_resources(const container_update_request *request, container_t *cont)
--
2.42.0

57
0022-add-update-restart-policy-test.patch Normal file
View File

@ -0,0 +1,57 @@
From 6815aec33caedaacba3b392ee5a2e5088fdf1faa Mon Sep 17 00:00:00 2001
From: zhangxiaoyu <zhangxiaoyu58@huawei.com>
Date: Tue, 21 Nov 2023 10:24:26 +0800
Subject: [PATCH 22/64] add update restart policy test
Signed-off-by: zhangxiaoyu <zhangxiaoyu58@huawei.com>
---
CI/test_cases/container_cases/update.sh | 26 +++++++++++++++++++++++++
1 file changed, 26 insertions(+)
diff --git a/CI/test_cases/container_cases/update.sh b/CI/test_cases/container_cases/update.sh
index d379acc2..29543e7c 100755
--- a/CI/test_cases/container_cases/update.sh
+++ b/CI/test_cases/container_cases/update.sh
@@ -138,6 +138,27 @@ function do_test_t()
return $TC_RET_T
}
+function test_autoremove_restartpolicy()
+{
+ containername=test_update2
+ containerid=`isula run -itd --runtime $1 --rm --name $containername busybox`
+ fn_check_eq "$?" "0" "run failed"
+
+ isula update --restart always $containerid
+ fn_check_ne "$?" "0" "update should fail"
+
+ isula update --restart nooooooooooo $containerid
+ fn_check_ne "$?" "0" "update should fail"
+
+ isula update --restart no $containerid
+ fn_check_eq "$?" "0" "update restart policy no failed"
+
+ isula rm -f $containername
+ fn_check_eq "$?" "0" "rm failed"
+
+ return $TC_RET_T
+}
+
function do_test_t1()
{
containername=test_update1
@@ -173,6 +194,11 @@ do
let "ret=$ret + 1"
fi
+ test_autoremove_restartpolicy $element
+ if [ $? -ne 0 ];then
+ let "ret=$ret + 1"
+ fi
+
if [ -f "/sys/fs/cgroup/memory/memory.memsw.usage_in_bytes" ];then
do_test_t1 $element
if [ $? -ne 0 ];then
--
2.42.0

73
0023-2260-bugfix-for-rebuild-config.patch Normal file
View File

@ -0,0 +1,73 @@
From f08072a865fcf6191d65e7c01e11b99049758c57 Mon Sep 17 00:00:00 2001
From: zhongtao <zhongtao17@huawei.com>
Date: Tue, 21 Nov 2023 03:27:31 +0000
Subject: [PATCH 23/64] !2260 bugfix for rebuild config * bugfix for rebuild
config
---
src/daemon/modules/container/restore/restore.c | 1 -
src/daemon/modules/runtime/engines/lcr/lcr_rt_ops.c | 5 +----
src/daemon/modules/runtime/runtime.c | 5 +----
3 files changed, 2 insertions(+), 9 deletions(-)
diff --git a/src/daemon/modules/container/restore/restore.c b/src/daemon/modules/container/restore/restore.c
index f6218fe6..a60b1410 100644
--- a/src/daemon/modules/container/restore/restore.c
+++ b/src/daemon/modules/container/restore/restore.c
@@ -24,7 +24,6 @@
#include <isula_libutils/container_config_v2.h>
#include <isula_libutils/host_config.h>
#include <isula_libutils/log.h>
-#include <isula_libutils/auto_cleanup.h>
#include "isulad_config.h"
diff --git a/src/daemon/modules/runtime/engines/lcr/lcr_rt_ops.c b/src/daemon/modules/runtime/engines/lcr/lcr_rt_ops.c
index 2f42909b..8f7211d7 100644
--- a/src/daemon/modules/runtime/engines/lcr/lcr_rt_ops.c
+++ b/src/daemon/modules/runtime/engines/lcr/lcr_rt_ops.c
@@ -782,7 +782,6 @@ int rt_lcr_rebuild_config(const char *name, const char *runtime, const rt_rebuil
char oci_config_file[PATH_MAX] = { 0 };
struct engine_operation *engine_ops = NULL;
oci_runtime_spec *oci_spec = NULL;
- __isula_auto_free char *json_container = NULL;
__isula_auto_free parser_error err = NULL;
engine_ops = engines_get_handler(runtime);
@@ -836,9 +835,7 @@ int rt_lcr_rebuild_config(const char *name, const char *runtime, const rt_rebuil
WARN("Failed to rename backup old config to config for container %s", name);
}
}
-
- ret = 0;
-
+ ret = nret != 0 ? -1 : 0;
out:
if (engine_ops != NULL && engine_ops->engine_clear_errmsg_op != NULL) {
engine_ops->engine_clear_errmsg_op();
diff --git a/src/daemon/modules/runtime/runtime.c b/src/daemon/modules/runtime/runtime.c
index d9a332af..4a239f0a 100644
--- a/src/daemon/modules/runtime/runtime.c
+++ b/src/daemon/modules/runtime/runtime.c
@@ -470,7 +470,6 @@ out:
int runtime_rebuild_config(const char *name, const char *runtime, const rt_rebuild_config_params_t *params)
{
- int ret = 0;
const struct rt_ops *ops = NULL;
if (name == NULL || runtime == NULL || params == NULL) {
@@ -484,9 +483,7 @@ int runtime_rebuild_config(const char *name, const char *runtime, const rt_rebui
return -1;
}
- ret = ops->rt_rebuild_config(name, runtime, params);
-
- return ret;
+ return ops->rt_rebuild_config(name, runtime, params);
}
int runtime_resize(const char *name, const char *runtime, const rt_resize_params_t *params)
--
2.42.0

1815
0024-2170-isula-image-pull.patch Normal file
View File

File diff suppressed because it is too large Load Diff

84
0025-2084-image-pull.patch Normal file
View File

@ -0,0 +1,84 @@
From 79384f7b0ac7319120d1f677323c43069742a354 Mon Sep 17 00:00:00 2001
From: sailorvii <chenw66@chinaunicom.cn>
Date: Wed, 22 Nov 2023 01:22:42 +0000
Subject: [PATCH 25/64] =?UTF-8?q?!2084=20=E5=A2=9E=E5=8A=A0image=20pull=20?=
=?UTF-8?q?=E6=97=B6=E8=BF=9B=E5=BA=A6=E6=9D=A1=E6=98=BE=E7=A4=BA=E7=9A=84?=
=?UTF-8?q?=E8=AE=BE=E8=AE=A1=20*=20Refine=20document=20by=20the=20impleme?=
=?UTF-8?q?ntation.=20*=20Refine=20a=20word.=20*=20Add=20progress=20bard?=
=?UTF-8?q?=20proposal.?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
---
docs/design/detailed/Misc/progressBar.md | 58 ++++++++++++++++++++++++
1 file changed, 58 insertions(+)
create mode 100644 docs/design/detailed/Misc/progressBar.md
diff --git a/docs/design/detailed/Misc/progressBar.md b/docs/design/detailed/Misc/progressBar.md
new file mode 100644
index 00000000..3cf733a6
--- /dev/null
+++ b/docs/design/detailed/Misc/progressBar.md
@@ -0,0 +1,58 @@
+# 方案目标
+在Image pull过程中显示多个layer下载的进度。
+
+之前的grpc pull和cri pull共用了接口需要新增grpc pull接口该接口类型为stream带progress status。
+重写函数oci_do_pull_image底层函数pull_image复用。
+在结构体registry_pull_options增加map。
+
+# 限制
+1. 每一个connection只做一件事否则progress store会混乱。
+2. 这个功能只为grpc 连接服务。
+
+# 总体设计
+## 主要功能模块
+### Progress status store
+每次pull命令或者行为为一个connection。每个image会按照layer来下载。所以我们建立了一个status map。 map的key为Layer ID内容结构体定义如下:
+
+```
+struct progress_status {
+ // Layer ID
+ char ID[13];
+
+ // total is the end value describing when we made 100% progress for an operation. Unit is Byte.
+ int64 total;
+
+ // current is the current value for the operation. Unit is Byte.
+ int64 current;
+}
+```
+
+#### API
+```
+progress_status_map *progress_status_map_new();
+
+bool progress_status_map_insert(progress_status_map *progress_status_map, char *key, progress *value);
+
+```
+
+### Client Progress 显示
+在client每次读到消息时获取当前窗口宽度(termios.h: tcgetattr)如果宽度小于110字符则压缩显示(已下载/全部字节),如果不是,则显示进度条。
+当第一次收到时计算需要显示的任务数task number每个任务显示一行。
+当更新状态时将光标回退task number行清除该行打印完一行将光标移到下一行清除该行并打印新的进度重复上述步骤直至所有任务打印完成。
+
+## 主要流程
+### 下载任务获取下载状态
+在结构体pull_descriptor新增*progress_status_store 传递write_progress_status的map *。
+
+在http_request中修改原来的桩函数xfer这个函数将实时采集curl pull的状态如当前下载的字节数总的字节数。
+
+
+### server获取下载状态并传递给client
+新增函数int ImagesServiceImpl::PullImage函数Response参数为stream每隔100ms读取progress status map并序列化为json message写入response stream。
+```
+Status ImagesServiceImpl::PullImage(ServerContext *context, const PullImageRequest *request,
+ ServerWriter<PullImageResponse> *writer)
+```
+
+### client收取状态并显示
+修改原来的grpc_images_client中ImagesPull函数。阻塞式读取response stream 流不为空则一直读取并打印显示每个progress status。
--
2.42.0

39
0026-CI-add-ncurse-for-ubuntu-and-centos.patch Normal file
View File

@ -0,0 +1,39 @@
From c87ecc7f26a0a0034a8bf49691f572fe1d4fed29 Mon Sep 17 00:00:00 2001
From: haozi007 <liuhao27@huawei.com>
Date: Wed, 22 Nov 2023 15:00:24 +0800
Subject: [PATCH 26/64] [CI] add ncurse for ubuntu and centos
Signed-off-by: haozi007 <liuhao27@huawei.com>
---
CI/dockerfiles/Dockerfile-centos | 2 ++
CI/dockerfiles/Dockerfile-ubuntu | 2 +-
2 files changed, 3 insertions(+), 1 deletion(-)
diff --git a/CI/dockerfiles/Dockerfile-centos b/CI/dockerfiles/Dockerfile-centos
index 7250b7bd..1d76b4ec 100644
--- a/CI/dockerfiles/Dockerfile-centos
+++ b/CI/dockerfiles/Dockerfile-centos
@@ -299,5 +299,7 @@ RUN export PKG_CONFIG_PATH=/usr/local/lib/pkgconfig:$PKG_CONFIG_PATH && \
make install && \
ldconfig
+RUN dnf install -y ncurses-devel && dnf clean all
+
VOLUME [ "/sys/fs/cgroup" ]
CMD ["/usr/sbin/init"]
diff --git a/CI/dockerfiles/Dockerfile-ubuntu b/CI/dockerfiles/Dockerfile-ubuntu
index f84ae0a7..2441a7ce 100644
--- a/CI/dockerfiles/Dockerfile-ubuntu
+++ b/CI/dockerfiles/Dockerfile-ubuntu
@@ -84,7 +84,7 @@ RUN apt update -y && apt upgrade -y && \
patch \
tcpdump
-RUN apt autoremove -y
+RUN apt install -y libncurses-dev && apt autoremove -y
RUN pip3 install meson ninja
RUN echo "export PKG_CONFIG_PATH=/usr/local/lib/pkgconfig:$PKG_CONFIG_PATH" >> /etc/bashrc && \
--
2.42.0

631
0027-improve-code-of-pull-progress.patch Normal file
View File

@ -0,0 +1,631 @@
From 78304f7ad584517e02125c928e976f34aaf859f8 Mon Sep 17 00:00:00 2001
From: haozi007 <liuhao27@huawei.com>
Date: Wed, 22 Nov 2023 15:00:43 +0800
Subject: [PATCH 27/64] improve code of pull progress
Signed-off-by: haozi007 <liuhao27@huawei.com>
---
src/client/connect/CMakeLists.txt | 7 +-
src/client/connect/grpc/grpc_images_client.cc | 48 ++----
.../connect/grpc/grpc_volumes_client.cc | 1 -
src/daemon/common/events_format.h | 2 +
.../v1/v1_cri_image_manager_service_impl.cc | 2 -
.../v1alpha/cri_image_manager_service_impl.cc | 2 -
src/daemon/executor/image_cb/image_cb.c | 2 +
src/daemon/modules/api/event_type.h | 4 +-
src/daemon/modules/events/collector.c | 4 +-
src/daemon/modules/image/image.c | 2 +-
src/daemon/modules/image/oci/oci_pull.c | 146 ++++++++++--------
src/daemon/modules/image/oci/progress.c | 28 +++-
src/daemon/modules/image/oci/progress.h | 6 +-
.../modules/image/oci/registry/http_request.c | 28 +---
.../oci/storage/image_store/image_store.c | 2 +-
.../graphdriver/overlay2/driver_overlay2.c | 2 +-
.../modules/image/oci/storage/storage.c | 5 +-
17 files changed, 137 insertions(+), 154 deletions(-)
diff --git a/src/client/connect/CMakeLists.txt b/src/client/connect/CMakeLists.txt
index 00ba2f68..d4ce6c9c 100644
--- a/src/client/connect/CMakeLists.txt
+++ b/src/client/connect/CMakeLists.txt
@@ -12,10 +12,7 @@ if (GRPC_CONNECTOR)
aux_source_directory(${CMAKE_BINARY_DIR}/grpc/src/api/services/containers CONNECT_API_CONTAINERS)
aux_source_directory(${CMAKE_BINARY_DIR}/grpc/src/api/services/images CONNECT_API_IMAGES)
aux_source_directory(${CMAKE_BINARY_DIR}/grpc/src/api/services/volumes CONNECT_API_VOLUMES)
- # TODO: current isula pull use CRI pullImage API, we should remove this dependence
- aux_source_directory(${CMAKE_BINARY_DIR}/grpc/src/api/services/cri CONNECT_API_CRI)
- aux_source_directory(${CMAKE_BINARY_DIR}/grpc/src/api/services/cri/v1alpha CONNECT_API_CRI_ALPHAS)
- set(CONNECT_API ${CONNECT_API_VOLUMES} ${CONNECT_API_CONTAINERS} ${CONNECT_API_IMAGES} ${CONNECT_API_CRI_ALPHAS} ${CONNECT_API_CRI})
+ set(CONNECT_API ${CONNECT_API_VOLUMES} ${CONNECT_API_CONTAINERS} ${CONNECT_API_IMAGES})
list(APPEND local_client_connect_srcs ${CONNECT_API})
list(APPEND local_client_connect_incs ${CMAKE_CURRENT_SOURCE_DIR}/grpc)
@@ -23,8 +20,6 @@ if (GRPC_CONNECTOR)
${CMAKE_BINARY_DIR}/grpc/src/api/services/volumes
${CMAKE_BINARY_DIR}/grpc/src/api/services/containers
${CMAKE_BINARY_DIR}/grpc/src/api/services/images
- ${CMAKE_BINARY_DIR}/grpc/src/api/services/cri
- ${CMAKE_BINARY_DIR}/grpc/src/api/services/cri/v1alpha
)
if(ENABLE_NATIVE_NETWORK)
diff --git a/src/client/connect/grpc/grpc_images_client.cc b/src/client/connect/grpc/grpc_images_client.cc
index 7a283e8c..7fd36cc1 100644
--- a/src/client/connect/grpc/grpc_images_client.cc
+++ b/src/client/connect/grpc/grpc_images_client.cc
@@ -390,50 +390,20 @@ public:
return 0;
}
- auto run(const struct isula_pull_request *request, struct isula_pull_response *response) -> int override
- {
- ClientContext context;
- PullImageRequest grequest;
-
-#ifdef ENABLE_GRPC_REMOTE_CONNECT
-#ifdef OPENSSL_VERIFY
- // Set common name from cert.perm
- char common_name_value[ClientBaseConstants::COMMON_NAME_LEN] = { 0 };
- int ret = get_common_name_from_tls_cert(m_certFile.c_str(), common_name_value,
- ClientBaseConstants::COMMON_NAME_LEN);
- if (ret != 0) {
- ERROR("Failed to get common name in: %s", m_certFile.c_str());
- return -1;
- }
- context.AddMetadata("username", std::string(common_name_value, strlen(common_name_value)));
- context.AddMetadata("tls_mode", m_tlsMode);
-#endif
-#endif
- if (request_to_grpc(request, &grequest) != 0) {
- ERROR("Failed to transform pull request to grpc");
- response->server_errono = ISULAD_ERR_INPUT;
- return -1;
- }
-
- auto reader = stub_->PullImage(&context, grequest);
+ auto grpc_call(ClientContext *context, const PullImageRequest &req, PullImageResponse *reply) -> Status override
+ {
+ auto reader = stub_->PullImage(context, req);
- PullImageResponse gresponse;
- if (grequest.is_progress_visible()) {
- while (reader->Read(&gresponse)) {
- output_progress(gresponse);
+ if (req.is_progress_visible()) {
+ while (reader->Read(reply)) {
+ output_progress(*reply);
}
} else {
- reader->Read(&gresponse);
+ reader->Read(reply);
WARN("The terminal may not support ANSI Escape code. Display is skipped");
}
- Status status = reader->Finish();
- if (!status.ok()) {
- ERROR("Error code: %d: %s", status.error_code(), status.error_message().c_str());
- unpackStatus(status, response);
- return -1;
- }
- response->image_ref = util_strdup_s(gresponse.image_ref().c_str());
- return 0;
+
+ return reader->Finish();
}
private:
diff --git a/src/client/connect/grpc/grpc_volumes_client.cc b/src/client/connect/grpc/grpc_volumes_client.cc
index 32b83a9e..5fe8ed5e 100644
--- a/src/client/connect/grpc/grpc_volumes_client.cc
+++ b/src/client/connect/grpc/grpc_volumes_client.cc
@@ -16,7 +16,6 @@
#include <string>
-#include "api.grpc.pb.h"
#include "client_base.h"
#include "volumes.grpc.pb.h"
#include "utils.h"
diff --git a/src/daemon/common/events_format.h b/src/daemon/common/events_format.h
index 7e97b2c5..6b8fcfd5 100644
--- a/src/daemon/common/events_format.h
+++ b/src/daemon/common/events_format.h
@@ -64,6 +64,8 @@ typedef enum {
EVENTS_TYPE_IMAGE_PULL,
EVENTS_TYPE_IMAGE_LOGIN,
EVENTS_TYPE_IMAGE_LOGOUT,
+ EVENTS_TYPE_IMAGE_IMPORT,
+ EVENTS_TYPE_IMAGE_TAG,
EVENTS_TYPE_IMAGE_MAX_STATE
} image_events_type_t;
diff --git a/src/daemon/entry/cri/v1/v1_cri_image_manager_service_impl.cc b/src/daemon/entry/cri/v1/v1_cri_image_manager_service_impl.cc
index b9cbf24c..066eed5e 100644
--- a/src/daemon/entry/cri/v1/v1_cri_image_manager_service_impl.cc
+++ b/src/daemon/entry/cri/v1/v1_cri_image_manager_service_impl.cc
@@ -25,7 +25,6 @@
#include "v1_cri_helpers.h"
#include "err_msg.h"
-#include "events_sender_api.h"
#include "isula_libutils/log.h"
#include "service_image_api.h"
#include "utils.h"
@@ -277,7 +276,6 @@ auto ImageManagerServiceImpl::PullImage(const runtime::v1::ImageSpec &image,
if (response->image_ref != nullptr) {
out_str = response->image_ref;
}
- (void)isulad_monitor_send_image_event(request->image, IM_PULL);
cleanup:
DAEMON_CLEAR_ERRMSG();
diff --git a/src/daemon/entry/cri/v1alpha/cri_image_manager_service_impl.cc b/src/daemon/entry/cri/v1alpha/cri_image_manager_service_impl.cc
index 0b36f007..9015df26 100644
--- a/src/daemon/entry/cri/v1alpha/cri_image_manager_service_impl.cc
+++ b/src/daemon/entry/cri/v1alpha/cri_image_manager_service_impl.cc
@@ -25,7 +25,6 @@
#include "cri_helpers.h"
#include "err_msg.h"
-#include "events_sender_api.h"
#include "isula_libutils/log.h"
#include "service_image_api.h"
#include "utils.h"
@@ -277,7 +276,6 @@ auto ImageManagerServiceImpl::PullImage(const runtime::v1alpha2::ImageSpec &imag
if (response->image_ref != nullptr) {
out_str = response->image_ref;
}
- (void)isulad_monitor_send_image_event(request->image, IM_PULL);
cleanup:
DAEMON_CLEAR_ERRMSG();
diff --git a/src/daemon/executor/image_cb/image_cb.c b/src/daemon/executor/image_cb/image_cb.c
index 317cb0a8..60899f2b 100644
--- a/src/daemon/executor/image_cb/image_cb.c
+++ b/src/daemon/executor/image_cb/image_cb.c
@@ -519,6 +519,7 @@ static int image_tag_cb(const image_tag_image_request *request, image_tag_image_
}
EVENT("Image Event: {Object: %s, Type: Tagged}", request->src_name);
+ (void)isulad_monitor_send_image_event(request->src_name, IM_TAG);
out:
if (*response != NULL) {
@@ -997,6 +998,7 @@ static int image_pull_cb(const image_pull_image_request *request, stream_func_wr
}
EVENT("Image Event: {Object: %s, Type: Pulled}", request->image_name);
+ (void)isulad_monitor_send_image_event(request->image_name, IM_PULL);
out:
(*response)->cc = cc;
diff --git a/src/daemon/modules/api/event_type.h b/src/daemon/modules/api/event_type.h
index c3c7951b..4f2aaf28 100644
--- a/src/daemon/modules/api/event_type.h
+++ b/src/daemon/modules/api/event_type.h
@@ -54,7 +54,9 @@ typedef enum {
MAX_STATE,
} runtime_state_t;
-typedef enum { IM_LOAD, IM_REMOVE, IM_PULL, IM_LOGIN, IM_LOGOUT, IM_IMPORT } image_state_t;
+// relate to g_isulad_image_event_strtype and image_events_type_t
+// we should keep them consistent
+typedef enum { IM_LOAD, IM_REMOVE, IM_PULL, IM_LOGIN, IM_LOGOUT, IM_IMPORT, IM_TAG } image_state_t;
typedef enum { CONTAINER_EVENT, IMAGE_EVENT } msg_event_type_t;
typedef enum { MONITORD_MSG_STATE, MONITORD_MSG_PRIORITY, MONITORD_MSG_EXIT_CODE } msg_type_t;
diff --git a/src/daemon/modules/events/collector.c b/src/daemon/modules/events/collector.c
index b82ede81..36aa9299 100644
--- a/src/daemon/modules/events/collector.c
+++ b/src/daemon/modules/events/collector.c
@@ -157,11 +157,11 @@ static const char *isulad_event_sta2str(container_events_type_t sta)
return g_isulad_event_strtype[sta];
}
-static const char * const g_isulad_image_event_strtype[] = { "load", "remove", "pull", "login", "logout" };
+static const char * const g_isulad_image_event_strtype[] = { "load", "remove", "pull", "login", "logout", "import", "tag" };
static const char *isulad_image_event_sta2str(image_events_type_t sta)
{
- if (sta > EVENTS_TYPE_IMAGE_LOGOUT) {
+ if (sta >= EVENTS_TYPE_IMAGE_MAX_STATE) {
return NULL;
}
diff --git a/src/daemon/modules/image/image.c b/src/daemon/modules/image/image.c
index 8d7e2c1a..4a1950fe 100644
--- a/src/daemon/modules/image/image.c
+++ b/src/daemon/modules/image/image.c
@@ -784,7 +784,7 @@ int im_merge_image_config(const char *image_type, const char *image_name, contai
int ret = 0;
struct bim *bim = NULL;
- // there is no need to judge the image name as empty,
+ // there is no need to judge the image name as empty,
// because the image name of external type allows it to be empty.
if (container_spec == NULL || image_type == NULL) {
ERROR("Invalid input arguments");
diff --git a/src/daemon/modules/image/oci/oci_pull.c b/src/daemon/modules/image/oci/oci_pull.c
index 2706af91..9ad875a5 100644
--- a/src/daemon/modules/image/oci/oci_pull.c
+++ b/src/daemon/modules/image/oci/oci_pull.c
@@ -75,7 +75,8 @@ out:
return ret;
}
-static void update_option_insecure_registry(registry_pull_options *options, char **insecure_registries, const char *host)
+static void update_option_insecure_registry(registry_pull_options *options, char **insecure_registries,
+ const char *host)
{
char **registry = NULL;
@@ -188,83 +189,95 @@ typedef struct status_arg {
stream_func_wrapper *stream;
} status_arg;
+static int do_get_progress_from_store(progress_status_map *status_store, image_progress *result)
+{
+ int i = 0;
+ size_t progress_size = progress_status_map_size(status_store);
+
+ result->progresses = util_smart_calloc_s(sizeof(image_progress_progresses_element *), progress_size);
+ if (result->progresses == NULL) {
+ ERROR("Out of memory");
+ return -1;
+ }
+
+ if (!progress_status_map_lock(status_store)) {
+ WARN("Cannot itorate progress status map for locking failed");
+ // ignore lock error, retry lock after delay.
+ return 0;
+ }
+
+ map_itor *itor = map_itor_new(status_store->map);
+ for (i = 0; map_itor_valid(itor) && i < progress_size; map_itor_next(itor), i++) {
+ void *id = map_itor_key(itor);
+ const progress *value = (progress *)map_itor_value(itor);
+ const int ID_LEN = 12; // The last 12 charactos of image digest.
+
+ result->progresses[i] = util_common_calloc_s(sizeof(image_progress_progresses_element));
+ if (result->progresses[i] == NULL) {
+ // ignore error, return got progress data
+ WARN("Out of memory");
+ break;
+ }
+ result->progresses[i]->id = util_strdup_s((char *)id + strlen((char *)id) - ID_LEN);
+ result->progresses[i]->total = value->dltotal;
+ result->progresses[i]->current = value->dlnow;
+ result->progresses_len++;
+ }
+ map_itor_free(itor);
+ progress_status_map_unlock(status_store);
+
+ return 0;
+}
+
void *get_progress_status(void *arg)
{
status_arg *status = (status_arg *)arg;
- const int delay = 100; // Sleep for 100 milliseconds
- bool write_ok = false;
+
+ prctl(PR_SET_NAME, "PullProgress");
if (status == NULL || status->status_store == NULL || status->stream == NULL) {
ERROR("Get progress status condition error");
return NULL;
}
- for (;;) {
- int i = 0;
-
- usleep(delay * 1000); // Sleep for 100 milliseconds
+ while (!status->should_terminal || status->image != NULL) {
+ bool write_ok = false;
+ image_progress *iprogresses = NULL;
- if (status->should_terminal && status->image == NULL) {
+ // Step 1: delay 100ms, wait progress update
+ util_usleep_nointerupt(100 * 1000);
+
+ // Step 2: check client whether is canceled?
+ if (status->stream->is_cancelled(status->stream->context)) {
+ WARN("pull stream is cancelled");
break;
}
-
- image_progress *progresses;
- size_t progress_size = progress_status_map_size(status->status_store);
- progresses = util_common_calloc_s(sizeof(image_progress));
- if (progresses == NULL) {
- ERROR("Out of memory. Skip progress show.");
- break;
+ iprogresses = util_common_calloc_s(sizeof(image_progress));
+ if (iprogresses == NULL) {
+ ERROR("Out of memory");
+ break;
}
-
- progresses->progresses = util_smart_calloc_s(sizeof(image_progress_progresses_element *), progress_size);
- if (progresses->progresses == NULL) {
- ERROR("Out of memory. Skip progress show.");
- goto roundend;
+ // Step 3: get progress of pull from progress status store
+ if (do_get_progress_from_store(status->status_store, iprogresses) != 0) {
+ free_image_progress(iprogresses);
+ break;
}
+
+ // Step 4: check main thread whether is finished, and setted pulled image info
if (status->image != NULL) {
- progresses->image = util_strdup_s(status->image_name);
+ iprogresses->image = util_strdup_s(status->image_name);
status->image = NULL;
}
- if (!progress_status_map_lock(status->status_store)) {
- ERROR("Cannot itorate progress status map for locking failed");
- goto roundend;
- }
- map_itor *itor = map_itor_new(status->status_store->map);
- for (i = 0; map_itor_valid(itor) && i < progress_size; map_itor_next(itor), i++) {
- void *id = map_itor_key(itor);
- const progress *value = (progress *)map_itor_value(itor);
- const int ID_LEN = 12; // The last 12 charactos of image digest.
-
- progresses->progresses[i] = util_common_calloc_s(sizeof(image_progress_progresses_element));
- if (progresses->progresses[i] == NULL) {
- WARN("Out of memory. Skip progress show.");
- map_itor_free(itor);
- progress_status_map_unlock(status->status_store);
- goto roundend;
- }
- progresses->progresses[i]->id = util_strdup_s((char *)id + strlen((char *)id) - ID_LEN);
- progresses->progresses[i]->total = value->dltotal;
- progresses->progresses[i]->current = value->dlnow;
- progresses->progresses_len++;
+ // Step 5: send got progress of pull to client
+ write_ok = status->stream->write_func(status->stream->writer, iprogresses);
+ if (!write_ok) {
+ WARN("Send progress data to client failed, just ignore and retry it");
}
- map_itor_free(itor);
- progress_status_map_unlock(status->status_store);
-
- /* send to client */
- write_ok = status->stream->write_func(status->stream->writer, progresses);
- if (write_ok) {
- goto roundend;
- }
- if (status->stream->is_cancelled(status->stream->context)) {
- ERROR("pull stream is cancelled");
- goto roundend;
- }
- ERROR("Send progress data to client failed");
-roundend:
- free_image_progress(progresses);
+ free_image_progress(iprogresses);
}
+
return NULL;
}
@@ -286,7 +299,7 @@ int oci_do_pull_image(const im_pull_request *request, stream_func_wrapper *strea
if (request->is_progress_visible && stream != NULL) {
progress_status_store = progress_status_map_new();
if (progress_status_store == NULL) {
- ERROR("Out of memory and will not show the pull progress");
+ ERROR("Out of memory");
isulad_set_error_message("Failed to pull image %s with error: out of memory", request->image);
ret = -1;
goto out;
@@ -321,21 +334,28 @@ int oci_do_pull_image(const im_pull_request *request, stream_func_wrapper *strea
arg.image = image;
arg.image_name = dest_image_name;
if (!request->is_progress_visible && stream != NULL) {
- image_progress *progresses;
+ image_progress *progresses = NULL;
+ bool nret = false;
progresses = util_common_calloc_s(sizeof(image_progress));
if (progresses == NULL) {
- ERROR("Out of memory. Skip progress show.");
- goto out;
+ ERROR("Out of memory");
+ isulad_set_error_message("Failed to pull image %s with error: out of memory", request->image);
+ ret = -1;
+ goto out;
}
progresses->image = util_strdup_s(dest_image_name);
- if (stream->write_func(stream->writer, progresses)) {
+ nret = stream->write_func(stream->writer, progresses);
+ free_image_progress(progresses);
+ if (!nret) {
ERROR("Send progress data to client failed");
+ isulad_set_error_message("Failed to pull image %s with error: send progress data to client failed", request->image);
+ ret = -1;
goto out;
}
}
response->image_ref = util_strdup_s(image->id);
-
+
out:
arg.should_terminal = true;
if (tid != 0 && pthread_join(tid, NULL) != 0) {
diff --git a/src/daemon/modules/image/oci/progress.c b/src/daemon/modules/image/oci/progress.c
index 110f22c0..7d0c10a4 100644
--- a/src/daemon/modules/image/oci/progress.c
+++ b/src/daemon/modules/image/oci/progress.c
@@ -34,15 +34,16 @@ size_t progress_status_map_size(progress_status_map *progress_status_map)
}
ret = map_size(progress_status_map->map);
progress_status_map_unlock(progress_status_map);
-
+
return ret;
}
-bool progress_status_map_insert(progress_status_map *progress_status_map, char *key, progress *value)
+bool progress_status_map_udpate(progress_status_map *progress_status_map, char *key, int64_t current, int64_t total)
{
bool ret = false;
+ progress *pval = NULL;
- if (progress_status_map == NULL || key == NULL || value == NULL) {
+ if (progress_status_map == NULL || key == NULL) {
ERROR("Invalid parameter");
return false;
}
@@ -51,9 +52,26 @@ bool progress_status_map_insert(progress_status_map *progress_status_map, char *
ERROR("Cannot replace the progress status map item for locking failed");
return false;
}
- ret = map_insert(progress_status_map->map, key, value);
- progress_status_map_unlock(progress_status_map);
+ // If the item exists, only replace the value.
+ pval = map_search(progress_status_map->map, key);
+ if (pval != NULL) {
+ pval->dlnow = current;
+ pval->dltotal = total;
+ progress_status_map_unlock(progress_status_map);
+ return true;
+ }
+ pval = util_common_calloc_s(sizeof(progress));
+ if (pval == NULL) {
+ ERROR("Out of memory");
+ progress_status_map_unlock(progress_status_map);
+ return false;
+ }
+ pval->dlnow = current;
+ pval->dltotal = total;
+
+ ret = map_insert(progress_status_map->map, key, pval);
+ progress_status_map_unlock(progress_status_map);
return ret;
}
diff --git a/src/daemon/modules/image/oci/progress.h b/src/daemon/modules/image/oci/progress.h
index 496a32f3..dcc8e144 100644
--- a/src/daemon/modules/image/oci/progress.h
+++ b/src/daemon/modules/image/oci/progress.h
@@ -29,11 +29,11 @@ typedef struct progress_status_map {
} progress_status_map;
typedef struct progress {
- int64_t dlnow;
- int64_t dltotal;
+ int64_t dlnow;
+ int64_t dltotal;
} progress;
-bool progress_status_map_insert(progress_status_map *progress_status_map, char *key, progress *value);
+bool progress_status_map_udpate(progress_status_map *progress_status_map, char *key, int64_t current, int64_t total);
progress_status_map *progress_status_map_new();
diff --git a/src/daemon/modules/image/oci/registry/http_request.c b/src/daemon/modules/image/oci/registry/http_request.c
index 748c9a9b..450fbc41 100644
--- a/src/daemon/modules/image/oci/registry/http_request.c
+++ b/src/daemon/modules/image/oci/registry/http_request.c
@@ -692,44 +692,22 @@ out:
static int xfer_inner(void *p, int64_t dltotal, int64_t dlnow, int64_t ultotal, int64_t ulnow)
{
progress_arg *arg = (progress_arg *)p;
- progress *progress_value = NULL;
if (arg == NULL || arg->map_store == NULL) {
ERROR("Wrong progress arg");
return -1;
}
+
// When fetch_manifest_list, there's no digest. It's not a layer pulling progress and skip it.
if (arg->digest == NULL) {
return 0;
}
- if (!progress_status_map_lock(arg->map_store)) {
- ERROR("Cannot update progress status map for locking failed");
+ if (!progress_status_map_udpate(arg->map_store, arg->digest, dlnow, dltotal)) {
+ ERROR("Failed to update pull progress");
return -1;
}
- // If the item exists, only replace the value.
- progress_value = map_search(arg->map_store->map, arg->digest);
- if (progress_value != NULL) {
- progress_value->dlnow = dlnow;
- progress_value->dltotal = dltotal;
- progress_status_map_unlock(arg->map_store);
-
- return 0;
- }
- progress_status_map_unlock(arg->map_store);
-
- progress_value = util_common_calloc_s(sizeof(progress));
- if (progress_value == NULL) {
- ERROR("Out of memory");
- return -1;
- }
-
- progress_value->dlnow = dlnow;
- progress_value->dltotal = dltotal;
-
- progress_status_map_insert(arg->map_store, arg->digest, progress_value);
-
return 0;
}
diff --git a/src/daemon/modules/image/oci/storage/image_store/image_store.c b/src/daemon/modules/image/oci/storage/image_store/image_store.c
index f49f4707..58baa47a 100644
--- a/src/daemon/modules/image/oci/storage/image_store/image_store.c
+++ b/src/daemon/modules/image/oci/storage/image_store/image_store.c
@@ -2824,7 +2824,7 @@ static int implicit_digest(map_t *digests, image_t *img)
// Find whether the manifest in big_data_digests exists, if not, return 0 directly
if (!get_index_by_key((const char **)img->simage->big_data_digests->keys, img->simage->big_data_digests->len,
- IMAGE_DIGEST_BIG_DATA_KEY, &index)) {
+ IMAGE_DIGEST_BIG_DATA_KEY, &index)) {
return 0;
}
diff --git a/src/daemon/modules/image/oci/storage/layer_store/graphdriver/overlay2/driver_overlay2.c b/src/daemon/modules/image/oci/storage/layer_store/graphdriver/overlay2/driver_overlay2.c
index 7517dd43..3bc433ae 100644
--- a/src/daemon/modules/image/oci/storage/layer_store/graphdriver/overlay2/driver_overlay2.c
+++ b/src/daemon/modules/image/oci/storage/layer_store/graphdriver/overlay2/driver_overlay2.c
@@ -1930,7 +1930,7 @@ int overlay2_apply_diff(const char *id, const struct graphdriver *driver, const
goto out;
}
- ret = archive_unpack(content, layer_diff, &options, root_dir ,&err);
+ ret = archive_unpack(content, layer_diff, &options, root_dir, &err);
if (ret != 0) {
ERROR("Failed to unpack to %s: %s", layer_diff, err);
ret = -1;
diff --git a/src/daemon/modules/image/oci/storage/storage.c b/src/daemon/modules/image/oci/storage/storage.c
index 2e53dbac..0d1a846a 100644
--- a/src/daemon/modules/image/oci/storage/storage.c
+++ b/src/daemon/modules/image/oci/storage/storage.c
@@ -215,7 +215,7 @@ int storage_inc_hold_refs(const char *layer_id)
int storage_dec_hold_refs(const char *layer_id)
{
int ret = 0;
-
+
if (layer_id == NULL) {
ERROR("Empty layer id");
return -1;
@@ -550,7 +550,8 @@ char *storage_img_get_image_id(const char *img_name)
return image_store_lookup(img_name);
}
-static bool is_top_layer_of_other_image(const char *img_id, const imagetool_images_list *all_images, const char *layer_id)
+static bool is_top_layer_of_other_image(const char *img_id, const imagetool_images_list *all_images,
+ const char *layer_id)
{
size_t i = 0;
--
2.42.0

3476
0028-2230-format-code.patch Normal file
View File

File diff suppressed because it is too large Load Diff

445
0029-2255-Fix-cpusets-offline-issue.patch Normal file
View File

@ -0,0 +1,445 @@
From a6f1ff360dded79ce5139a8b97a51c37d2fbd403 Mon Sep 17 00:00:00 2001
From: xuxuepeng <xuxuepeng1@huawei.com>
Date: Thu, 23 Nov 2023 13:18:13 +0000
Subject: [PATCH 29/64] !2255 Fix cpusets offline issue * Fix cpusets offline
issue
---
src/daemon/common/sysinfo.c | 1 +
src/daemon/common/sysinfo.h | 3 +
src/daemon/modules/spec/verify.c | 24 ++---
test/mocks/image_mock.cc | 16 +++
test/mocks/image_mock.h | 2 +
test/specs/CMakeLists.txt | 1 +
test/specs/verify/CMakeLists.txt | 85 +++++++++++++++
test/specs/verify/verify_ut.cc | 173 +++++++++++++++++++++++++++++++
8 files changed, 289 insertions(+), 16 deletions(-)
create mode 100644 test/specs/verify/CMakeLists.txt
create mode 100644 test/specs/verify/verify_ut.cc
diff --git a/src/daemon/common/sysinfo.c b/src/daemon/common/sysinfo.c
index 957b370b..39338925 100644
--- a/src/daemon/common/sysinfo.c
+++ b/src/daemon/common/sysinfo.c
@@ -393,6 +393,7 @@ sysinfo_t *get_sys_info(bool quiet)
}
sysinfo->ncpus = get_nprocs();
+ sysinfo->ncpus_conf = get_nprocs_conf();
cgroup_version = common_get_cgroup_version();
if (cgroup_version < 0) {
diff --git a/src/daemon/common/sysinfo.h b/src/daemon/common/sysinfo.h
index 4ac65df6..363576a9 100644
--- a/src/daemon/common/sysinfo.h
+++ b/src/daemon/common/sysinfo.h
@@ -25,7 +25,10 @@ extern "C" {
#include "cgroup.h"
typedef struct {
+ // Number of processors currently online (i.e., available).
int ncpus;
+ // Number of processors configured.
+ int ncpus_conf;
cgroup_mem_info_t cgmeminfo;
cgroup_cpu_info_t cgcpuinfo;
cgroup_hugetlb_info_t hugetlbinfo;
diff --git a/src/daemon/modules/spec/verify.c b/src/daemon/modules/spec/verify.c
index 850595ed..2a8b3259 100644
--- a/src/daemon/modules/spec/verify.c
+++ b/src/daemon/modules/spec/verify.c
@@ -25,6 +25,7 @@
#include <errno.h>
#include <fcntl.h>
#include <isula_libutils/auto_cleanup.h>
+#include <isula_libutils/utils_macro.h>
#include <isula_libutils/container_config.h>
#include <isula_libutils/defs.h>
#include <isula_libutils/host_config.h>
@@ -560,7 +561,7 @@ static bool check_cpu(const char *provided, const char *available)
}
/* parse unit list */
-int parse_unit_list(const char *val, bool *available_list, int cpu_num)
+STATIC int parse_unit_list(const char *val, bool *available_list, int cpu_num)
{
int ret = -1;
char *str = NULL;
@@ -612,22 +613,13 @@ out:
}
/* is cpuset list available */
-static bool is_cpuset_list_available(const char *provided, const char *available)
+STATIC bool is_cpuset_list_available(const char *provided, const char *available, int cpu_num)
{
- int cpu_num = 0;
int i = 0;
bool ret = false;
bool *parsed_provided = NULL;
bool *parsed_available = NULL;
- sysinfo_t *sysinfo = NULL;
-
- sysinfo = get_sys_info(true);
- if (sysinfo == NULL) {
- ERROR("get sysinfo failed");
- return false;
- }
- cpu_num = sysinfo->ncpus;
parsed_provided = util_smart_calloc_s(sizeof(bool), (unsigned int)cpu_num);
if (parsed_provided == NULL) {
ERROR("memory alloc failed!");
@@ -661,10 +653,10 @@ out:
}
/* is cpuset cpus available */
-bool is_cpuset_cpus_available(const sysinfo_t *sysinfo, const char *cpus)
+STATIC bool is_cpuset_cpus_available(const sysinfo_t *sysinfo, const char *cpus)
{
bool ret = false;
- ret = is_cpuset_list_available(cpus, sysinfo->cpusetinfo.cpus);
+ ret = is_cpuset_list_available(cpus, sysinfo->cpusetinfo.cpus, sysinfo->ncpus_conf);
if (!ret) {
ERROR("Checking cpuset.cpus got invalid format: %s.", cpus);
isulad_set_error_message("Checking cpuset.cpus got invalid format: %s.", cpus);
@@ -673,10 +665,10 @@ bool is_cpuset_cpus_available(const sysinfo_t *sysinfo, const char *cpus)
}
/* is cpuset mems available */
-bool is_cpuset_mems_available(const sysinfo_t *sysinfo, const char *mems)
+STATIC bool is_cpuset_mems_available(const sysinfo_t *sysinfo, const char *mems)
{
bool ret = false;
- ret = is_cpuset_list_available(mems, sysinfo->cpusetinfo.mems);
+ ret = is_cpuset_list_available(mems, sysinfo->cpusetinfo.mems, sysinfo->ncpus_conf);
if (!ret) {
ERROR("Checking cpuset.mems got invalid format: %s.", mems);
isulad_set_error_message("Checking cpuset.mems got invalid format: %s.", mems);
@@ -685,7 +677,7 @@ bool is_cpuset_mems_available(const sysinfo_t *sysinfo, const char *mems)
}
// cpuset subsystem checks and adjustments
-static int verify_resources_cpuset(const sysinfo_t *sysinfo, const char *cpus, const char *mems)
+STATIC int verify_resources_cpuset(const sysinfo_t *sysinfo, const char *cpus, const char *mems)
{
int ret = 0;
bool cpus_available = false;
diff --git a/test/mocks/image_mock.cc b/test/mocks/image_mock.cc
index 7114080c..cebe418d 100644
--- a/test/mocks/image_mock.cc
+++ b/test/mocks/image_mock.cc
@@ -54,3 +54,19 @@ int im_umount_container_rootfs(const char *image_type, const char *image_name, c
}
return 0;
}
+
+struct graphdriver_status *im_graphdriver_get_status(void)
+{
+ if (g_image_mock != nullptr) {
+ return g_image_mock->ImGraphdriverGetStatus();
+ }
+ return nullptr;
+}
+
+void im_free_graphdriver_status(struct graphdriver_status *status)
+{
+ if (g_image_mock != nullptr) {
+ g_image_mock->ImFreeGraphdriverStatus(status);
+ }
+ return;
+}
diff --git a/test/mocks/image_mock.h b/test/mocks/image_mock.h
index 0c7c1e51..f05be516 100644
--- a/test/mocks/image_mock.h
+++ b/test/mocks/image_mock.h
@@ -28,6 +28,8 @@ public:
const char *container_id));
MOCK_METHOD3(ImUmountContainerRootfs, int(const char *image_type, const char *image_name,
const char *container_id));
+ MOCK_METHOD0(ImGraphdriverGetStatus, struct graphdriver_status *());
+ MOCK_METHOD1(ImFreeGraphdriverStatus, void(struct graphdriver_status *status));
};
void MockImage_SetMock(MockImage *mock);
diff --git a/test/specs/CMakeLists.txt b/test/specs/CMakeLists.txt
index 7acd68a1..bf5ed535 100644
--- a/test/specs/CMakeLists.txt
+++ b/test/specs/CMakeLists.txt
@@ -2,3 +2,4 @@ project(iSulad_UT)
add_subdirectory(specs)
add_subdirectory(specs_extend)
+add_subdirectory(verify)
diff --git a/test/specs/verify/CMakeLists.txt b/test/specs/verify/CMakeLists.txt
new file mode 100644
index 00000000..0e60a39e
--- /dev/null
+++ b/test/specs/verify/CMakeLists.txt
@@ -0,0 +1,85 @@
+project(iSulad_UT)
+
+SET(EXE specs_verify_ut)
+
+add_definitions(-DUNIT_TEST=ON)
+
+add_executable(${EXE}
+ ${CMAKE_CURRENT_SOURCE_DIR}/../../../src/utils/cutils/utils.c
+ ${CMAKE_CURRENT_SOURCE_DIR}/../../../src/utils/cutils/utils_regex.c
+ ${CMAKE_CURRENT_SOURCE_DIR}/../../../src/utils/cutils/utils_verify.c
+ ${CMAKE_CURRENT_SOURCE_DIR}/../../../src/utils/cutils/utils_array.c
+ ${CMAKE_CURRENT_SOURCE_DIR}/../../../src/utils/cutils/utils_string.c
+ ${CMAKE_CURRENT_SOURCE_DIR}/../../../src/utils/cutils/utils_convert.c
+ ${CMAKE_CURRENT_SOURCE_DIR}/../../../src/utils/cutils/utils_file.c
+ ${CMAKE_CURRENT_SOURCE_DIR}/../../../src/utils/cutils/utils_timestamp.c
+ ${CMAKE_CURRENT_SOURCE_DIR}/../../../src/utils/cutils/util_atomic.c
+ ${CMAKE_CURRENT_SOURCE_DIR}/../../../src/utils/cutils/utils_mount_spec.c
+ ${CMAKE_CURRENT_SOURCE_DIR}/../../../src/utils/cutils/utils_fs.c
+ ${CMAKE_CURRENT_SOURCE_DIR}/../../../src/utils/cutils/utils_cap.c
+ ${CMAKE_CURRENT_SOURCE_DIR}/../../../src/utils/sha256/sha256.c
+ ${CMAKE_CURRENT_SOURCE_DIR}/../../../src/utils/cutils/path.c
+ ${CMAKE_CURRENT_SOURCE_DIR}/../../../src/utils/cutils/map/map.c
+ ${CMAKE_CURRENT_SOURCE_DIR}/../../../src/utils/cutils/map/rb_tree.c
+ ${CMAKE_CURRENT_SOURCE_DIR}/../../../src/daemon/common/err_msg.c
+ ${CMAKE_CURRENT_SOURCE_DIR}/../../../src/daemon/common/sysinfo.c
+ ${CMAKE_CURRENT_SOURCE_DIR}/../../../src/daemon/common/cgroup.c
+ ${CMAKE_CURRENT_SOURCE_DIR}/../../../src/daemon/common/cgroup_v1.c
+ ${CMAKE_CURRENT_SOURCE_DIR}/../../../src/daemon/modules/spec/verify.c
+ ${CMAKE_CURRENT_SOURCE_DIR}/../../../test/image/oci/oci_ut_common.cc
+ ${CMAKE_CURRENT_SOURCE_DIR}/../../../test/mocks/containers_store_mock.cc
+ ${CMAKE_CURRENT_SOURCE_DIR}/../../../test/mocks/namespace_mock.cc
+ ${CMAKE_CURRENT_SOURCE_DIR}/../../../test/mocks/container_unix_mock.cc
+ ${CMAKE_CURRENT_SOURCE_DIR}/../../../test/mocks/engine_mock.cc
+ ${CMAKE_CURRENT_SOURCE_DIR}/../../../test/mocks/selinux_label_mock.cc
+ ${CMAKE_CURRENT_SOURCE_DIR}/../../../test/mocks/isulad_config_mock.cc
+ ${CMAKE_CURRENT_SOURCE_DIR}/../../../test/mocks/storage_mock.cc
+ ${CMAKE_CURRENT_SOURCE_DIR}/../../../test/mocks/image_mock.cc
+ ${CMAKE_CURRENT_SOURCE_DIR}/../../../test/mocks/storage_mock.cc
+ verify_ut.cc)
+
+target_include_directories(${EXE} PUBLIC
+ ${GTEST_INCLUDE_DIR}
+ ${CMAKE_CURRENT_SOURCE_DIR}/../../include
+ ${CMAKE_CURRENT_SOURCE_DIR}/../../../src/daemon/modules/image/oci
+ ${CMAKE_CURRENT_SOURCE_DIR}/../../../src/daemon/modules/image
+ ${CMAKE_CURRENT_SOURCE_DIR}/../../../src/daemon/modules/image/external
+ ${CMAKE_CURRENT_SOURCE_DIR}/../../../src/utils/cutils
+ ${CMAKE_CURRENT_SOURCE_DIR}/../../../src/common
+ ${CMAKE_CURRENT_SOURCE_DIR}/../../../src/utils/cutils/map
+ ${CMAKE_CURRENT_SOURCE_DIR}/../../../src/cmd/isulad
+ ${CMAKE_CURRENT_SOURCE_DIR}/../../../src/daemon/config
+ ${CMAKE_CURRENT_SOURCE_DIR}/../../../src/daemon/common
+ ${CMAKE_CURRENT_SOURCE_DIR}/../../../src/daemon/modules/api
+ ${CMAKE_CURRENT_SOURCE_DIR}/../../../src/daemon/modules/volume
+ ${CMAKE_CURRENT_SOURCE_DIR}/../../../src/daemon/modules/runtime
+ ${CMAKE_CURRENT_SOURCE_DIR}/../../../src/daemon/modules/container
+ ${CMAKE_CURRENT_SOURCE_DIR}/../../../src/daemon/modules/container/restart_manager
+ ${CMAKE_CURRENT_SOURCE_DIR}/../../../src/daemon/modules/container/health_check
+ ${CMAKE_CURRENT_SOURCE_DIR}/../../../src/daemon/modules/image/oci/storage
+ ${CMAKE_CURRENT_SOURCE_DIR}/../../../src/daemon/services
+ ${CMAKE_CURRENT_SOURCE_DIR}/../../../src/daemon/services/execution
+ ${CMAKE_CURRENT_SOURCE_DIR}/../../../src/daemon/modules/spec/
+ ${CMAKE_CURRENT_SOURCE_DIR}/../../../src/daemon/services/execution/manager
+ ${CMAKE_CURRENT_SOURCE_DIR}/../../../src/daemon/modules/events
+ ${CMAKE_CURRENT_SOURCE_DIR}/../../../src/daemon/services/execution/execute
+ ${CMAKE_CURRENT_SOURCE_DIR}/../../../src/utils/tar
+ ${CMAKE_CURRENT_SOURCE_DIR}/../../../src/plugin
+ ${CMAKE_CURRENT_SOURCE_DIR}/../../../src/utils/http
+ ${CMAKE_CURRENT_SOURCE_DIR}/../../../src/daemon/modules/runtime/engines
+ ${ENGINES_INCS}
+ ${RUNTIME_INCS}
+ ${IMAGE_INCS}
+ ${CMAKE_BINARY_DIR}/conf
+ ${CMAKE_CURRENT_SOURCE_DIR}/../../../src/utils/sha256
+ ${CMAKE_CURRENT_SOURCE_DIR}/../../../src/config
+ ${CMAKE_CURRENT_SOURCE_DIR}/../../../src/cmd
+ ${CMAKE_CURRENT_SOURCE_DIR}/../../../src/daemon/services/graphdriver
+ ${CMAKE_CURRENT_SOURCE_DIR}/../../../src/utils/console
+ ${CMAKE_CURRENT_SOURCE_DIR}/../../../test/image/oci
+ ${CMAKE_CURRENT_SOURCE_DIR}/../../../test/mocks
+ )
+
+target_link_libraries(${EXE} ${GTEST_BOTH_LIBRARIES} ${GMOCK_LIBRARY} ${GMOCK_MAIN_LIBRARY} ${CMAKE_THREAD_LIBS_INIT} ${ISULA_LIBUTILS_LIBRARY} -lgrpc++ -lprotobuf -lcrypto -lyajl -lz)
+add_test(NAME ${EXE} COMMAND ${EXE} --gtest_output=xml:${EXE}-Results.xml)
+set_tests_properties(${EXE} PROPERTIES TIMEOUT 120)
diff --git a/test/specs/verify/verify_ut.cc b/test/specs/verify/verify_ut.cc
new file mode 100644
index 00000000..e764e476
--- /dev/null
+++ b/test/specs/verify/verify_ut.cc
@@ -0,0 +1,173 @@
+/*
+ * Copyright (c) Huawei Technologies Co., Ltd. 2023. All rights reserved.
+ * iSulad licensed under the Mulan PSL v2.
+ * You can use this software according to the terms and conditions of the Mulan PSL v2.
+ * You may obtain a copy of Mulan PSL v2 at:
+ * http://license.coscl.org.cn/MulanPSL2
+ * THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR
+ * PURPOSE.
+ * See the Mulan PSL v2 for more details.
+ * Description: specs verify ut
+ * Author: xuxuepeng
+ * Create: 2023-11-16
+ */
+
+#include <stdlib.h>
+#include <stdio.h>
+#include <gtest/gtest.h>
+#include "mock.h"
+#include <gtest/gtest.h>
+#include <gmock/gmock.h>
+#include "sysinfo.h"
+#include "utils.h"
+
+using namespace std;
+
+#define HOST_CONFIG_FILE "../../../../test/specs/verify/hostconfig.json"
+#define OCI_RUNTIME_SPEC_FILE "../../../../test/specs/verify/oci_runtime_spec.json"
+
+extern "C" {
+ int verify_resources_cpuset(const sysinfo_t *sysinfo, const char *cpus, const char *mems);
+}
+
+/* get sys info */
+sysinfo_t *create_sys_info_for_cpuset_test(const char *cpus, const char *mems, int ncpus_conf, int ncpus)
+{
+ sysinfo_t *sysinfo = NULL;
+
+ sysinfo = (sysinfo_t *)util_common_calloc_s(sizeof(sysinfo_t));
+ if (sysinfo == NULL) {
+ ERROR("Out of memory");
+ return NULL;
+ }
+
+ sysinfo->ncpus = ncpus;
+ sysinfo->ncpus_conf = ncpus_conf;
+
+ sysinfo->cpusetinfo.cpuset = true;
+ sysinfo->cpusetinfo.cpus = util_strdup_s(cpus);
+ sysinfo->cpusetinfo.mems = util_strdup_s(mems);
+
+ return sysinfo;
+}
+
+void test_different_provided_cpus_mems(sysinfo_t *sysinfo, const char *provided_cpus, const char *provided_mems,
+ int expected)
+{
+ int ret = 0;
+ ret = verify_resources_cpuset(sysinfo, provided_cpus, provided_mems);
+ ASSERT_EQ(ret, expected);
+}
+
+// Test the case when provided is null, and available is 0-7
+TEST(test_verify_resources_cpuset, test_0_7)
+{
+ sysinfo_t *sysinfo = create_sys_info_for_cpuset_test("0-7", "0-7", 8, 8);
+ test_different_provided_cpus_mems(sysinfo, nullptr, nullptr, 0);
+
+ test_different_provided_cpus_mems(sysinfo, "0", "0", 0);
+ test_different_provided_cpus_mems(sysinfo, "2", "2", 0);
+ test_different_provided_cpus_mems(sysinfo, "7", "7", 0);
+ test_different_provided_cpus_mems(sysinfo, "8", "8", -1);
+
+ test_different_provided_cpus_mems(sysinfo, "1,2", "1,2", 0);
+ test_different_provided_cpus_mems(sysinfo, "1,3,5", "1,3,5", 0);
+
+ test_different_provided_cpus_mems(sysinfo, "0-7", "0-7", 0);
+ test_different_provided_cpus_mems(sysinfo, "0-8", "0-8", -1);
+ test_different_provided_cpus_mems(sysinfo, "0-1,3-7", "0-1,3-7", 0);
+ test_different_provided_cpus_mems(sysinfo, "0-1,3,5-7", "0-1,3,5-7", 0);
+
+ free_sysinfo(sysinfo);
+}
+
+// Test the case when provided is null, and available is 0-1,3-7
+TEST(test_verify_resources_cpuset, test_0_1_3_7)
+{
+ sysinfo_t *sysinfo = create_sys_info_for_cpuset_test("0-1,3-7", "0-1,3-7", 8, 7);
+ test_different_provided_cpus_mems(sysinfo, nullptr, nullptr, 0);
+
+ test_different_provided_cpus_mems(sysinfo, "0", "0", 0);
+ test_different_provided_cpus_mems(sysinfo, "2", "2", -1);
+ test_different_provided_cpus_mems(sysinfo, "7", "7", 0);
+ test_different_provided_cpus_mems(sysinfo, "8", "8", -1);
+
+ test_different_provided_cpus_mems(sysinfo, "1,2", "1,2", -1);
+ test_different_provided_cpus_mems(sysinfo, "1,3,5", "1,3,5", 0);
+
+ test_different_provided_cpus_mems(sysinfo, "0-7", "0-7", -1);
+ test_different_provided_cpus_mems(sysinfo, "0-8", "0-8", -1);
+ test_different_provided_cpus_mems(sysinfo, "0-1,3-7", "0-1,3-7", 0);
+ test_different_provided_cpus_mems(sysinfo, "0-1,3,5-7", "0-1,3,5-7", 0);
+
+ free_sysinfo(sysinfo);
+}
+
+// Test the case when provided is null, and available is 0-6
+TEST(test_verify_resources_cpuset, test_0_6)
+{
+ sysinfo_t *sysinfo = create_sys_info_for_cpuset_test("0-6", "0-6", 8, 7);
+
+ test_different_provided_cpus_mems(sysinfo, nullptr, nullptr, 0);
+
+ test_different_provided_cpus_mems(sysinfo, "0", "0", 0);
+ test_different_provided_cpus_mems(sysinfo, "2", "2", 0);
+ test_different_provided_cpus_mems(sysinfo, "7", "7", -1);
+ test_different_provided_cpus_mems(sysinfo, "8", "8", -1);
+
+ test_different_provided_cpus_mems(sysinfo, "1,2", "1,2", 0);
+ test_different_provided_cpus_mems(sysinfo, "1,3,5", "1,3,5", 0);
+
+ test_different_provided_cpus_mems(sysinfo, "0-7", "0-7", -1);
+ test_different_provided_cpus_mems(sysinfo, "0-8", "0-8", -1);
+ test_different_provided_cpus_mems(sysinfo, "0-1,3-7", "0-1,3-7", -1);
+ test_different_provided_cpus_mems(sysinfo, "0-1,3,5-7", "0-1,3,5-7", -1);
+
+ free_sysinfo(sysinfo);
+}
+
+// Test the case when provided is null, and available is 1-7
+TEST(test_verify_resources_cpuset, test_1_7)
+{
+ sysinfo_t *sysinfo = create_sys_info_for_cpuset_test("1-7", "1-7", 8, 7);
+
+ test_different_provided_cpus_mems(sysinfo, nullptr, nullptr, 0);
+
+ test_different_provided_cpus_mems(sysinfo, "0", "0", -1);
+ test_different_provided_cpus_mems(sysinfo, "2", "2", 0);
+ test_different_provided_cpus_mems(sysinfo, "7", "7", 0);
+ test_different_provided_cpus_mems(sysinfo, "8", "8", -1);
+
+ test_different_provided_cpus_mems(sysinfo, "1,2", "1,2", 0);
+ test_different_provided_cpus_mems(sysinfo, "1,3,5", "1,3,5", 0);
+
+ test_different_provided_cpus_mems(sysinfo, "0-7", "0-7", -1);
+ test_different_provided_cpus_mems(sysinfo, "0-8", "0-8", -1);
+ test_different_provided_cpus_mems(sysinfo, "0-1,3-7", "0-1,3-7", -1);
+ test_different_provided_cpus_mems(sysinfo, "0-1,3,5-7", "0-1,3,5-7", -1);
+
+ free_sysinfo(sysinfo);
+}
+
+// Test the case when provided is null, and available is 0,3
+TEST(test_verify_resources_cpuset, test_null_03)
+{
+ sysinfo_t *sysinfo = create_sys_info_for_cpuset_test("0,3", "0,3", 8, 2);
+ test_different_provided_cpus_mems(sysinfo, nullptr, nullptr, 0);
+
+ test_different_provided_cpus_mems(sysinfo, "0", "0", 0);
+ test_different_provided_cpus_mems(sysinfo, "2", "2", -1);
+ test_different_provided_cpus_mems(sysinfo, "7", "7", -1);
+ test_different_provided_cpus_mems(sysinfo, "8", "8", -1);
+
+ test_different_provided_cpus_mems(sysinfo, "1,2", "1,2", -1);
+ test_different_provided_cpus_mems(sysinfo, "1,3,5", "1,3,5", -1);
+
+ test_different_provided_cpus_mems(sysinfo, "0-7", "0-7", -1);
+ test_different_provided_cpus_mems(sysinfo, "0-8", "0-8", -1);
+ test_different_provided_cpus_mems(sysinfo, "0-1,3-7", "0-1,3-7", -1);
+ test_different_provided_cpus_mems(sysinfo, "0-1,3,5-7", "0-1,3,5-7", -1);
+
+ free_sysinfo(sysinfo);
+}
--
2.42.0

18
6001-modify-daemon-json-default-runtime-to-runc.patch → 0030-modify-daemon-json-default-runtime-to-runc.patch
View File

@ -1,9 +1,9 @@
From 4b35e4f4d39d3c4ea0caed90518e93cb1a805218 Mon Sep 17 00:00:00 2001
From: zhangxiaoyu <zhangxiaoyu58@huawei.com>
Date: Mon, 14 Aug 2023 09:48:38 +0800
Subject: [PATCH] modify daemon json default runtime to runc
From b94f36b3d06abd711449b2e91303dfdd33f9c979 Mon Sep 17 00:00:00 2001
From: zhongtao <zhongtao17@huawei.com>
Date: Tue, 21 Nov 2023 21:31:48 +0800
Subject: [PATCH 30/64] modify daemon json default runtime to runc
Signed-off-by: zhangxiaoyu <zhangxiaoyu58@huawei.com>
Signed-off-by: zhongtao <zhongtao17@huawei.com>
---
src/cmd/isula/base/create.h | 2 +-
src/cmd/isula/extend/stats.c | 1 -
@ -11,7 +11,7 @@ Signed-off-by: zhangxiaoyu <zhangxiaoyu58@huawei.com>
3 files changed, 2 insertions(+), 3 deletions(-)
diff --git a/src/cmd/isula/base/create.h b/src/cmd/isula/base/create.h
index 0426158..6fff764 100644
index 986be41f..9eb471b4 100644
--- a/src/cmd/isula/base/create.h
+++ b/src/cmd/isula/base/create.h
@@ -332,7 +332,7 @@ extern "C" {
@ -24,7 +24,7 @@ index 0426158..6fff764 100644
{ CMD_OPT_TYPE_STRING_DUP, \
false, \
diff --git a/src/cmd/isula/extend/stats.c b/src/cmd/isula/extend/stats.c
index c11fe21..0448560 100644
index c11fe218..04485608 100644
--- a/src/cmd/isula/extend/stats.c
+++ b/src/cmd/isula/extend/stats.c
@@ -41,7 +41,6 @@ struct client_arguments g_cmd_stats_args = {
@ -36,7 +36,7 @@ index c11fe21..0448560 100644
static struct isula_stats_response *g_oldstats = NULL;
diff --git a/src/contrib/config/daemon.json b/src/contrib/config/daemon.json
index f8cad24..711dda9 100644
index 4faf4057..966e016a 100644
--- a/src/contrib/config/daemon.json
+++ b/src/contrib/config/daemon.json
@@ -1,6 +1,6 @@
@ -48,5 +48,5 @@ index f8cad24..711dda9 100644
"state": "/var/run/isulad",
"log-level": "ERROR",
--
2.25.1
2.42.0

815
0031-modify-CI-for-default-runtime-to-runc.patch Normal file
View File

@ -0,0 +1,815 @@
From c0d86490ba53bf9a33f7569dc31c4ec1ba54f073 Mon Sep 17 00:00:00 2001
From: zhongtao <zhongtao17@huawei.com>
Date: Tue, 21 Nov 2023 21:32:08 +0800
Subject: [PATCH 31/64] modify CI for default runtime to runc
Signed-off-by: zhongtao <zhongtao17@huawei.com>
---
CI/test_cases/container_cases/cni_test.sh | 103 ++++++++++--------
.../container_cases/exec_additional_gids.sh | 26 +++--
CI/test_cases/container_cases/export.sh | 10 +-
.../hook_ignore_poststart_error.sh | 10 +-
.../container_cases/hook_spec_test.sh | 12 +-
...igdata_stream.sh => lcr_bigdata_stream.sh} | 32 +-----
.../container_cases/{exec.sh => lcr_exec.sh} | 2 +-
CI/test_cases/container_cases/nano_cpus.sh | 8 +-
CI/test_cases/container_cases/restart.sh | 14 ++-
CI/test_cases/container_cases/run.sh | 49 +++++----
..._stream_runc.sh => runc_bigdata_stream.sh} | 0
.../{exec_runc.sh => runc_exec.sh} | 0
CI/test_cases/container_cases/seccomp.sh | 12 +-
CI/test_cases/container_cases/stop.sh | 19 +++-
CI/test_cases/critest.sh | 6 +-
15 files changed, 166 insertions(+), 137 deletions(-)
rename CI/test_cases/container_cases/{bigdata_stream.sh => lcr_bigdata_stream.sh} (93%)
rename CI/test_cases/container_cases/{exec.sh => lcr_exec.sh} (97%)
rename CI/test_cases/container_cases/{bigdata_stream_runc.sh => runc_bigdata_stream.sh} (100%)
rename CI/test_cases/container_cases/{exec_runc.sh => runc_exec.sh} (100%)
diff --git a/CI/test_cases/container_cases/cni_test.sh b/CI/test_cases/container_cases/cni_test.sh
index bbc381dd..114cf2a3 100755
--- a/CI/test_cases/container_cases/cni_test.sh
+++ b/CI/test_cases/container_cases/cni_test.sh
@@ -37,6 +37,10 @@ function do_post()
start_isulad_with_valgrind
}
+# $1: pod runtime;
+# $2: pod config;
+# $3: eth0 ip;
+# $4: eth1 ip;
function do_test_help()
{
msg_info "this is $0 do_test"
@@ -53,7 +57,7 @@ function do_test_help()
TC_RET_T=$(($TC_RET_T+1))
fi
- sid=`crictl runp ${data_path}/$1`
+ sid=`crictl runp --runtime $1 ${data_path}/$2`
if [ $? -ne 0 ]; then
msg_err "Failed to run sandbox"
TC_RET_T=$(($TC_RET_T+1))
@@ -61,7 +65,7 @@ function do_test_help()
cnt=`ls /var/lib/cni/results/* | wc -l`
target_cnt=1
- if [ "x$3" != "x" ];then
+ if [ "x$4" != "x" ];then
target_cnt=2
fi
@@ -77,7 +81,7 @@ function do_test_help()
TC_RET_T=$(($TC_RET_T+1))
fi
- cid=`crictl create $sid ${data_path}/container-config.json ${data_path}/$1`
+ cid=`crictl create $sid ${data_path}/container-config.json ${data_path}/$2`
if [ $? -ne 0 ];then
msg_err "create container failed"
TC_RET_T=$(($TC_RET_T+1))
@@ -107,29 +111,29 @@ function do_test_help()
nsenter -t $con_pid -n ifconfig eth0
TC_RET_T=$(($TC_RET_T+1))
fi
- nsenter -t $pod_pid -n ifconfig eth0 | grep "$2"
+ nsenter -t $pod_pid -n ifconfig eth0 | grep "$3"
if [ $? -ne 0 ];then
- msg_err "expect ip: $1, get: "
+ msg_err "expect ip: $3, get: "
nsenter -t $pod_pid -n ifconfig eth0
TC_RET_T=$(($TC_RET_T+1))
fi
- crictl inspectp $sid | grep "$2"
+ crictl inspectp $sid | grep "$3"
if [ $? -ne 0 ];then
- msg_err "inspectp: expect ip: $1, get: "
+ msg_err "inspectp: expect ip: $3, get: "
crictl inspectp $sid
TC_RET_T=$(($TC_RET_T+1))
fi
- if [ "x$3" != "x" ];then
- nsenter -t $pod_pid -n ifconfig eth1 | grep "$3"
+ if [ "x$4" != "x" ];then
+ nsenter -t $pod_pid -n ifconfig eth1 | grep "$4"
if [ $? -ne 0 ];then
- msg_err "expect ip: $2, get: "
+ msg_err "expect ip: $4, get: "
nsenter -t $pod_pid -n ifconfig eth1
TC_RET_T=$(($TC_RET_T+1))
fi
- crictl inspectp $sid | grep "$3"
+ crictl inspectp $sid | grep "$4"
if [ $? -ne 0 ];then
- msg_err "inspectp expect ip: $2, get: "
+ msg_err "inspectp expect ip: $4, get: "
crictl inspectp $sid
TC_RET_T=$(($TC_RET_T+1))
fi
@@ -170,7 +174,7 @@ function do_test_help()
function default_cni_config()
{
- do_test_help "sandbox-config.json" "10\.1\."
+ do_test_help $1 "sandbox-config.json" "10\.1\."
}
function new_cni_config()
@@ -189,12 +193,12 @@ function new_cni_config()
fi
done
tail $ISUALD_LOG
- do_test_help "mutlnet_pod.json" "10\.2\." "10\.1\."
+ do_test_help $1 "mutlnet_pod.json" "10\.2\." "10\.1\."
}
function check_annotation_extension()
{
- sid=`crictl runp ${data_path}/sandbox-config.json`
+ sid=`crictl runp --runtime $1 ${data_path}/sandbox-config.json`
if [ $? -ne 0 ]; then
msg_err "Failed to run sandbox"
TC_RET_T=$(($TC_RET_T+1))
@@ -253,7 +257,7 @@ function check_rollback()
done
tail $ISUALD_LOG
- crictl runp ${data_path}/mutl_wrong_net_pod.json
+ crictl runp --runtime $1 ${data_path}/mutl_wrong_net_pod.json
if [ $? -eq 0 ]; then
msg_err "Run sandbox success with invalid cni configs"
TC_RET_T=$(($TC_RET_T+1))
@@ -302,13 +306,14 @@ function check_rollback()
# $2: expect ingress rate;
# $3: input egress rate;
# $4: expect egress rate;
+# $5: pod runtime;
function check_annotation_valid_bandwidth()
{
rm bandwidth.json
cp ${data_path}/mock_sandbox.json bandwidth.json
sed -i "s#ingressholder#$1#g" bandwidth.json
sed -i "s#engressholder#$3#g" bandwidth.json
- sid=`crictl runp bandwidth.json`
+ sid=`crictl runp --runtime $5 bandwidth.json`
if [ $? -ne 0 ]; then
msg_err "Failed to run sandbox"
TC_RET_T=$(($TC_RET_T+1))
@@ -345,6 +350,7 @@ function check_annotation_valid_bandwidth()
return $TC_RET_T
}
+# function not called
function check_annotation_invalid_bandwidth()
{
rm bandwidth.json
@@ -386,44 +392,51 @@ function check_annotation()
done
tail $ISUALD_LOG
- check_annotation_extension
+ check_annotation_extension $1
- check_annotation_valid_bandwidth "10.24k" "10240" "-1.024k" "-1024"
- check_annotation_valid_bandwidth "1024m" "2" "-1024m" "-1"
- check_annotation_valid_bandwidth "1.000001Ki" "1025" "-1.00001Ki" "-1024"
- check_annotation_valid_bandwidth "0.1Mi" "104858" "-0.01Mi" "-10485"
- check_annotation_valid_bandwidth "1.00001e2" "101" "-1.0001e2" "-100"
+ check_annotation_valid_bandwidth "10.24k" "10240" "-1.024k" "-1024" $1
+ check_annotation_valid_bandwidth "1024m" "2" "-1024m" "-1" $1
+ check_annotation_valid_bandwidth "1.000001Ki" "1025" "-1.00001Ki" "-1024" $1
+ check_annotation_valid_bandwidth "0.1Mi" "104858" "-0.01Mi" "-10485" $1
+ check_annotation_valid_bandwidth "1.00001e2" "101" "-1.0001e2" "-100" $1
return $TC_RET_T
}
-ret=0
+function do_test_t()
+{
+ local ret=0
+ local runtime=$1
+ local test="cni_test => (${runtime})"
+ msg_info "${test} starting..."
+
+ default_cni_config $runtime || ((ret++))
+
+ new_cni_config $runtime || ((ret++))
+
+ check_annotation $runtime || ((ret++))
-do_pre
-if [ $? -ne 0 ];then
- let "ret=$ret + 1"
-fi
+ check_rollback $runtime || ((ret++))
-default_cni_config
-if [ $? -ne 0 ];then
- let "ret=$ret + 1"
-fi
+ msg_info "${test} finished with return ${ret}..."
-new_cni_config
-if [ $? -ne 0 ];then
- let "ret=$ret + 1"
-fi
+ return $ret
+}
-check_annotation
-if [ $? -ne 0 ];then
- let "ret=$ret + 1"
-fi
+ret=0
-check_rollback
-if [ $? -ne 0 ];then
- let "ret=$ret + 1"
-fi
+for element in ${RUNTIME_LIST[@]};
+do
+ do_pre
+ if [ $? -ne 0 ];then
+ let "ret=$ret + 1"
+ fi
-do_post
+ do_test_t $element
+ if [ $? -ne 0 ];then
+ let "ret=$ret + 1"
+ fi
+ do_post
+done
show_result $ret "cni base test"
diff --git a/CI/test_cases/container_cases/exec_additional_gids.sh b/CI/test_cases/container_cases/exec_additional_gids.sh
index f24678d3..2edfd750 100755
--- a/CI/test_cases/container_cases/exec_additional_gids.sh
+++ b/CI/test_cases/container_cases/exec_additional_gids.sh
@@ -22,7 +22,6 @@
curr_path=$(dirname $(readlink -f "$0"))
data_path=$(realpath $curr_path/../data)
source ../helpers.sh
-test="exec additional gids test => test_exec_additional_gids"
test_log=$(mktemp /tmp/additional_gids_test_XXX)
USERNAME="user"
@@ -37,10 +36,14 @@ file_info="Keep it secret, keep it safe"
function additional_gids_test()
{
local ret=0
+ local runtime=$1
+ test="exec additional gids test => test_exec_additional_gids => $runtime"
+
+ msg_info "${test} starting..."
isula rm -f `isula ps -a -q`
- isula run -tid -n $cont_name ubuntu bash
+ isula run -tid --runtime $runtime -n $cont_name ubuntu bash
[[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - failed to run container" && ((ret++))
isula exec $cont_name bash -c "groupadd --gid $USER_GID $USERNAME \
@@ -52,10 +55,13 @@ function additional_gids_test()
&& chmod 606 /app/sekrit.txt"
[[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - create user and group failed" && ((ret++))
+ # runc is not support exec --workdir
/usr/bin/expect <<- EOF > ${test_log} 2>&1
set timeout 10
-spawn isula exec -it --workdir /app -u $USERNAME $cont_name bash
+spawn isula exec -it -u $USERNAME $cont_name bash
expect "${USERNAME}*"
+send "cd /app\n"
+expect "*"
send "newgrp ${ADDITIONAL_GROUP}\n"
expect "*"
send "groups\n"
@@ -75,18 +81,18 @@ EOF
[[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - read error message failed" && ((ret++))
isula rm -f `isula ps -a -q`
+ rm -rf ${test_log}
+
+ msg_info "${test} finished with return ${ret}..."
return ${ret}
}
declare -i ans=0
-msg_info "${test} starting..."
-
-additional_gids_test || ((ans++))
-
-rm -rf ${test_log}
-
-msg_info "${test} finished with return ${ret}..."
+for element in ${RUNTIME_LIST[@]};
+do
+ additional_gids_test $element || ((ans++))
+done
show_result ${ans} "${curr_path}/${0}"
diff --git a/CI/test_cases/container_cases/export.sh b/CI/test_cases/container_cases/export.sh
index eeef2809..1cff873d 100755
--- a/CI/test_cases/container_cases/export.sh
+++ b/CI/test_cases/container_cases/export.sh
@@ -26,7 +26,8 @@ function test_image_export()
{
local ret=0
local image="busybox"
- local test="export container test => (${FUNCNAME[@]})"
+ local runtime=$1
+ local test="export container test => (${FUNCNAME[@]}) => $runtime"
msg_info "${test} starting..."
@@ -36,7 +37,7 @@ function test_image_export()
isula images | grep busybox
[[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - missing list image: ${image}" && ((ret++))
- CONT=`isula run -itd busybox`
+ CONT=`isula run --runtime $runtime -itd busybox`
[[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - failed to run container with image: ${image}" && ((ret++))
isula export -o export.tar ${CONT}
@@ -55,6 +56,9 @@ function test_image_export()
declare -i ans=0
-test_image_export || ((ans++))
+for element in ${RUNTIME_LIST[@]};
+do
+ test_image_export $element || ((ans++))
+done
show_result ${ans} "${curr_path}/${0}"
diff --git a/CI/test_cases/container_cases/hook_ignore_poststart_error.sh b/CI/test_cases/container_cases/hook_ignore_poststart_error.sh
index 5c86a4c1..8c636f7e 100755
--- a/CI/test_cases/container_cases/hook_ignore_poststart_error.sh
+++ b/CI/test_cases/container_cases/hook_ignore_poststart_error.sh
@@ -28,7 +28,8 @@ function test_hook_ignore_poststart_error_spec()
{
local ret=0
local image="busybox"
- local test="container hook test => (${FUNCNAME[@]})"
+ local runtime=$1
+ local test="container hook test => (${FUNCNAME[@]}) => $runtime"
CONT=test_hook_spec
cp ${test_data_path}/poststart.sh /tmp/
@@ -40,7 +41,7 @@ function test_hook_ignore_poststart_error_spec()
isula images | grep busybox
[[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - missing list image: ${image}" && ((ret++))
- isula run -n $CONT -itd --hook-spec ${test_data_path}/oci_hook_poststart_check.json ${image} &
+ isula run -n $CONT -itd --runtime $runtime --hook-spec ${test_data_path}/oci_hook_poststart_check.json ${image} &
for a in `seq 20`
do
@@ -74,6 +75,9 @@ function test_hook_ignore_poststart_error_spec()
declare -i ans=0
-test_hook_ignore_poststart_error_spec || ((ans++))
+for element in ${RUNTIME_LIST[@]};
+do
+ test_hook_ignore_poststart_error_spec $1 || ((ans++))
+done
show_result ${ans} "${curr_path}/${0}"
diff --git a/CI/test_cases/container_cases/hook_spec_test.sh b/CI/test_cases/container_cases/hook_spec_test.sh
index c88ed340..33b7c2e5 100755
--- a/CI/test_cases/container_cases/hook_spec_test.sh
+++ b/CI/test_cases/container_cases/hook_spec_test.sh
@@ -28,7 +28,8 @@ function test_hook_spec()
{
local ret=0
local image="busybox"
- local test="container hook test => (${FUNCNAME[@]})"
+ local runtime=$1
+ local test="container hook test => (${FUNCNAME[@]}) => $runtime"
msg_info "${test} starting..."
isula pull ${image}
@@ -37,7 +38,7 @@ function test_hook_spec()
isula images | grep busybox
[[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - missing list image: ${image}" && ((ret++))
- CONT=`isula run -itd --hook-spec ${test_data_path}/test-hookspec.json ${image}`
+ CONT=`isula run -itd --runtime $runtime --hook-spec ${test_data_path}/test-hookspec.json ${image}`
[[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - failed to run container with image: ${image}" && ((ret++))
isula stop -t 0 ${CONT}
@@ -51,7 +52,7 @@ function test_hook_spec()
isula run -n $no_permission_container -itd --hook-spec ${test_data_path}/no_permission.json ${image} > $runlog 2>&1
[[ $? -ne 126 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - failed to check exit code container with image: ${image}" && ((ret++))
- cat $runlog | grep "Permission denied"
+ cat $runlog | grep -i "Permission denied"
[[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - failed to get no_permission output: ${image}" && ((ret++))
isula rm -f $no_permission_container
@@ -95,6 +96,9 @@ EOF
declare -i ans=0
-test_hook_spec || ((ans++))
+for element in ${RUNTIME_LIST[@]};
+do
+ test_hook_spec $element || ((ans++))
+done
show_result ${ans} "${curr_path}/${0}"
diff --git a/CI/test_cases/container_cases/bigdata_stream.sh b/CI/test_cases/container_cases/lcr_bigdata_stream.sh
similarity index 93%
rename from CI/test_cases/container_cases/bigdata_stream.sh
rename to CI/test_cases/container_cases/lcr_bigdata_stream.sh
index 3bfc2d50..c8ecc48a 100755
--- a/CI/test_cases/container_cases/bigdata_stream.sh
+++ b/CI/test_cases/container_cases/lcr_bigdata_stream.sh
@@ -40,7 +40,7 @@ function set_up()
isula images | grep busybox
[[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - missing list image: ${image}" && ((ret++))
- CID=$(isula run -itd ${image} sh)
+ CID=$(isula run --runtime lcr -itd ${image} sh)
[[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - failed to run container with image: ${image}" && ((ret++))
isula exec -it $CID dd if=/dev/zero of=test_500M bs=1M count=500
@@ -389,33 +389,6 @@ function test_stream_with_kill_isulad()
return ${ret}
}
-function test_stream_with_runc()
-{
- local ret=0
- local image="busybox"
- local test="test_stream_with_runc => (${FUNCNAME[@]})"
- msg_info "${test} starting..."
-
- RUNCID=$(isula run -itd --runtime runc ${image} sh)
- isula exec -it $RUNCID dd if=/dev/zero of=test_500M bs=1M count=500
- [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - failed to create bigdata" && ((ret++))
-
- isula exec -it $RUNCID cat test_500M > /home/iocopy_stream_data_500M
- [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - failed to cat bigdata" && ((ret++))
-
- sync && sync
- total_size=$(stat -c"%s" /home/iocopy_stream_data_500M)
- [[ $total_size -ne 524288000 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - stream iocopy loss data" && ((ret++))
-
- isula rm -f $RUNCID
- [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - failed to rm container" && ((ret++))
-
- rm -rf /home/iocopy_stream_data_500M
-
- msg_info "${test} finished with return ${ret}..."
- return ${ret}
-}
-
function tear_down()
{
local ret=0
@@ -438,7 +411,7 @@ function test_memory_leak_with_bigdata_stream()
start_isulad_with_valgrind
- CID=$(isula run -itd ${image} sh)
+ CID=$(isula run --runtime lcr -itd ${image} sh)
isula exec -it $CID dd if=/dev/zero of=test_100M bs=1M count=100
[[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - failed to create bigdata" && ((ret++))
@@ -477,7 +450,6 @@ test_stream_with_stop_lxc_monitor || ((ans++))
test_stream_with_kill_lxc_monitor || ((ans++))
test_stream_with_stop_isulad || ((ans++))
test_stream_with_kill_isulad || ((ans++))
-test_stream_with_runc || ((ans++))
tear_down || ((ans++))
test_memory_leak_with_bigdata_stream || ((ans++))
diff --git a/CI/test_cases/container_cases/exec.sh b/CI/test_cases/container_cases/lcr_exec.sh
similarity index 97%
rename from CI/test_cases/container_cases/exec.sh
rename to CI/test_cases/container_cases/lcr_exec.sh
index 96ceb884..4f51773d 100755
--- a/CI/test_cases/container_cases/exec.sh
+++ b/CI/test_cases/container_cases/lcr_exec.sh
@@ -30,7 +30,7 @@ function exec_workdir()
isula rm -f `isula ps -a -q`
- isula run -tid -n cont_workdir busybox sh
+ isula run -tid --runtime lcr -n cont_workdir busybox sh
[[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - failed to run container with --workdir" && ((ret++))
isula exec -ti --workdir /workdir cont_workdir pwd | grep "/workdir"
diff --git a/CI/test_cases/container_cases/nano_cpus.sh b/CI/test_cases/container_cases/nano_cpus.sh
index c679958d..85223038 100755
--- a/CI/test_cases/container_cases/nano_cpus.sh
+++ b/CI/test_cases/container_cases/nano_cpus.sh
@@ -26,7 +26,8 @@ function test_cpu_nano_spec()
{
local ret=0
local image="busybox"
- local test="container blkio nano test => (${FUNCNAME[@]})"
+ local runtime=$1
+ local test="container blkio nano test => (${FUNCNAME[@]}) => $runtime"
msg_info "${test} starting..."
@@ -108,6 +109,9 @@ function test_cpu_nano_spec()
declare -i ans=0
-test_cpu_nano_spec || ((ans++))
+for element in ${RUNTIME_LIST[@]};
+do
+ test_cpu_nano_spec $element || ((ans++))
+done
show_result ${ans} "${curr_path}/${0}"
diff --git a/CI/test_cases/container_cases/restart.sh b/CI/test_cases/container_cases/restart.sh
index 5902af06..fddee1f7 100755
--- a/CI/test_cases/container_cases/restart.sh
+++ b/CI/test_cases/container_cases/restart.sh
@@ -26,7 +26,8 @@ source ../helpers.sh
function do_test_t()
{
containername=test_restart
- isula run --name $containername -td busybox
+
+ isula run --runtime $1 --name $containername -td busybox
fn_check_eq "$?" "0" "run failed"
testcontainer $containername running
@@ -46,9 +47,12 @@ function do_test_t()
ret=0
-do_test_t
-if [ $? -ne 0 ];then
- let "ret=$ret + 1"
-fi
+for element in ${RUNTIME_LIST[@]};
+do
+ do_test_t $element
+ if [ $? -ne 0 ];then
+ let "ret=$ret + 1"
+ fi
+done
show_result $ret "basic restart"
diff --git a/CI/test_cases/container_cases/run.sh b/CI/test_cases/container_cases/run.sh
index ad449402..8ea3e514 100755
--- a/CI/test_cases/container_cases/run.sh
+++ b/CI/test_cases/container_cases/run.sh
@@ -25,7 +25,7 @@ source ../helpers.sh
function do_test_t()
{
- tid=`isula run -tid --name hostname busybox`
+ tid=`isula run --runtime $1 -tid --name hostname busybox`
chostname=`isula exec -it $tid hostname`
fn_check_eq "$chostname" "${tid:0:12}" "default hostname is id of container"
isula exec -it hostname env | grep HOSTNAME
@@ -37,7 +37,7 @@ function do_test_t()
containername=test_basic_run
containername2=container_to_join
- isula run --name $containername -td busybox
+ isula run --runtime $1 --name $containername -td busybox
fn_check_eq "$?" "0" "run failed"
testcontainer $containername running
@@ -48,7 +48,7 @@ function do_test_t()
isula rm $containername
fn_check_eq "$?" "0" "rm failed"
- isula run --name $containername -td -v /dev/shm:/dev/shm busybox
+ isula run --runtime $1 --name $containername -td -v /dev/shm:/dev/shm busybox
fn_check_eq "$?" "0" "run failed"
testcontainer $containername running
@@ -61,7 +61,7 @@ function do_test_t()
echo AA > /tmp/test_run_env
- isula run --name $containername -itd --user 100:100 -e AAA=BB -e BAA --env-file /tmp/test_run_env busybox
+ isula run --runtime $1 --name $containername -itd --user 100:100 -e AAA=BB -e BAA --env-file /tmp/test_run_env busybox
fn_check_eq "$?" "0" "run failed"
testcontainer $containername running
@@ -72,18 +72,21 @@ function do_test_t()
isula rm $containername
fn_check_eq "$?" "0" "rm failed"
- isula run --name $containername -itd --external-rootfs / --read-only none sh
- fn_check_eq "$?" "0" "run container with host rootfs failed"
- testcontainer $containername running
+ # runc directly uses the root directory as external rootfs and will report the error pivot_root .: device or resource busy
+ if [ $runtime == "lcr" ]; then
+ isula run --runtime $1 --name $containername -itd --external-rootfs / --read-only none sh
+ fn_check_eq "$?" "0" "run container with host rootfs failed"
+ testcontainer $containername running
- isula stop -t 0 $containername
- fn_check_eq "$?" "0" "stop failed"
- testcontainer $containername exited
+ isula stop -t 0 $containername
+ fn_check_eq "$?" "0" "stop failed"
+ testcontainer $containername exited
- isula rm $containername
- fn_check_eq "$?" "0" "rm failed"
+ isula rm $containername
+ fn_check_eq "$?" "0" "rm failed"
+ fi
- isula run --name $containername -itd --net=host --pid=host --ipc=host --uts=host busybox
+ isula run --runtime $1 --name $containername -itd --net=host --pid=host --ipc=host --uts=host busybox
fn_check_eq "$?" "0" "run failed"
testcontainer $containername running
@@ -94,7 +97,7 @@ function do_test_t()
isula rm $containername
fn_check_eq "$?" "0" "rm failed"
- isula run --name $containername -itd --net=none --pid=none --ipc=none --uts=none busybox
+ isula run --runtime $1 --name $containername -itd --net=none --pid=none --ipc=none --uts=none busybox
fn_check_eq "$?" "0" "run failed"
testcontainer $containername running
@@ -105,11 +108,11 @@ function do_test_t()
isula rm $containername
fn_check_eq "$?" "0" "rm failed"
- isula run --name $containername2 -itd busybox
+ isula run --runtime $1 --name $containername2 -itd busybox
fn_check_eq "$?" "0" "run failed"
testcontainer $containername2 running
- isula run --name $containername -itd --net=container:$containername2 --pid=container:$containername2 --ipc=container:$containername2 --uts=container:$containername2 busybox
+ isula run --runtime $1 --name $containername -itd --net=container:$containername2 --pid=container:$containername2 --ipc=container:$containername2 --uts=container:$containername2 busybox
fn_check_eq "$?" "0" "run failed"
testcontainer $containername running
@@ -135,7 +138,7 @@ function do_run_remote_test_t()
local ret=0
local image="busybox"
local config='tcp://127.0.0.1:2890'
- local test="container start with --attach remote test => (${FUNCNAME[@]})"
+ local test="container start with --attach remote test => (${FUNCNAME[@]}) => $1"
check_valgrind_log
[[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - stop isulad failed" && ((ret++))
@@ -144,13 +147,13 @@ function do_run_remote_test_t()
containername=run_remote
- isula run -ti -H "$config" --name $containername busybox xxx
+ isula run --runtime $1 -ti -H "$config" --name $containername busybox xxx
[[ $? -eq 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - failed check invalid run ${containername} remote" && ((ret++))
testcontainer $containername exited
isula rm -f -H "$config" $containername
[[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - failed to rm container remote" && ((ret++))
- isula run -ti -H "$config" --name $containername busybox /bin/sh -c 'echo "hello"' | grep hello
+ isula run --runtime $1 -ti -H "$config" --name $containername busybox /bin/sh -c 'echo "hello"' | grep hello
[[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - failed to run ${containername} remote" && ((ret++))
testcontainer $containername exited
@@ -169,8 +172,10 @@ function do_run_remote_test_t()
declare -i ans=0
-do_test_t || ((ans++))
-
-do_run_remote_test_t || ((ans++))
+for element in ${RUNTIME_LIST[@]};
+do
+ do_test_t $element || ((ans++))
+ do_run_remote_test_t $element || ((ans++))
+done
show_result ${ans} "${curr_path}/${0}"
diff --git a/CI/test_cases/container_cases/bigdata_stream_runc.sh b/CI/test_cases/container_cases/runc_bigdata_stream.sh
similarity index 100%
rename from CI/test_cases/container_cases/bigdata_stream_runc.sh
rename to CI/test_cases/container_cases/runc_bigdata_stream.sh
diff --git a/CI/test_cases/container_cases/exec_runc.sh b/CI/test_cases/container_cases/runc_exec.sh
similarity index 100%
rename from CI/test_cases/container_cases/exec_runc.sh
rename to CI/test_cases/container_cases/runc_exec.sh
diff --git a/CI/test_cases/container_cases/seccomp.sh b/CI/test_cases/container_cases/seccomp.sh
index 9e886d10..3cb08d84 100755
--- a/CI/test_cases/container_cases/seccomp.sh
+++ b/CI/test_cases/container_cases/seccomp.sh
@@ -39,8 +39,9 @@ function do_pre() {
function do_test() {
local ret=0
-
- msg_info "this is $0 do_test"
+ local runtime=$1
+ local test="seccomp test => (${runtime})"
+ msg_info "${test} starting..."
cid1=$(isula run -tid --security-opt seccomp=/etc/isulad/seccomp_default.json busybox sh)
[[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - Failed to run container with the default seccomp profile" && ((ret++))
@@ -52,7 +53,7 @@ function do_test() {
--security-opt seccomp=${test_data_path}/seccomp_profile_without_archmap.json busybox sh)
[[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - Failed to run container with multiple seccomp profiles" && ((ret++))
- isula stop "${cid1}" "${cid2}" "${cid3}"
+ isula stop -t 0 "${cid1}" "${cid2}" "${cid3}"
isula rm -f $(isula ps -qa)
@@ -69,7 +70,10 @@ declare -i ans=0
do_pre || ((ans++))
-do_test || ((ans++))
+for element in ${RUNTIME_LIST[@]};
+do
+ do_test $element || ((ans++))
+done
do_post
diff --git a/CI/test_cases/container_cases/stop.sh b/CI/test_cases/container_cases/stop.sh
index 962e72f3..13292710 100755
--- a/CI/test_cases/container_cases/stop.sh
+++ b/CI/test_cases/container_cases/stop.sh
@@ -25,8 +25,12 @@ source ../helpers.sh
function do_test_t()
{
+ local runtime=$1
+ local test="start_test => (${runtime})"
+ msg_info "${test} starting..."
+
containername=test_stop
- isula run --name $containername -td busybox
+ isula run --runtime $runtime --name $containername -td busybox
fn_check_eq "$?" "0" "run failed"
testcontainer $containername running
@@ -61,14 +65,19 @@ function do_test_t()
isula rm $containername
fn_check_eq "$?" "0" "rm failed"
+ msg_info "${test} finished with return ${ret}..."
+
return $TC_RET_T
}
ret=0
-do_test_t
-if [ $? -ne 0 ];then
- let "ret=$ret + 1"
-fi
+for element in ${RUNTIME_LIST[@]};
+do
+ do_test_t $element
+ if [ $? -ne 0 ];then
+ let "ret=$ret + 1"
+ fi
+done
show_result $ret "basic stop"
diff --git a/CI/test_cases/critest.sh b/CI/test_cases/critest.sh
index 044ce2ed..f8d4975e 100755
--- a/CI/test_cases/critest.sh
+++ b/CI/test_cases/critest.sh
@@ -130,7 +130,7 @@ function test_critest() {
function do_test_t() {
local ret=0
- local runtime="lcr"
+ local runtime="runc"
local test="critest => $runtime"
msg_info "${test} starting..."
echo "${test}" >> ${testcase_data}/critest.log
@@ -143,11 +143,11 @@ function do_test_t() {
[[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - stop isulad failed" && ((ret++))
# replace default runtime
- sed -i 's/"default-runtime": "lcr"/"default-runtime": "runc"/g' /etc/isulad/daemon.json
+ sed -i 's/"default-runtime": "runc"/"default-runtime": "lcr"/g' /etc/isulad/daemon.json
start_isulad_without_valgrind --selinux-enabled --network-plugin cni
[[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - start isulad with selinux and cni failed" && ((ret++))
- runtime=runc
+ runtime=lcr
test="critest => $runtime"
msg_info "${test} starting..."
echo "${test}" >> ${testcase_data}/critest.log
--
2.42.0

737
0032-add-ut-for-devicemapper.patch Normal file
View File

@ -0,0 +1,737 @@
From ca297d26dc1e7b47d6987c6bbbd92dd2e3d78670 Mon Sep 17 00:00:00 2001
From: jikai <jikai11@huawei.com>
Date: Wed, 22 Nov 2023 22:05:04 +0800
Subject: [PATCH 32/64] add ut for devicemapper
Signed-off-by: jikai <jikai11@huawei.com>
---
test/image/oci/storage/layers/CMakeLists.txt | 2 +
.../storage/layers/devmapper/CMakeLists.txt | 71 +++++
...9702e4bd316dd50ae85467b0378a419b23b60ba73d | 6 +
...a9fb83febf6dc0b1548dfe896161533668281c9f4f | 6 +
...0a625721fdbea5c94ca6da897acdd814d710149770 | 6 +
.../devmapper/data/devicemapper/metadata/base | 7 +
.../devicemapper/metadata/deviceset-metadata | 5 +
.../metadata/transaction-metadata | 5 +
.../layers/devmapper/driver_devmapper_ut.cc | 283 ++++++++++++++++++
test/mocks/libdevmapper_mock.cc | 191 ++++++++++++
test/mocks/libdevmapper_mock.h | 52 ++++
11 files changed, 634 insertions(+)
create mode 100644 test/image/oci/storage/layers/devmapper/CMakeLists.txt
create mode 100644 test/image/oci/storage/layers/devmapper/data/devicemapper/metadata/068615102be4457b22d40c9702e4bd316dd50ae85467b0378a419b23b60ba73d
create mode 100644 test/image/oci/storage/layers/devmapper/data/devicemapper/metadata/3d24ee258efc3bfe4066a1a9fb83febf6dc0b1548dfe896161533668281c9f4f
create mode 100644 test/image/oci/storage/layers/devmapper/data/devicemapper/metadata/ba0dae6243cc9fa2890df40a625721fdbea5c94ca6da897acdd814d710149770
create mode 100644 test/image/oci/storage/layers/devmapper/data/devicemapper/metadata/base
create mode 100644 test/image/oci/storage/layers/devmapper/data/devicemapper/metadata/deviceset-metadata
create mode 100644 test/image/oci/storage/layers/devmapper/data/devicemapper/metadata/transaction-metadata
create mode 100644 test/image/oci/storage/layers/devmapper/driver_devmapper_ut.cc
create mode 100644 test/mocks/libdevmapper_mock.cc
create mode 100644 test/mocks/libdevmapper_mock.h
diff --git a/test/image/oci/storage/layers/CMakeLists.txt b/test/image/oci/storage/layers/CMakeLists.txt
index 413a8b38..e1c76453 100644
--- a/test/image/oci/storage/layers/CMakeLists.txt
+++ b/test/image/oci/storage/layers/CMakeLists.txt
@@ -1,5 +1,7 @@
project(iSulad_UT)
+add_subdirectory(devmapper)
+
# storage_driver_ut
SET(DRIVER_EXE storage_driver_ut)
diff --git a/test/image/oci/storage/layers/devmapper/CMakeLists.txt b/test/image/oci/storage/layers/devmapper/CMakeLists.txt
new file mode 100644
index 00000000..f98de1a8
--- /dev/null
+++ b/test/image/oci/storage/layers/devmapper/CMakeLists.txt
@@ -0,0 +1,71 @@
+project(iSulad_UT)
+
+# driver_devmapper_ut
+SET(DRIVER_DEVMAPPER_EXE driver_devmapper_ut)
+
+add_executable(${DRIVER_DEVMAPPER_EXE}
+ ${CMAKE_CURRENT_SOURCE_DIR}/../../../../../../src/utils/cutils/utils.c
+ ${CMAKE_CURRENT_SOURCE_DIR}/../../../../../../src/utils/cutils/utils_regex.c
+ ${CMAKE_CURRENT_SOURCE_DIR}/../../../../../../src/utils/cutils/utils_verify.c
+ ${CMAKE_CURRENT_SOURCE_DIR}/../../../../../../src/utils/cutils/utils_array.c
+ ${CMAKE_CURRENT_SOURCE_DIR}/../../../../../../src/utils/cutils/utils_string.c
+ ${CMAKE_CURRENT_SOURCE_DIR}/../../../../../../src/utils/cutils/utils_convert.c
+ ${CMAKE_CURRENT_SOURCE_DIR}/../../../../../../src/utils/cutils/utils_file.c
+ ${CMAKE_CURRENT_SOURCE_DIR}/../../../../../../src/utils/cutils/utils_fs.c
+ ${CMAKE_CURRENT_SOURCE_DIR}/../../../../../../src/utils/cutils/util_atomic.c
+ ${CMAKE_CURRENT_SOURCE_DIR}/../../../../../../src/utils/cutils/utils_base64.c
+ ${CMAKE_CURRENT_SOURCE_DIR}/../../../../../../src/utils/cutils/utils_timestamp.c
+ ${CMAKE_CURRENT_SOURCE_DIR}/../../../../../../src/utils/cutils/path.c
+ ${CMAKE_CURRENT_SOURCE_DIR}/../../../../../../src/utils/cutils/map/map.c
+ ${CMAKE_CURRENT_SOURCE_DIR}/../../../../../../src/utils/cutils/map/rb_tree.c
+ ${CMAKE_CURRENT_SOURCE_DIR}/../../../../../../src/utils/buffer/buffer.c
+ ${CMAKE_CURRENT_SOURCE_DIR}/../../../../../../src/utils/tar/util_archive.c
+ ${CMAKE_CURRENT_SOURCE_DIR}/../../../../../../src/utils/tar/util_gzip.c
+ ${CMAKE_CURRENT_SOURCE_DIR}/../../../../../../src/utils/sha256/sha256.c
+ ${CMAKE_CURRENT_SOURCE_DIR}/../../../../../../src/daemon/config/daemon_arguments.c
+ ${CMAKE_CURRENT_SOURCE_DIR}/../../../../../../src/daemon/config/isulad_config.c
+ ${CMAKE_CURRENT_SOURCE_DIR}/../../../../../../src/daemon/common/err_msg.c
+ ${CMAKE_CURRENT_SOURCE_DIR}/../../../../../../src/daemon/common/selinux_label.c
+ ${CMAKE_CURRENT_SOURCE_DIR}/../../../../../../src/daemon/modules/image/oci/storage/layer_store/graphdriver/devmapper/deviceset.c
+ ${CMAKE_CURRENT_SOURCE_DIR}/../../../../../../src/daemon/modules/image/oci/storage/layer_store/graphdriver/devmapper/driver_devmapper.c
+ ${CMAKE_CURRENT_SOURCE_DIR}/../../../../../../src/daemon/modules/image/oci/storage/layer_store/graphdriver/devmapper/metadata_store.c
+ ${CMAKE_CURRENT_SOURCE_DIR}/../../../../../../src/daemon/modules/image/oci/storage/layer_store/graphdriver/devmapper/wrapper_devmapper.c
+ ${CMAKE_CURRENT_SOURCE_DIR}/../../../../../mocks/libdevmapper_mock.cc
+ driver_devmapper_ut.cc)
+
+target_include_directories(${DRIVER_DEVMAPPER_EXE} PUBLIC
+ ${GTEST_INCLUDE_DIR}
+ ${CMAKE_CURRENT_SOURCE_DIR}/../../../../../include
+ ${CMAKE_CURRENT_SOURCE_DIR}/../../../../../../src/common
+ ${CMAKE_CURRENT_SOURCE_DIR}/../../../../../../src/utils/tar
+ ${CMAKE_CURRENT_SOURCE_DIR}/../../../../../../src/utils/cutils
+ ${CMAKE_CURRENT_SOURCE_DIR}/../../../../../../src/utils/cutils/map
+ ${CMAKE_CURRENT_SOURCE_DIR}/../../../../../../src/utils/sha256
+ ${CMAKE_CURRENT_SOURCE_DIR}/../../../../../../src/utils/console
+ ${CMAKE_CURRENT_SOURCE_DIR}/../../../../../../src/utils/buffer
+ ${CMAKE_CURRENT_SOURCE_DIR}/../../../../../../src/daemon/config
+ ${CMAKE_CURRENT_SOURCE_DIR}/../../../../../../src/daemon/common
+ ${CMAKE_CURRENT_SOURCE_DIR}/../../../../../../src/daemon/modules/api
+ ${CMAKE_CURRENT_SOURCE_DIR}/../../../../../../src/daemon/modules/image
+ ${CMAKE_CURRENT_SOURCE_DIR}/../../../../../../src/daemon/modules/image/oci/storage
+ ${CMAKE_CURRENT_SOURCE_DIR}/../../../../../../src/daemon/modules/image/oci/storage/layer_store/graphdriver
+ ${CMAKE_CURRENT_SOURCE_DIR}/../../../../../../src/daemon/modules/image/oci/storage/layer_store/graphdriver/devmapper
+ ${CMAKE_CURRENT_SOURCE_DIR}/../../../../../../src/daemon/modules/image/oci/storage/layer_store/graphdriver/overlay2
+ ${CMAKE_CURRENT_SOURCE_DIR}/../../../../../../src/daemon/modules/image/oci/storage/remote_layer_support
+ ${CMAKE_CURRENT_SOURCE_DIR}/../../../../../../src/daemon/modules/image/oci/storage/layer_store/graphdriver/quota
+ ${CMAKE_CURRENT_SOURCE_DIR}/../../../../../mocks
+ )
+
+set_target_properties(${DRIVER_DEVMAPPER_EXE} PROPERTIES LINK_FLAGS "-Wl,--wrap,util_exec_cmd -Wl,--wrap,util_mount -Wl,--wrap,umount2")
+
+target_link_libraries(${DRIVER_DEVMAPPER_EXE}
+ ${GTEST_BOTH_LIBRARIES}
+ ${GMOCK_LIBRARY}
+ ${GMOCK_MAIN_LIBRARY}
+ ${CMAKE_THREAD_LIBS_INIT}
+ ${ISULA_LIBUTILS_LIBRARY}
+ ${LIBTAR_LIBRARY}
+ -lcrypto -lyajl -larchive ${SELINUX_LIBRARY} -lz -lcap)
+
+add_test(NAME ${DRIVER_DEVMAPPER_EXE} COMMAND ${DRIVER_DEVMAPPER_EXE} --gtest_output=xml:${DRIVER_DEVMAPPER_EXE}-Results.xml)
+set_tests_properties(${DRIVER_DEVMAPPER_EXE} PROPERTIES TIMEOUT 120)
diff --git a/test/image/oci/storage/layers/devmapper/data/devicemapper/metadata/068615102be4457b22d40c9702e4bd316dd50ae85467b0378a419b23b60ba73d b/test/image/oci/storage/layers/devmapper/data/devicemapper/metadata/068615102be4457b22d40c9702e4bd316dd50ae85467b0378a419b23b60ba73d
new file mode 100644
index 00000000..f51ae926
--- /dev/null
+++ b/test/image/oci/storage/layers/devmapper/data/devicemapper/metadata/068615102be4457b22d40c9702e4bd316dd50ae85467b0378a419b23b60ba73d
@@ -0,0 +1,6 @@
+{
+ "hash": "068615102be4457b22d40c9702e4bd316dd50ae85467b0378a419b23b60ba73d",
+ "device_id": 6,
+ "size": 10737418240,
+ "transaction_id": 8
+}
diff --git a/test/image/oci/storage/layers/devmapper/data/devicemapper/metadata/3d24ee258efc3bfe4066a1a9fb83febf6dc0b1548dfe896161533668281c9f4f b/test/image/oci/storage/layers/devmapper/data/devicemapper/metadata/3d24ee258efc3bfe4066a1a9fb83febf6dc0b1548dfe896161533668281c9f4f
new file mode 100644
index 00000000..de727a79
--- /dev/null
+++ b/test/image/oci/storage/layers/devmapper/data/devicemapper/metadata/3d24ee258efc3bfe4066a1a9fb83febf6dc0b1548dfe896161533668281c9f4f
@@ -0,0 +1,6 @@
+{
+ "hash": "3d24ee258efc3bfe4066a1a9fb83febf6dc0b1548dfe896161533668281c9f4f",
+ "device_id": 4,
+ "size": 10737418240,
+ "transaction_id": 4
+}
diff --git a/test/image/oci/storage/layers/devmapper/data/devicemapper/metadata/ba0dae6243cc9fa2890df40a625721fdbea5c94ca6da897acdd814d710149770 b/test/image/oci/storage/layers/devmapper/data/devicemapper/metadata/ba0dae6243cc9fa2890df40a625721fdbea5c94ca6da897acdd814d710149770
new file mode 100644
index 00000000..e1e8988e
--- /dev/null
+++ b/test/image/oci/storage/layers/devmapper/data/devicemapper/metadata/ba0dae6243cc9fa2890df40a625721fdbea5c94ca6da897acdd814d710149770
@@ -0,0 +1,6 @@
+{
+ "hash": "ba0dae6243cc9fa2890df40a625721fdbea5c94ca6da897acdd814d710149770",
+ "device_id": 2,
+ "size": 10737418240,
+ "transaction_id": 2
+}
diff --git a/test/image/oci/storage/layers/devmapper/data/devicemapper/metadata/base b/test/image/oci/storage/layers/devmapper/data/devicemapper/metadata/base
new file mode 100644
index 00000000..2412113d
--- /dev/null
+++ b/test/image/oci/storage/layers/devmapper/data/devicemapper/metadata/base
@@ -0,0 +1,7 @@
+{
+ "hash": "base",
+ "device_id": 1,
+ "size": 10737418240,
+ "transaction_id": 1,
+ "initialized": true
+}
diff --git a/test/image/oci/storage/layers/devmapper/data/devicemapper/metadata/deviceset-metadata b/test/image/oci/storage/layers/devmapper/data/devicemapper/metadata/deviceset-metadata
new file mode 100644
index 00000000..94f7a6a3
--- /dev/null
+++ b/test/image/oci/storage/layers/devmapper/data/devicemapper/metadata/deviceset-metadata
@@ -0,0 +1,5 @@
+{
+ "next_device_id": 7,
+ "BaseDeviceFilesystem": "ext4",
+ "BaseDeviceUUID": "4fa22307-0c88-4fa4-8f16-a9459e9cbc4a"
+}
diff --git a/test/image/oci/storage/layers/devmapper/data/devicemapper/metadata/transaction-metadata b/test/image/oci/storage/layers/devmapper/data/devicemapper/metadata/transaction-metadata
new file mode 100644
index 00000000..a011249a
--- /dev/null
+++ b/test/image/oci/storage/layers/devmapper/data/devicemapper/metadata/transaction-metadata
@@ -0,0 +1,5 @@
+{
+ "open_transaction_id": 8,
+ "device_hash": "068615102be4457b22d40c9702e4bd316dd50ae85467b0378a419b23b60ba73d",
+ "device_id": 6
+}
diff --git a/test/image/oci/storage/layers/devmapper/driver_devmapper_ut.cc b/test/image/oci/storage/layers/devmapper/driver_devmapper_ut.cc
new file mode 100644
index 00000000..59e53f97
--- /dev/null
+++ b/test/image/oci/storage/layers/devmapper/driver_devmapper_ut.cc
@@ -0,0 +1,283 @@
+/******************************************************************************
+ * Copyright (c) Huawei Technologies Co., Ltd. 2020-2020. All rights reserved.
+ * iSulad licensed under the Mulan PSL v2.
+ * You can use this software according to the terms and conditions of the Mulan PSL v2.
+ * You may obtain a copy of Mulan PSL v2 at:
+ * http://license.coscl.org.cn/MulanPSL2
+ * THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR
+ * PURPOSE.
+ * See the Mulan PSL v2 for more details.
+ * Author: jikai
+ * Create: 2023-11-22
+ * Description: provide oci storage driver unit test for devmapper
+ ******************************************************************************/
+
+#include <gtest/gtest.h>
+#include <gmock/gmock.h>
+
+#include "driver_devmapper.h"
+#include "mock.h"
+#include "path.h"
+#include "utils.h"
+#include "libdevmapper_mock.h"
+
+using ::testing::Invoke;
+using ::testing::NiceMock;
+using ::testing::Return;
+using ::testing::_;
+
+extern "C" {
+ DECLARE_WRAPPER_V(util_exec_cmd, bool, (exec_func_t cb_func, void *args, const char *stdin_msg, char **stdout_msg, char **stderr_msg));
+ DEFINE_WRAPPER_V(util_exec_cmd, bool, (exec_func_t cb_func, void *args, const char *stdin_msg, char **stdout_msg, char **stderr_msg), (cb_func, args, stdin_msg, stdout_msg, stderr_msg));
+
+ DECLARE_WRAPPER(util_mount, int, (const char *src, const char *dst, const char *mtype, const char *mntopts));
+ DEFINE_WRAPPER(util_mount, int, (const char *src, const char *dst, const char *mtype, const char *mntopts), (src, dst, mtype, mntopts));
+
+ DECLARE_WRAPPER(umount2, int, (const char *__special_file, int __flags));
+ DEFINE_WRAPPER(umount2, int, (const char *__special_file, int __flags), (__special_file, __flags));
+}
+
+static std::string GetDirectory()
+{
+ char abs_path[PATH_MAX] { 0x00 };
+ int ret = readlink("/proc/self/exe", abs_path, sizeof(abs_path));
+ if (ret < 0 || static_cast<size_t>(ret) >= sizeof(abs_path)) {
+ return "";
+ }
+
+ for (int i { ret }; i >= 0; --i) {
+ if (abs_path[i] == '/') {
+ abs_path[i + 1] = '\0';
+ break;
+ }
+ }
+
+ return static_cast<std::string>(abs_path) + "../../../../../../../test/image/oci/storage/layers/devmapper";
+}
+
+static bool invokeUtilExecCmd(exec_func_t cb_func, void *args, const char *stdin_msg, char **stdout_msg, char **stderr_msg)
+{
+ if (cb_func == nullptr || args == nullptr || stdout_msg == nullptr || stderr_msg == nullptr) {
+ return false;
+ }
+
+ char **tmp_args = static_cast<char **>(args);
+
+ if (util_array_len((const char **)tmp_args) < 1) {
+ return false;
+ }
+
+ if (strcmp(tmp_args[0], "blkid") == 0) {
+ *stdout_msg = util_strdup_s("4fa22307-0c88-4fa4-8f16-a9459e9cbc4a");
+ }
+ return true;
+}
+
+static struct dm_task *invokeDMTaskCreate(int type) {
+ return static_cast<struct dm_task *>(util_common_calloc_s(sizeof(0)));
+}
+
+static void invokeDMTaskDestroy(struct dm_task *task) {
+ free(task);
+ return;
+}
+
+static int invokeDMTaskGetDriverVersion(struct dm_task *task, char *version, size_t size) {
+ if (task == nullptr || version == nullptr || strncpy(version, "4.27.0", size) == NULL) {
+ return 0;
+ }
+
+ return 1;
+}
+
+static int invokeDMTaskGetInfo(struct dm_task *task, struct dm_info *dmi) {
+ if (task == nullptr || dmi == nullptr) {
+ return 0;
+ }
+
+ dmi->exists = 1;
+ return 1;
+}
+
+static void *invokeDMGetNextTarget(struct dm_task *task, void *next, uint64_t *start, uint64_t *length,
+ char **target_type, char **params) {
+ static char type[] = "thin-pool";
+ static char par[] = "0 0/1024 0/1024";
+ if (target_type) {
+ *target_type = type;
+ }
+ if (params) {
+ *params = par;
+ }
+ return nullptr;
+}
+
+class DriverDevmapperUnitTest : public testing::Test {
+protected:
+ void SetUp() override
+ {
+ MockLibdevmapper_SetMock(&m_libdevmapper_mock);
+ std::string isulad_dir { "/tmp/isulad/" };
+ mkdir(isulad_dir.c_str(), 0755);
+ std::string root_dir = isulad_dir + "data";
+ std::string run_dir = isulad_dir + "data/run";
+ std::string data_dir = GetDirectory() + "/data";
+ std::string driver_home = root_dir + "/devicemapper";
+
+ ASSERT_STRNE(util_clean_path(data_dir.c_str(), data_path, sizeof(data_path)), nullptr);
+ std::string cp_command = "cp -r " + std::string(data_path) + " " + isulad_dir;
+ ASSERT_EQ(system(cp_command.c_str()), 0);
+
+ char **driver_opts = static_cast<char **>(util_common_calloc_s(3 * sizeof(char *)));
+ driver_opts[0] = strdup("dm.thinpooldev=/dev/mapper/isulad0-thinpool");
+ driver_opts[1] = strdup("dm.fs=ext4");
+ driver_opts[2] = strdup("dm.min_free_space=10%");
+ int driver_opts_len = 3;
+
+ ASSERT_EQ(devmapper_init(&driver, nullptr, (const char **)driver_opts, driver_opts_len), -1);
+
+ EXPECT_CALL(m_libdevmapper_mock, DMTaskCreate(_)).WillRepeatedly(Invoke(invokeDMTaskCreate));
+ EXPECT_CALL(m_libdevmapper_mock, DMTaskSetMessage(_, _)).WillRepeatedly(Return(1));
+ EXPECT_CALL(m_libdevmapper_mock, DMTaskSetSector(_, _)).WillRepeatedly(Return(1));
+ EXPECT_CALL(m_libdevmapper_mock, DMTaskSetAddNode(_, _)).WillRepeatedly(Return(1));
+ EXPECT_CALL(m_libdevmapper_mock, DMTaskAddTarget(_, _, _, _, _)).WillRepeatedly(Return(1));
+ EXPECT_CALL(m_libdevmapper_mock, DMTaskSetName(_, _)).WillRepeatedly(Return(1));
+ EXPECT_CALL(m_libdevmapper_mock, DMTaskRun(_)).WillRepeatedly(Return(1));
+ EXPECT_CALL(m_libdevmapper_mock, DMTaskDestroy(_)).WillRepeatedly(Invoke(invokeDMTaskDestroy));
+ EXPECT_CALL(m_libdevmapper_mock, DMTaskGetInfo(_, _)).WillRepeatedly(Invoke(invokeDMTaskGetInfo));
+ EXPECT_CALL(m_libdevmapper_mock, DMGetNextTarget(_, _, _, _, _, _)).WillRepeatedly(Invoke(invokeDMGetNextTarget));
+ EXPECT_CALL(m_libdevmapper_mock, DMTaskSetCookie(_, _, _)).WillRepeatedly(Return(1));
+ EXPECT_CALL(m_libdevmapper_mock, DMUdevWait(_)).WillRepeatedly(Return(1));
+ EXPECT_CALL(m_libdevmapper_mock, DMUdevComplete(_)).WillRepeatedly(Return(1));
+ EXPECT_CALL(m_libdevmapper_mock, DMTaskDeferredRemove(_)).WillRepeatedly(Return(1));
+
+
+ char *names = static_cast<char *>(util_common_calloc_s(sizeof(struct dm_names) + strlen("isulad0-pool") + 1));
+ struct dm_names *dname = (struct dm_names *)names;
+ dname->dev = 1;
+ dname->next = 0;
+ strcpy(names + sizeof(struct dm_names), "isulad0-pool");
+ EXPECT_CALL(m_libdevmapper_mock, DMTaskGetNames(_)).WillOnce(Return(dname));
+ EXPECT_CALL(m_libdevmapper_mock, DMSetDevDir(_)).WillOnce(Return(1));
+ EXPECT_CALL(m_libdevmapper_mock, DMTaskGetDriverVersion(_, _, _)).WillOnce(Invoke(invokeDMTaskGetDriverVersion));
+ EXPECT_CALL(m_libdevmapper_mock, DMUdevGetSyncSupport()).WillOnce(Return(1));
+
+ MOCK_SET_V(util_exec_cmd, invokeUtilExecCmd);
+
+ ASSERT_EQ(devmapper_init(&driver, driver_home.c_str(), (const char **)driver_opts, driver_opts_len), 0);
+ MOCK_CLEAR(util_exec_cmd);
+
+ util_free_array_by_len(driver_opts, driver_opts_len);
+ free(names);
+ }
+
+ void TearDown() override
+ {
+ MockLibdevmapper_SetMock(nullptr);
+ std::string rm_command = "rm -rf /tmp/isulad/";
+ ASSERT_EQ(system(rm_command.c_str()), 0);
+ }
+
+ NiceMock<MockLibdevmapper> m_libdevmapper_mock;
+ char data_path[PATH_MAX] = { 0x00 };
+ graphdriver driver = {.ops = nullptr, .name = "devicemapper", };
+};
+
+TEST_F(DriverDevmapperUnitTest, test_devmapper_layer_exists)
+{
+ std::string id { "3d24ee258efc3bfe4066a1a9fb83febf6dc0b1548dfe896161533668281c9f4f" };
+ std::string incorrectId { "eb29745b8228e1e97c01b1d5c2554a319c00a94d8dd5746a3904222ad65a13f8" };
+ ASSERT_TRUE(devmapper_layer_exist(id.c_str(), &driver));
+ ASSERT_FALSE(devmapper_layer_exist(incorrectId.c_str(), &driver));
+}
+
+TEST_F(DriverDevmapperUnitTest, test_devmapper_create_rw)
+{
+ std::string id { "eb29745b8228e1e97c01b1d5c2554a319c00a94d8dd5746a3904222ad65a13f8" };
+ struct driver_create_opts *create_opts;
+
+ create_opts = (struct driver_create_opts *)util_common_calloc_s(sizeof(struct driver_create_opts));
+ ASSERT_NE(create_opts, nullptr);
+
+ create_opts->storage_opt = static_cast<json_map_string_string *>(util_common_calloc_s(sizeof(json_map_string_string)));
+ ASSERT_NE(create_opts->storage_opt, nullptr);
+ create_opts->storage_opt->keys = static_cast<char **>(util_common_calloc_s(sizeof(char *)));
+ create_opts->storage_opt->values = static_cast<char **>(util_common_calloc_s(sizeof(char *)));
+ create_opts->storage_opt->keys[0] = strdup("size");
+ create_opts->storage_opt->values[0] = strdup("10G");
+ create_opts->storage_opt->len = 1;
+
+ ASSERT_EQ(devmapper_create_rw(id.c_str(), nullptr, &driver, create_opts), 0);
+ ASSERT_TRUE(devmapper_layer_exist(id.c_str(), &driver));
+}
+
+TEST_F(DriverDevmapperUnitTest, test_devmapper_mount_layer)
+{
+ std::string id { "3d24ee258efc3bfe4066a1a9fb83febf6dc0b1548dfe896161533668281c9f4f" };
+ std::string merged_dir = "/tmp/isulad/data/devicemapper/mnt/" + id + "/rootfs";
+ struct driver_mount_opts *mount_opts = nullptr;
+ char* mount_dir = nullptr;
+
+ MOCK_SET(util_mount, 0);
+ mount_dir = devmapper_mount_layer(id.c_str(), &driver, mount_opts);
+ ASSERT_STREQ(mount_dir, merged_dir.c_str());
+ MOCK_CLEAR(util_mount);
+
+ MOCK_SET(umount2, 0);
+ ASSERT_EQ(devmapper_umount_layer(id.c_str(), &driver), 0);
+ MOCK_CLEAR(umount2);
+ free(mount_dir);
+ mount_dir = nullptr;
+
+ mount_opts = static_cast<struct driver_mount_opts *>(util_common_calloc_s(sizeof(struct driver_mount_opts)));
+ ASSERT_NE(mount_opts, nullptr);
+ mount_opts->options = static_cast<char **>(util_common_calloc_s(1 * sizeof(char *)));
+ mount_opts->options[0] = strdup("ro");
+ mount_opts->options_len = 1;
+
+ MOCK_SET(util_mount, 0);
+ mount_dir = devmapper_mount_layer(id.c_str(), &driver, mount_opts);
+ ASSERT_STREQ(mount_dir, merged_dir.c_str());
+ MOCK_CLEAR(util_mount);
+
+ MOCK_SET(umount2, 0);
+ ASSERT_EQ(devmapper_umount_layer(id.c_str(), &driver), 0);
+ MOCK_CLEAR(umount2);
+ free(mount_opts->mount_label);
+ util_free_array_by_len(mount_opts->options, mount_opts->options_len);
+ free(mount_opts);
+ free(mount_dir);
+}
+
+TEST_F(DriverDevmapperUnitTest, test_devmapper_get_layer_metadata)
+{
+ std::string id { "3d24ee258efc3bfe4066a1a9fb83febf6dc0b1548dfe896161533668281c9f4f" };
+ json_map_string_string *map_info = static_cast<json_map_string_string *>(util_common_calloc_s(sizeof(json_map_string_string)));
+
+ ASSERT_EQ(devmapper_get_layer_metadata(id.c_str(), &driver, map_info), 0);
+ ASSERT_EQ(map_info->len, 4);
+ ASSERT_STREQ(map_info->keys[0], "DeviceId");
+ ASSERT_STREQ(map_info->values[0], "4");
+ ASSERT_STREQ(map_info->keys[1], "DeviceSize");
+ ASSERT_STREQ(map_info->values[1], "10737418240");
+ ASSERT_STREQ(map_info->keys[2], "DeviceName");
+ ASSERT_STREQ(map_info->keys[3], "MergedDir");
+ ASSERT_STREQ(map_info->values[3], "/tmp/isulad/data/devicemapper/mnt/3d24ee258efc3bfe4066a1a9fb83febf6dc0b1548dfe896161533668281c9f4f/rootfs");
+
+ free_json_map_string_string(map_info);
+}
+
+TEST_F(DriverDevmapperUnitTest, test_devmapper_get_driver_status)
+{
+ struct graphdriver_status *status = static_cast<struct graphdriver_status *>(util_common_calloc_s(sizeof(struct graphdriver_status)));
+
+ EXPECT_CALL(m_libdevmapper_mock, DMUdevGetSyncSupport()).WillOnce(Return(1));
+
+ ASSERT_EQ(devmapper_get_driver_status(&driver, status), 0);
+ ASSERT_STREQ(status->driver_name, "devicemapper");
+ free(status->driver_name);
+ free(status->backing_fs);
+ free(status->status);
+ free(status);
+}
diff --git a/test/mocks/libdevmapper_mock.cc b/test/mocks/libdevmapper_mock.cc
new file mode 100644
index 00000000..7d6c8024
--- /dev/null
+++ b/test/mocks/libdevmapper_mock.cc
@@ -0,0 +1,191 @@
+/******************************************************************************
+ * Copyright (c) Huawei Technologies Co., Ltd. 2020. All rights reserved.
+ * iSulad licensed under the Mulan PSL v2.
+ * You can use this software according to the terms and conditions of the Mulan PSL v2.
+ * You may obtain a copy of Mulan PSL v2 at:
+ * http://license.coscl.org.cn/MulanPSL2
+ * THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR
+ * PURPOSE.
+ * See the Mulan PSL v2 for more details.
+ * Author: jikai
+ * Create: 2023-11-22
+ * Description: provide lib device mapper mock
+ ******************************************************************************/
+
+#include "libdevmapper_mock.h"
+
+namespace {
+MockLibdevmapper *g_libdevmapper_mock = nullptr;
+}
+
+void MockLibdevmapper_SetMock(MockLibdevmapper* mock)
+{
+ g_libdevmapper_mock = mock;
+}
+
+struct dm_task *dm_task_create(int type)
+{
+ if (g_libdevmapper_mock != nullptr) {
+ return g_libdevmapper_mock->DMTaskCreate(type);
+ }
+ return nullptr;
+}
+
+int dm_task_set_message(struct dm_task *dmt, const char *msg)
+{
+ if (g_libdevmapper_mock != nullptr) {
+ return g_libdevmapper_mock->DMTaskSetMessage(dmt, msg);
+ }
+ return 0;
+}
+
+int dm_task_set_sector(struct dm_task *dmt, uint64_t sector)
+{
+ if (g_libdevmapper_mock != nullptr) {
+ return g_libdevmapper_mock->DMTaskSetSector(dmt, sector);
+ }
+ return 0;
+}
+
+int dm_task_set_add_node(struct dm_task *dmt, dm_add_node_t add_node)
+{
+ if (g_libdevmapper_mock != nullptr) {
+ return g_libdevmapper_mock->DMTaskSetAddNode(dmt, add_node);
+ }
+ return 0;
+}
+
+int dm_task_add_target(struct dm_task *dmt, uint64_t start, uint64_t size, const char *ttype, const char *params)
+{
+ if (g_libdevmapper_mock != nullptr) {
+ return g_libdevmapper_mock->DMTaskAddTarget(dmt, start, size, ttype, params);
+ }
+ return 0;
+}
+
+int dm_set_dev_dir(const char *dir)
+{
+ if (g_libdevmapper_mock != nullptr) {
+ return g_libdevmapper_mock->DMSetDevDir(dir);
+ }
+ return 0;
+}
+
+int dm_task_set_name(struct dm_task *dmt, const char *name)
+{
+ if (g_libdevmapper_mock != nullptr) {
+ return g_libdevmapper_mock->DMTaskSetName(dmt, name);
+ }
+ return 0;
+}
+
+int dm_task_run(struct dm_task *dmt)
+{
+ if (g_libdevmapper_mock != nullptr) {
+ return g_libdevmapper_mock->DMTaskRun(dmt);
+ }
+ return 0;
+}
+
+int dm_task_get_driver_version(struct dm_task *dmt, char *version, size_t size)
+{
+ if (g_libdevmapper_mock != nullptr) {
+ return g_libdevmapper_mock->DMTaskGetDriverVersion(dmt, version, size);
+ }
+ return 0;
+}
+
+void dm_task_destroy(struct dm_task *dmt)
+{
+ if (g_libdevmapper_mock != nullptr) {
+ g_libdevmapper_mock->DMTaskDestroy(dmt);
+ }
+}
+
+int dm_get_library_version(char *version, size_t size)
+{
+ if (g_libdevmapper_mock != nullptr) {
+ return g_libdevmapper_mock->DMGetLibraryVersion(version, size);
+ }
+ return 0;
+}
+
+int dm_task_get_info(struct dm_task *dmt, struct dm_info *info)
+{
+ if (g_libdevmapper_mock != nullptr) {
+ return g_libdevmapper_mock->DMTaskGetInfo(dmt, info);
+ }
+ return 0;
+}
+
+void *dm_get_next_target(struct dm_task *dmt, void *next, uint64_t *start, uint64_t *length,
+ char **target_type, char **params)
+{
+ if (g_libdevmapper_mock != nullptr) {
+ return g_libdevmapper_mock->DMGetNextTarget(dmt, next, start, length, target_type, params);
+ }
+ return nullptr;
+}
+
+int dm_task_set_cookie(struct dm_task *dmt, uint32_t *cookie, uint16_t flags)
+{
+ if (g_libdevmapper_mock != nullptr) {
+ return g_libdevmapper_mock->DMTaskSetCookie(dmt, cookie, flags);
+ }
+ return 0;
+}
+
+int dm_udev_wait(uint32_t cookie)
+{
+ if (g_libdevmapper_mock != nullptr) {
+ return g_libdevmapper_mock->DMUdevWait(cookie);
+ }
+ return 0;
+}
+
+int dm_udev_complete(uint32_t cookie)
+{
+ if (g_libdevmapper_mock != nullptr) {
+ return g_libdevmapper_mock->DMUdevComplete(cookie);
+ }
+ return 0;
+}
+
+int dm_task_deferred_remove(struct dm_task *dmt)
+{
+ if (g_libdevmapper_mock != nullptr) {
+ return g_libdevmapper_mock->DMTaskDeferredRemove(dmt);
+ }
+ return 0;
+}
+
+struct dm_names *dm_task_get_names(struct dm_task *dmt)
+{
+ if (g_libdevmapper_mock != nullptr) {
+ return g_libdevmapper_mock->DMTaskGetNames(dmt);
+ }
+ return nullptr;
+}
+
+int dm_udev_get_sync_support(void)
+{
+ if (g_libdevmapper_mock != nullptr) {
+ return g_libdevmapper_mock->DMUdevGetSyncSupport();
+ }
+ return 0;
+}
+
+void dm_udev_set_sync_support(int sync_with_udev)
+{
+ if (g_libdevmapper_mock != nullptr) {
+ g_libdevmapper_mock->DMUdevSetSyncSupport(sync_with_udev);
+ }
+}
+
+void dm_log_with_errno_init(void log_cb(int level, const char *file, int line, int dm_errno_or_class, const char *f, ...))
+{
+ if (g_libdevmapper_mock != nullptr) {
+ g_libdevmapper_mock->DMLogWithErrnoInit(log_cb);
+ }
+}
diff --git a/test/mocks/libdevmapper_mock.h b/test/mocks/libdevmapper_mock.h
new file mode 100644
index 00000000..53c5ad4b
--- /dev/null
+++ b/test/mocks/libdevmapper_mock.h
@@ -0,0 +1,52 @@
+/******************************************************************************
+ * Copyright (c) Huawei Technologies Co., Ltd. 2020. All rights reserved.
+ * iSulad licensed under the Mulan PSL v2.
+ * You can use this software according to the terms and conditions of the Mulan PSL v2.
+ * You may obtain a copy of Mulan PSL v2 at:
+ * http://license.coscl.org.cn/MulanPSL2
+ * THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR
+ * PURPOSE.
+ * See the Mulan PSL v2 for more details.
+ * Author: jikai
+ * Create: 2023-11-22
+ * Description: provide lib device mapper mock
+ ******************************************************************************/
+
+#ifndef _ISULAD_TEST_MOCKS_DEVMAPPER_MOCK_H
+#define _ISULAD_TEST_MOCKS_DEVMAPPER_MOCK_H
+
+#include <gmock/gmock.h>
+
+#include <libdevmapper.h>
+
+class MockLibdevmapper {
+public:
+ virtual ~MockLibdevmapper() = default;
+ MOCK_METHOD1(DMTaskCreate, struct dm_task*(int type));
+ MOCK_METHOD2(DMTaskSetMessage, int(struct dm_task *dmt, const char *msg));
+ MOCK_METHOD2(DMTaskSetSector, int(struct dm_task *dmt, uint64_t sector));
+ MOCK_METHOD2(DMTaskSetAddNode, int(struct dm_task *dmt, dm_add_node_t add_node));
+ MOCK_METHOD5(DMTaskAddTarget, int(struct dm_task *dmt, uint64_t start, uint64_t size, const char *ttype, const char *params));
+ MOCK_METHOD1(DMSetDevDir, int(const char *dir));
+ MOCK_METHOD2(DMTaskSetName, int(struct dm_task *dmt, const char *name));
+ MOCK_METHOD1(DMTaskRun, int(struct dm_task *dmt));
+ MOCK_METHOD3(DMTaskGetDriverVersion, int(struct dm_task *dmt, char *version, size_t size));
+ MOCK_METHOD1(DMTaskDestroy, void(struct dm_task *dmt));
+ MOCK_METHOD2(DMGetLibraryVersion, int(char *version, size_t size));
+ MOCK_METHOD2(DMTaskGetInfo, int(struct dm_task *dmt, struct dm_info *info));
+ MOCK_METHOD6(DMGetNextTarget, void*(struct dm_task *dmt, void *next, uint64_t *start, uint64_t *length,
+ char **target_type, char **params));
+ MOCK_METHOD3(DMTaskSetCookie, int(struct dm_task *dmt, uint32_t *cookie, uint16_t flags));
+ MOCK_METHOD1(DMUdevWait, int(uint32_t cookie));
+ MOCK_METHOD1(DMUdevComplete, int(uint32_t cookie));
+ MOCK_METHOD1(DMTaskDeferredRemove, int(struct dm_task *dmt));
+ MOCK_METHOD1(DMTaskGetNames, struct dm_names *(struct dm_task *dmt));
+ MOCK_METHOD0(DMUdevGetSyncSupport, int(void));
+ MOCK_METHOD1(DMUdevSetSyncSupport, void(int sync_with_udev));
+ MOCK_METHOD1(DMLogWithErrnoInit, void(void log_cb(int level, const char *file, int line, int dm_errno_or_class, const char *f, ...)));
+};
+
+void MockLibdevmapper_SetMock(MockLibdevmapper* mock);
+
+#endif
--
2.42.0

46
0033-2275-bugfix-for-rt_lcr_rebuild_config.patch Normal file
View File

@ -0,0 +1,46 @@
From fa7356538c7f747a81aa3d0a511a662ee4345afe Mon Sep 17 00:00:00 2001
From: zhongtao <zhongtao17@huawei.com>
Date: Fri, 24 Nov 2023 08:33:45 +0000
Subject: [PATCH 33/64] !2275 bugfix for rt_lcr_rebuild_config * bugfix for
rt_lcr_rebuild_config
---
src/daemon/modules/runtime/engines/lcr/lcr_rt_ops.c | 8 +++++---
1 file changed, 5 insertions(+), 3 deletions(-)
diff --git a/src/daemon/modules/runtime/engines/lcr/lcr_rt_ops.c b/src/daemon/modules/runtime/engines/lcr/lcr_rt_ops.c
index 8f7211d7..44ecab5a 100644
--- a/src/daemon/modules/runtime/engines/lcr/lcr_rt_ops.c
+++ b/src/daemon/modules/runtime/engines/lcr/lcr_rt_ops.c
@@ -777,6 +777,7 @@ int rt_lcr_rebuild_config(const char *name, const char *runtime, const rt_rebuil
{
int ret = -1;
int nret = 0;
+ bool rebuild_success = false;
char config_file[PATH_MAX] = { 0 };
char bak_config_file[PATH_MAX] = { 0 };
char oci_config_file[PATH_MAX] = { 0 };
@@ -825,8 +826,8 @@ int rt_lcr_rebuild_config(const char *name, const char *runtime, const rt_rebuil
goto out;
}
- nret = engine_ops->engine_create_op(name, params->rootpath, (void *)oci_spec);
- if (nret != 0) {
+ rebuild_success = engine_ops->engine_create_op(name, params->rootpath, (void *)oci_spec);
+ if (!rebuild_success) {
// delete the invalid config file to prevent rename failed
if (util_fileself_exists(config_file) && util_path_remove(config_file) != 0) {
WARN("Failed to remove bak_config_file for container %s", name);
@@ -835,7 +836,8 @@ int rt_lcr_rebuild_config(const char *name, const char *runtime, const rt_rebuil
WARN("Failed to rename backup old config to config for container %s", name);
}
}
- ret = nret != 0 ? -1 : 0;
+ ret = rebuild_success ? 0 : -1;
+
out:
if (engine_ops != NULL && engine_ops->engine_clear_errmsg_op != NULL) {
engine_ops->engine_clear_errmsg_op();
--
2.42.0

25
0034-2277-remove-shim-v2-format-error-log.patch Normal file
View File

@ -0,0 +1,25 @@
From fe03c12676b8a48a2aede2d177f2cbcbdd68f930 Mon Sep 17 00:00:00 2001
From: jake <jikai11@huawei.com>
Date: Sat, 25 Nov 2023 03:34:01 +0000
Subject: [PATCH 34/64] !2277 remove shim v2 format error log * remove shim v2
format error log
---
src/daemon/modules/runtime/shim/shim_rt_ops.c | 1 -
1 file changed, 1 deletion(-)
diff --git a/src/daemon/modules/runtime/shim/shim_rt_ops.c b/src/daemon/modules/runtime/shim/shim_rt_ops.c
index 1bc9dc54..5066f804 100644
--- a/src/daemon/modules/runtime/shim/shim_rt_ops.c
+++ b/src/daemon/modules/runtime/shim/shim_rt_ops.c
@@ -115,7 +115,6 @@ bool is_valid_v2_runtime(const char* name)
parts_len = util_array_len((const char **)parts);
if (!(parts_len == 4 && strcmp(parts[0], "io") == 0 && strcmp(parts[1], "containerd") == 0)) {
- ERROR("ShimV2 runtime format is wrong");
util_free_array(parts);
return false;
}
--
2.42.0

26
0035-2276-bugfix-for-integration_check.sh.patch Normal file
View File

@ -0,0 +1,26 @@
From a2c565705f80f787e50ffc15db38ba367f517eb2 Mon Sep 17 00:00:00 2001
From: zhongtao <zhongtao17@huawei.com>
Date: Sat, 25 Nov 2023 03:34:50 +0000
Subject: [PATCH 35/64] !2276 bugfix for integration_check.sh * bugfix for
integration_check.sh
---
CI/test_cases/image_cases/integration_check.sh | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/CI/test_cases/image_cases/integration_check.sh b/CI/test_cases/image_cases/integration_check.sh
index e43369e3..6ec3ab52 100755
--- a/CI/test_cases/image_cases/integration_check.sh
+++ b/CI/test_cases/image_cases/integration_check.sh
@@ -65,7 +65,7 @@ function test_image_info()
echo "xxx:11" >> ${change_file}
sed -i 's#image-layer-check": false#image-layer-check": true#g' /etc/isulad/daemon.json
- pkill -9 isulad
+ kill -9 $(pidof isulad)
start_isulad_with_valgrind
isula ps -a | grep ${cid}
--
2.42.0

40
0036-modify-create_network.sh-for-default-runtime-changed.patch Normal file
View File

@ -0,0 +1,40 @@
From e422c6cf725240dea80e1c51ba21cae8ee6641c6 Mon Sep 17 00:00:00 2001
From: zhongtao <zhongtao17@huawei.com>
Date: Sat, 25 Nov 2023 18:21:56 +0800
Subject: [PATCH 36/64] modify create_network.sh for default runtime changed
Signed-off-by: zhongtao <zhongtao17@huawei.com>
---
CI/test_cases/container_cases/create_network.sh | 2 +-
CI/test_cases/helpers.sh | 2 ++
2 files changed, 3 insertions(+), 1 deletion(-)
diff --git a/CI/test_cases/container_cases/create_network.sh b/CI/test_cases/container_cases/create_network.sh
index 470bda70..5bafbc60 100755
--- a/CI/test_cases/container_cases/create_network.sh
+++ b/CI/test_cases/container_cases/create_network.sh
@@ -37,7 +37,7 @@ function test_network_param()
msg_info "${test} starting..."
- root="`isula info | grep 'iSulad Root Dir' | awk -F ':' '{print $2}'`/engines/lcr"
+ root="`isula info | grep 'iSulad Root Dir' | awk -F ':' '{print $2}'`/engines/$DEFAULT_RUNTIME"
isula pull ${image}
[[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - failed to pull image: ${image}" && return ${FAILURE}
diff --git a/CI/test_cases/helpers.sh b/CI/test_cases/helpers.sh
index f3eeb54d..c5eba8a2 100755
--- a/CI/test_cases/helpers.sh
+++ b/CI/test_cases/helpers.sh
@@ -29,6 +29,8 @@ ISULAD_RUN_ROOT_PATH="/var/run/isulad"
RUNTIME_LIST=(lcr runc)
+DEFAULT_RUNTIME=runc
+
testcase_data="/tmp/testcases_data"
enable_native_network=0
--
2.42.0

141
0037-modify-the-container-runtime-when-running-embedded.s.patch Normal file
View File

@ -0,0 +1,141 @@
From 8e4b6eceeb117fc90b5b638329f8888e43d3f442 Mon Sep 17 00:00:00 2001
From: zhongtao <zhongtao17@huawei.com>
Date: Mon, 27 Nov 2023 17:21:15 +0800
Subject: [PATCH 37/64] modify the container runtime when running embedded.sh
Signed-off-by: zhongtao <zhongtao17@huawei.com>
---
CI/test_cases/image_cases/embedded.sh | 30 +++++++++++++--------------
1 file changed, 15 insertions(+), 15 deletions(-)
diff --git a/CI/test_cases/image_cases/embedded.sh b/CI/test_cases/image_cases/embedded.sh
index cdc75e50..a1d4c37a 100755
--- a/CI/test_cases/image_cases/embedded.sh
+++ b/CI/test_cases/image_cases/embedded.sh
@@ -81,14 +81,14 @@ function test_run_image()
{
local ret=0
- isula run -t -n embedded_test1 nonexistentname1:v1 /bin/sh
+ isula run --runtime lcr -t -n embedded_test1 nonexistentname1:v1 /bin/sh
[[ $? -eq 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - run nonexistent image should failed" && ((ret++))
isula load -i "$embedded_manifest" -t embedded
[[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - load embedded image failed" && ((ret++))
# run container based on embedded image
- isula run --name embedded_test1 test:v1 ls /home/home/home
+ isula run --runtime lcr --name embedded_test1 test:v1 ls /home/home/home
[[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - run embedded image failed" && ((ret++))
# delete container based on embedded image
@@ -96,7 +96,7 @@ function test_run_image()
[[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - delete container based on embedded image failed" && ((ret++))
# test image's env
- isula run --name embedded_test1 test:v1 /bin/sh -c "echo \$c | grep \"d e\""
+ isula run --runtime lcr --name embedded_test1 test:v1 /bin/sh -c "echo \$c | grep \"d e\""
[[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - test image's env failed" && ((ret++))
# delete container based on embedded image
@@ -119,7 +119,7 @@ function test_mount()
[[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - load embedded imagefailed" && ((ret++))
# run --mount
- isula run --mount type=bind,src="$embedded_basedir",dst=/usr,ro=true,bind-propagation=rprivate --name embedded_test2 test:v1 true
+ isula run --runtime lcr --mount type=bind,src="$embedded_basedir",dst=/usr,ro=true,bind-propagation=rprivate --name embedded_test2 test:v1 true
[[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - run --mount failed" && ((ret++))
testcontainer embedded_test2 exited
@@ -127,25 +127,25 @@ function test_mount()
isula rm embedded_test2
# test invalid mode
- isula run --mount type=bind,src="$embedded_basedir",dst=/usr,ro=invalid --name embedded_test2 test:v1 true
+ isula run --runtime lcr --mount type=bind,src="$embedded_basedir",dst=/usr,ro=invalid --name embedded_test2 test:v1 true
[[ $? -eq 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - invalid mode should failed" && ((ret++))
isula rm embedded_test2
# test invalid bind propagation mode
- isula run --mount type=bind,src="$embedded_basedir",dst=/usr,bind-propagation=invalid --name embedded_test2 test:v1 true
+ isula run --runtime lcr --mount type=bind,src="$embedded_basedir",dst=/usr,bind-propagation=invalid --name embedded_test2 test:v1 true
[[ $? -eq 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - invalid bind propagation mode should failed" && ((ret++))
isula rm embedded_test2
# test source not exist
- isula run --mount type=bind,src=abcdefg/notexist,dst=/usr --name embedded_test2 test:v1 true
+ isula run --runtime lcr --mount type=bind,src=abcdefg/notexist,dst=/usr --name embedded_test2 test:v1 true
[[ $? -eq 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - invalid source not exist should failed" && ((ret++))
isula rm embedded_test2
# test source not a regular file
- isula run --mount type=squashfs,src=/tmp,dst=/usr --name embedded_test2 test:v1 true
+ isula run --runtime lcr --mount type=squashfs,src=/tmp,dst=/usr --name embedded_test2 test:v1 true
[[ $? -eq 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - source not a regular file should failed" && ((ret++))
isula rm embedded_test2
@@ -153,7 +153,7 @@ function test_mount()
# test path //tmp/test
mkdir -p /tmp/test_mount
mkdir -p /tmp/test_mount1/test
- isula run -v /tmp/test_mount:/tmp --mount type=bind,src=/tmp/test_mount1,dst=//tmp/test_mount1,ro=true,bind-propagation=rprivate --name embedded_test2 test:v1 ls /tmp/test_mount1/test
+ isula run --runtime lcr -v /tmp/test_mount:/tmp --mount type=bind,src=/tmp/test_mount1,dst=//tmp/test_mount1,ro=true,bind-propagation=rprivate --name embedded_test2 test:v1 ls /tmp/test_mount1/test
[[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - test path //tmp/test failed" && ((ret++))
isula rm embedded_test2
@@ -186,7 +186,7 @@ function test_query_image()
[[ $? -eq 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - inspect nonexist item should failed" && ((ret++))
# test inspect container, it should conatainer image info
- isula run --name embedded_inspect test:v1 ls /home/home/home
+ isula run --runtime lcr --name embedded_inspect test:v1 ls /home/home/home
[[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - run container for inspect failed" && ((ret++))
isula inspect -f '{{json .Image}}' embedded_inspect
@@ -437,19 +437,19 @@ function test_entrypoint()
[[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - load embedded image failed" && ((ret++))
# test image's entrypoint
- isula run --name embedded_entrypoint1 test:v1
+ isula run --runtime lcr --name embedded_entrypoint1 test:v1
[[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - test image's entrypoint failed" && ((ret++))
isula rm embedded_entrypoint1
# test image's entrypoint with cmds
- isula run --name embedded_entrypoint1 test:v1 /bin
+ isula run --runtime lcr --name embedded_entrypoint1 test:v1 /bin
[[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - test image's entrypoint with cmds failed" && ((ret++))
isula rm embedded_entrypoint1
# test image's entrypoint override image's entrypoint
- isula run --entrypoint=/bin/ls --name embedded_entrypoint1 test:v1 /bin
+ isula run --runtime lcr --entrypoint=/bin/ls --name embedded_entrypoint1 test:v1 /bin
[[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - test image's entrypoint override image's entrypoint failed" && ((ret++))
isula rm embedded_entrypoint1
@@ -464,7 +464,7 @@ function test_entrypoint()
isula load -i "$embedded_manifest_invalid" -t embedded
[[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - test entrypoint with variable failed" && ((ret++))
- isula run -e env_id=me --name embedded_entrypoint1 test:v1
+ isula run --runtime lcr -e env_id=me --name embedded_entrypoint1 test:v1
[[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - test run embedded image with env failed" && ((ret++))
isula rm embedded_entrypoint1
@@ -519,7 +519,7 @@ function test_symbolic()
[[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - load embedded image failed" && ((ret++))
# run container based on embedded image
- isula run --name embedded_test_symbolic test:v1 ls /home/home/home
+ isula run --runtime lcr --name embedded_test_symbolic test:v1 ls /home/home/home
[[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - run container based on embedded image failed" && ((ret++))
isula rm embedded_test_symbolic
--
2.42.0

68
0038-save-sandbox-to-disk-after-network-ready.patch Normal file
View File

@ -0,0 +1,68 @@
From e33b7915d9ef5092252bc3ce5d93fbde74d73990 Mon Sep 17 00:00:00 2001
From: jikai <jikai11@huawei.com>
Date: Mon, 27 Nov 2023 15:09:39 +0800
Subject: [PATCH 38/64] save sandbox to disk after network ready
Signed-off-by: jikai <jikai11@huawei.com>
---
.../cri/v1/v1_cri_pod_sandbox_manager_service.cc | 13 ++++++++++---
src/daemon/sandbox/sandbox.cc | 6 ------
2 files changed, 10 insertions(+), 9 deletions(-)
diff --git a/src/daemon/entry/cri/v1/v1_cri_pod_sandbox_manager_service.cc b/src/daemon/entry/cri/v1/v1_cri_pod_sandbox_manager_service.cc
index 0f6b8508..a0c45111 100644
--- a/src/daemon/entry/cri/v1/v1_cri_pod_sandbox_manager_service.cc
+++ b/src/daemon/entry/cri/v1/v1_cri_pod_sandbox_manager_service.cc
@@ -358,14 +358,21 @@ auto PodSandboxManagerService::RunPodSandbox(const runtime::v1::PodSandboxConfig
goto cleanup_sandbox;
}
- // Step 8: Call sandbox create.
+ // Step 8: Save sandbox to disk
+ sandbox->Save(error);
+ if (error.NotEmpty()) {
+ ERROR("Failed to save sandbox, %s", sandboxName.c_str());
+ goto cleanup_network;
+ }
+
+ // Step 9: Call sandbox create.
sandbox->Create(error);
if (error.NotEmpty()) {
ERROR("Failed to create sandbox: %s", sandboxName.c_str());
goto cleanup_network;
}
- // Step 9: Save network settings json to disk
+ // Step 10: Save network settings json to disk
// Update network settings before start sandbox since sandbox container will use the sandbox key
if (namespace_is_cni(networkMode.c_str())) {
Errors tmpErr;
@@ -376,7 +383,7 @@ auto PodSandboxManagerService::RunPodSandbox(const runtime::v1::PodSandboxConfig
}
}
- // Step 10: Call sandbox start.
+ // Step 11: Call sandbox start.
sandbox->Start(error);
if (error.NotEmpty()) {
ERROR("Failed to start sandbox: %s", sandboxName.c_str());
diff --git a/src/daemon/sandbox/sandbox.cc b/src/daemon/sandbox/sandbox.cc
index b1832265..9fe9fa48 100644
--- a/src/daemon/sandbox/sandbox.cc
+++ b/src/daemon/sandbox/sandbox.cc
@@ -599,12 +599,6 @@ void Sandbox::PrepareSandboxDirs(Errors &error)
goto out;
}
- if (!Save(error)) {
- error.Errorf("Failed to save sandbox, %s", m_id.c_str());
- ERROR("Failed to save sandbox, %s", m_id.c_str());
- goto out;
- }
-
umask(mask);
return;
--
2.42.0

153
0039-fix-the-problem-of-abnormal-branches-not-waiting-for.patch Normal file
View File

@ -0,0 +1,153 @@
From b26654a73694c20fcd895b3b93ad5d42a1d5b3fb Mon Sep 17 00:00:00 2001
From: zhongtao <zhongtao17@huawei.com>
Date: Mon, 27 Nov 2023 14:52:43 +0800
Subject: [PATCH 39/64] fix the problem of abnormal branches not waiting for
child processes
Signed-off-by: zhongtao <zhongtao17@huawei.com>
---
src/cmd/isulad-shim/common.c | 6 +++---
src/cmd/isulad-shim/process.c | 14 ++++++++------
src/daemon/modules/runtime/isula/isula_rt_ops.c | 16 ++++++++++------
src/daemon/modules/runtime/shim/shim_rt_ops.c | 15 +++++++++------
4 files changed, 30 insertions(+), 21 deletions(-)
diff --git a/src/cmd/isulad-shim/common.c b/src/cmd/isulad-shim/common.c
index 48d266dc..3cc7d2a7 100644
--- a/src/cmd/isulad-shim/common.c
+++ b/src/cmd/isulad-shim/common.c
@@ -126,12 +126,12 @@ int cmd_combined_output(const char *binary, const char *params[], void *output,
}
*output_len = isula_file_read_nointr(stdio[0], output, BUFSIZ - 1);
- close(stdio[0]);
- close(exec_fd[0]);
- wait(&status);
ret = SHIM_OK;
out:
+ close(stdio[0]);
+ close(exec_fd[0]);
+ wait(&status);
if (ret != SHIM_OK) {
kill(pid, 9);
}
diff --git a/src/cmd/isulad-shim/process.c b/src/cmd/isulad-shim/process.c
index 187067d2..e8cb9b32 100644
--- a/src/cmd/isulad-shim/process.c
+++ b/src/cmd/isulad-shim/process.c
@@ -1472,7 +1472,7 @@ static void exec_runtime_process(process_t *p, int exec_fd)
const char *params[MAX_RUNTIME_ARGS] = { 0 };
get_runtime_cmd(p, log_path, pid_path, process_desc, params);
execvp(p->runtime, (char * const *)params);
- (void)dprintf(exec_fd, "fork/exec error: %s", strerror(errno));
+ (void)dprintf(exec_fd, "run process: %s error: %s", p->runtime, strerror(errno));
_exit(EXIT_FAILURE);
}
@@ -1510,11 +1510,6 @@ int create_process(process_t *p)
close_fd(&p->stdio->resize);
}
nread = isula_file_read_nointr(exec_fd[0], exec_buff, sizeof(exec_buff) - 1);
- if (nread > 0) {
- write_message(ERR_MSG, "runtime error");
- ret = SHIM_ERR;
- goto out;
- }
/* block to wait runtime pid exit */
ret = waitpid(pid, NULL, 0);
@@ -1524,6 +1519,13 @@ int create_process(process_t *p)
goto out;
}
+ // if an error occurs in exec_runtime_process, jump directly to the out branch after waitpid.
+ if (nread > 0) {
+ write_message(ERR_MSG, "%s", exec_buff);
+ ret = SHIM_ERR;
+ goto out;
+ }
+
/* save runtime pid */
data = read_text_file("pid");
if (data == NULL) {
diff --git a/src/daemon/modules/runtime/isula/isula_rt_ops.c b/src/daemon/modules/runtime/isula/isula_rt_ops.c
index 859356e5..5d7ae500 100644
--- a/src/daemon/modules/runtime/isula/isula_rt_ops.c
+++ b/src/daemon/modules/runtime/isula/isula_rt_ops.c
@@ -906,17 +906,13 @@ realexec:
}
execvp(SHIM_BINARY, (char * const *)params);
- (void)dprintf(shim_stderr_pipe[1], "exec failed: %s", strerror(errno));
+ (void)dprintf(shim_stderr_pipe[1], "run process: %s failed: %s", SHIM_BINARY, strerror(errno));
+ exit(EXIT_FAILURE);
}
close(shim_stderr_pipe[1]);
close(shim_stdout_pipe[1]);
num = util_read_nointr(shim_stderr_pipe[0], exec_buff, sizeof(exec_buff) - 1);
- if (num > 0) {
- ERROR("Exec failed: %s", exec_buff);
- ret = -1;
- goto out;
- }
status = util_wait_for_pid_status(pid);
if (status < 0) {
@@ -925,6 +921,14 @@ realexec:
goto out;
}
+ // if failed to exec, jump directly to the out branch after waitpid.
+ if (num > 0) {
+ ERROR("%s", exec_buff);
+ isulad_set_error_message("%s", exec_buff);
+ ret = -1;
+ goto out;
+ }
+
*shim_exit_code = status_to_exit_code(status);
if (*shim_exit_code != 0) {
ERROR("Isulad-shim exit error");
diff --git a/src/daemon/modules/runtime/shim/shim_rt_ops.c b/src/daemon/modules/runtime/shim/shim_rt_ops.c
index 5066f804..81daf224 100644
--- a/src/daemon/modules/runtime/shim/shim_rt_ops.c
+++ b/src/daemon/modules/runtime/shim/shim_rt_ops.c
@@ -251,17 +251,13 @@ static int shim_bin_v2_create(const char *runtime, const char *id, const char *w
}
execvp(binary, (char * const *)params);
- (void)dprintf(exec_fd[1], "exec failed: %s", strerror(errno));
+ (void)dprintf(exec_fd[1], "run process: %s failed: %s", binary, strerror(errno));
exit(EXIT_FAILURE);
}
close(exec_fd[1]);
exec_fd[1] = -1;
- if (util_read_nointr(exec_fd[0], exec_buff, sizeof(exec_buff) - 1) > 0) {
- ERROR("exec failed: %s", exec_buff);
- ret = -1;
- goto out;
- }
+ nret = util_read_nointr(exec_fd[0], exec_buff, sizeof(exec_buff) - 1);
close(exec_fd[0]);
exec_fd[0] = -1;
@@ -272,6 +268,13 @@ static int shim_bin_v2_create(const char *runtime, const char *id, const char *w
goto out;
}
+ // if failed to exec, jump directly to the out branch after waitpid.
+ if (nret > 0) {
+ ERROR("%s", exec_buff);
+ ret = -1;
+ goto out;
+ }
+
status = status_to_exit_code(status);
close(out_fd[1]);
--
2.42.0

62
0040-remove-embedded-image-support-in-readme.patch Normal file
View File

@ -0,0 +1,62 @@
From 6f9661d7e12e22ff4eeb76647cbe862c5fe7e18d Mon Sep 17 00:00:00 2001
From: zhongtao <zhongtao17@huawei.com>
Date: Mon, 27 Nov 2023 20:50:33 +0800
Subject: [PATCH 40/64] remove embedded image support in readme
Signed-off-by: zhongtao <zhongtao17@huawei.com>
---
README.md | 6 +-----
README_zh.md | 6 +-----
2 files changed, 2 insertions(+), 10 deletions(-)
diff --git a/README.md b/README.md
index e7949dee..970b6e72 100644
--- a/README.md
+++ b/README.md
@@ -32,7 +32,7 @@ kata-runtime start secure containers with lightweight virtual machines.
### Image
-`iSulad` supports multiple image formats, including OCI, external rootfs and embedded image.
+`iSulad` supports multiple image formats, including OCI and external rootfs.
#### OCI
@@ -42,10 +42,6 @@ OCI is a docker-compatible image format that supports pulling images and running
External rootfs allows users to prepare a bootable `root fs` directory, which is mainly used in system container scenarios.
-#### embedded image
-
-Embedded image is a unique embedded image format of `iSulad`, which occupies low resources and is mainly used in embedded application scenarios.
-
### Operation Interface
`iSulad` provides two different interfaces for image and container management operations: CLI and CRI.
diff --git a/README_zh.md b/README_zh.md
index 1c4dff4f..5db28f3a 100755
--- a/README_zh.md
+++ b/README_zh.md
@@ -32,7 +32,7 @@ kata-runtime是一个安全容器runtime用于启动安全容器时使用。
### Image
-`iSulad`支持多种镜像格式包括OCI标准镜像格式、external rootfs镜像格式和embedded image镜像格式。
+`iSulad`支持多种镜像格式包括OCI标准镜像格式和external rootfs镜像格式。
#### OCI
@@ -42,10 +42,6 @@ OCI标准镜像格式是与docker兼容的镜像格式支持从远程镜像
external rootfs镜像格式允许用户自行准备可启动的`root fs`目录,主要用于系统容器场景。
-#### embedded image
-
-embedded image镜像格式是`iSulad`特有的嵌入式镜像格式,占用资源低,主要用于嵌入式应用场景。
-
### Operation Interface
`iSulad`提供两种不同的镜像和容器管理操作接口分别为CLI和CRI。
--
2.42.0

392
0041-Acquire-system-info-in-on-demand.patch Normal file
View File

@ -0,0 +1,392 @@
From 13bc364cb5d8c03b701dde2b2811be84ee608e92 Mon Sep 17 00:00:00 2001
From: xuxuepeng <xuxuepeng1@huawei.com>
Date: Fri, 24 Nov 2023 14:18:32 +0800
Subject: [PATCH 41/64] Acquire system info in on demand
Signed-off-by: xuxuepeng <xuxuepeng1@huawei.com>
---
src/cmd/isulad/main.c | 2 --
src/daemon/common/sysinfo.c | 10 +-----
src/daemon/common/sysinfo.h | 6 ++++
.../executor/container_cb/execution_create.c | 32 +++++++++----------
.../executor/container_cb/execution_extend.c | 9 +++++-
src/daemon/modules/spec/verify.c | 32 ++++++++-----------
src/daemon/modules/spec/verify.h | 5 +--
test/mocks/sysinfo_mock.cc | 8 +++++
test/mocks/sysinfo_mock.h | 1 +
test/mocks/verify_mock.cc | 4 +--
test/mocks/verify_mock.h | 2 +-
11 files changed, 60 insertions(+), 51 deletions(-)
diff --git a/src/cmd/isulad/main.c b/src/cmd/isulad/main.c
index 5b971a72..95454e2a 100644
--- a/src/cmd/isulad/main.c
+++ b/src/cmd/isulad/main.c
@@ -1765,8 +1765,6 @@ int main(int argc, char **argv)
update_isulad_rlimits();
- (void)get_sys_info(true);
-
clock_gettime(CLOCK_MONOTONIC, &t_start);
if (pre_init_daemon(argc, argv) != 0) {
diff --git a/src/daemon/common/sysinfo.c b/src/daemon/common/sysinfo.c
index 39338925..28665834 100644
--- a/src/daemon/common/sysinfo.c
+++ b/src/daemon/common/sysinfo.c
@@ -19,7 +19,6 @@
#include <errno.h>
#include <sys/sysinfo.h>
-#include <isula_libutils/auto_cleanup.h>
#include <isula_libutils/log.h>
#include "err_msg.h"
@@ -30,8 +29,6 @@
#define etcOsRelease "/etc/os-release"
#define altOsRelease "/usr/lib/os-release"
-static sysinfo_t *g_sysinfo = NULL;
-
static char *get_pagesize(const char *pline)
{
size_t headlen;
@@ -382,10 +379,6 @@ sysinfo_t *get_sys_info(bool quiet)
sysinfo_t *sysinfo = NULL;
int ret = 0;
- if (g_sysinfo != NULL) {
- return g_sysinfo;
- }
-
sysinfo = util_common_calloc_s(sizeof(sysinfo_t));
if (sysinfo == NULL) {
ERROR("Out of memory");
@@ -413,7 +406,6 @@ sysinfo_t *get_sys_info(bool quiet)
if (ret != 0) {
goto out;
}
- g_sysinfo = sysinfo;
out:
if (ret != 0) {
free_sysinfo(sysinfo);
@@ -577,7 +569,7 @@ char *sysinfo_cgroup_controller_cpurt_mnt_path(void)
__isula_auto_free char *mnt = NULL;
__isula_auto_free char *root = NULL;
char fpath[PATH_MAX] = { 0 };
- sysinfo_t *sysinfo = NULL;
+ __isula_auto_sysinfo_t sysinfo_t *sysinfo = NULL;
sysinfo = get_sys_info(true);
if (sysinfo == NULL) {
diff --git a/src/daemon/common/sysinfo.h b/src/daemon/common/sysinfo.h
index 363576a9..cb44d1c5 100644
--- a/src/daemon/common/sysinfo.h
+++ b/src/daemon/common/sysinfo.h
@@ -21,6 +21,7 @@ extern "C" {
#include <stdbool.h>
#include <stdint.h>
+#include <isula_libutils/auto_cleanup.h>
#include "cgroup.h"
@@ -96,6 +97,11 @@ void free_mounts_info(mountinfo_t **minfos);
char *sysinfo_cgroup_controller_cpurt_mnt_path(void);
+// define auto free function callback for sysinfo_t
+define_auto_cleanup_callback(free_sysinfo, sysinfo_t)
+// define auto free macro for sysinfo_t
+#define __isula_auto_sysinfo_t auto_cleanup_tag(free_sysinfo)
+
#ifdef __cplusplus
}
#endif
diff --git a/src/daemon/executor/container_cb/execution_create.c b/src/daemon/executor/container_cb/execution_create.c
index 6b6c3b75..ca2a9163 100644
--- a/src/daemon/executor/container_cb/execution_create.c
+++ b/src/daemon/executor/container_cb/execution_create.c
@@ -145,7 +145,7 @@ static int merge_external_rootfs_to_host_config(host_config *host_spec, const ch
return 0;
}
-static host_config *get_host_spec(const container_create_request *request)
+static host_config *get_host_spec(const container_create_request *request, const sysinfo_t *sysinfo)
{
host_config *host_spec = NULL;
@@ -158,7 +158,7 @@ static host_config *get_host_spec(const container_create_request *request)
goto error_out;
}
- if (verify_host_config_settings(host_spec, false)) {
+ if (verify_host_config_settings(host_spec, sysinfo, false)) {
ERROR("Failed to verify host config settings");
goto error_out;
}
@@ -1109,17 +1109,9 @@ static int preparate_runtime_environment(const container_create_request *request
return 0;
}
-static int adapt_host_spec(host_config *host_spec)
+static int adapt_host_spec(host_config *host_spec, const sysinfo_t *sysinfo)
{
int ret = 0;
- sysinfo_t *sysinfo = NULL;
-
- sysinfo = get_sys_info(true);
- if (sysinfo == NULL) {
- ERROR("Can not get system info");
- ret = -1;
- goto out;
- }
if (host_spec->memory > 0 && host_spec->memory_swap == 0 && sysinfo->cgmeminfo.swap) {
if (host_spec->memory > (INT64_MAX / 2)) {
@@ -1136,14 +1128,14 @@ out:
}
static int get_basic_spec(const container_create_request *request, host_config **host_spec,
- container_config **container_spec)
+ container_config **container_spec, const sysinfo_t *sysinfo)
{
- *host_spec = get_host_spec(request);
+ *host_spec = get_host_spec(request, sysinfo);
if (*host_spec == NULL) {
return -1;
}
- if (adapt_host_spec(*host_spec) != 0) {
+ if (adapt_host_spec(*host_spec, sysinfo) != 0) {
return -1;
}
@@ -1393,6 +1385,7 @@ int container_create_cb(const container_create_request *request, container_creat
int ret = 0;
bool skip_id_name_manage = false;
bool skip_sandbox_key_manage = false;
+ __isula_auto_sysinfo_t sysinfo_t *sysinfo = NULL;
DAEMON_CLEAR_ERRMSG();
@@ -1413,7 +1406,14 @@ int container_create_cb(const container_create_request *request, container_creat
goto clean_nameindex;
}
- if (get_basic_spec(request, &host_spec, &container_spec) != 0) {
+ sysinfo = get_sys_info(true);
+ if (sysinfo == NULL) {
+ ERROR("Failed to get system info");
+ cc = ISULAD_ERR_EXEC;
+ goto clean_nameindex;
+ }
+
+ if (get_basic_spec(request, &host_spec, &container_spec, sysinfo) != 0) {
cc = ISULAD_ERR_INPUT;
goto clean_container_root_dir;
}
@@ -1540,7 +1540,7 @@ int container_create_cb(const container_create_request *request, container_creat
goto clean_netns;
}
- if (verify_container_settings(oci_spec) != 0) {
+ if (verify_container_settings(oci_spec, sysinfo) != 0) {
ERROR("Failed to verify container settings");
cc = ISULAD_ERR_EXEC;
goto umount_channel;
diff --git a/src/daemon/executor/container_cb/execution_extend.c b/src/daemon/executor/container_cb/execution_extend.c
index de017b4e..25ec5d3b 100644
--- a/src/daemon/executor/container_cb/execution_extend.c
+++ b/src/daemon/executor/container_cb/execution_extend.c
@@ -1110,8 +1110,15 @@ static int update_host_config_check(container_t *cont, host_config *hostconfig)
{
int ret = 0;
const char *id = cont->common_config->id;
+ __isula_auto_sysinfo_t sysinfo_t *sysinfo = NULL;
- ret = verify_host_config_settings(hostconfig, true);
+ sysinfo = get_sys_info(true);
+ if (sysinfo == NULL) {
+ ERROR("Failed to get system info for updating container %s", id);
+ return -1;
+ }
+
+ ret = verify_host_config_settings(hostconfig, sysinfo, true);
if (ret != 0) {
return -1;
}
diff --git a/src/daemon/modules/spec/verify.c b/src/daemon/modules/spec/verify.c
index 2a8b3259..b9e3c606 100644
--- a/src/daemon/modules/spec/verify.c
+++ b/src/daemon/modules/spec/verify.c
@@ -41,7 +41,6 @@
#include "constants.h"
#include "err_msg.h"
#include "isula_libutils/log.h"
-#include "sysinfo.h"
#include "selinux_label.h"
#include "image_api.h"
#include "utils.h"
@@ -1614,16 +1613,13 @@ out:
}
/* verify container settings */
-int verify_container_settings(const oci_runtime_spec *container)
+int verify_container_settings(const oci_runtime_spec *container, const sysinfo_t *sysinfo)
{
int ret = 0;
- sysinfo_t *sysinfo = NULL;
- sysinfo = get_sys_info(true);
- if (sysinfo == NULL) {
- ERROR("Can not get system info");
- ret = -1;
- goto out;
+ if (container == NULL || sysinfo == NULL) {
+ ERROR("Invalid input arguments for verifying container settings");
+ return -1;
}
if (!util_valid_host_name(container->hostname)) {
@@ -1987,16 +1983,9 @@ static int host_config_settings_restart_policy(const host_config *hostconfig)
return verify_restart_policy_name(rp, hostconfig);
}
-static int host_config_settings_with_sysinfo(host_config *hostconfig, bool update)
+static int host_config_settings_with_sysinfo(host_config *hostconfig, const sysinfo_t *sysinfo, bool update)
{
int ret = 0;
- sysinfo_t *sysinfo = NULL;
-
- sysinfo = get_sys_info(true);
- if (sysinfo == NULL) {
- ERROR("Can not get system info");
- return -1;
- }
ret = verify_host_config_hugetlbs(sysinfo, &(hostconfig->hugetlbs), &(hostconfig->hugetlbs_len));
if (ret != 0) {
@@ -2055,7 +2044,7 @@ out:
}
/* verify host config settings */
-int verify_host_config_settings(host_config *hostconfig, bool update)
+int verify_host_config_settings(host_config *hostconfig, const sysinfo_t *sysinfo, bool update)
{
int ret = 0;
#ifdef ENABLE_USERNS_REMAP
@@ -2066,6 +2055,13 @@ int verify_host_config_settings(host_config *hostconfig, bool update)
goto out;
}
+ if (sysinfo == NULL) {
+ ERROR("Invalid sysinfo for verifying host config settings");
+ isulad_set_error_message("Invalid sysinfo for verifying host config settings");
+ ret = -1;
+ goto out;
+ }
+
#ifdef ENABLE_USERNS_REMAP
if (userns_remap != NULL && hostconfig->user_remap != NULL) {
ERROR("invalid --user-remap command option, daemon already configed --userns-remap");
@@ -2081,7 +2077,7 @@ int verify_host_config_settings(host_config *hostconfig, bool update)
goto out;
}
- ret = host_config_settings_with_sysinfo(hostconfig, update);
+ ret = host_config_settings_with_sysinfo(hostconfig, sysinfo, update);
if (ret != 0) {
goto out;
}
diff --git a/src/daemon/modules/spec/verify.h b/src/daemon/modules/spec/verify.h
index 21e8fba8..0224f9fb 100644
--- a/src/daemon/modules/spec/verify.h
+++ b/src/daemon/modules/spec/verify.h
@@ -20,18 +20,19 @@
#include "isula_libutils/oci_runtime_spec.h"
#include "isula_libutils/host_config.h"
#include "isula_libutils/container_config.h"
+#include "sysinfo.h"
#ifdef __cplusplus
extern "C" {
#endif
-int verify_container_settings(const oci_runtime_spec *container);
+int verify_container_settings(const oci_runtime_spec *container, const sysinfo_t *sysinfo);
int verify_oci_hook(const oci_runtime_spec_hooks *h);
int verify_container_settings_start(const oci_runtime_spec *oci_spec);
-int verify_host_config_settings(host_config *hostconfig, bool update);
+int verify_host_config_settings(host_config *hostconfig, const sysinfo_t *sysinfo, bool update);
int verify_container_config(const container_config *container_spec, const char *runtime);
diff --git a/test/mocks/sysinfo_mock.cc b/test/mocks/sysinfo_mock.cc
index f9abc786..d8f33f84 100644
--- a/test/mocks/sysinfo_mock.cc
+++ b/test/mocks/sysinfo_mock.cc
@@ -63,6 +63,14 @@ char *validate_hugetlb(const char *pagesize, uint64_t limit)
return nullptr;
}
+sysinfo_t *get_sys_info(bool quiet)
+{
+ if (g_sysinfo_mock != nullptr) {
+ return g_sysinfo_mock->GetSysInfo(quiet);
+ }
+ return nullptr;
+}
+
void free_sysinfo(sysinfo_t *sysinfo)
{
if (g_sysinfo_mock != nullptr) {
diff --git a/test/mocks/sysinfo_mock.h b/test/mocks/sysinfo_mock.h
index 45208b0f..2b8e926d 100644
--- a/test/mocks/sysinfo_mock.h
+++ b/test/mocks/sysinfo_mock.h
@@ -26,6 +26,7 @@ public:
MOCK_METHOD1(FreeMountsInfo, void(mountinfo_t **minfos));
MOCK_METHOD0(GetDefaultHugePageSize, char *(void));
MOCK_METHOD2(ValidateHugetlb, char*(const char *pagesize, uint64_t limit));
+ MOCK_METHOD1(GetSysInfo, sysinfo_t *(bool quiet));
MOCK_METHOD1(FreeSysinfo, void(sysinfo_t *sysinfo));
};
diff --git a/test/mocks/verify_mock.cc b/test/mocks/verify_mock.cc
index 0e7e7461..4c481676 100644
--- a/test/mocks/verify_mock.cc
+++ b/test/mocks/verify_mock.cc
@@ -24,10 +24,10 @@ void MockVerify_SetMock(MockVerify *mock)
g_verify_mock = mock;
}
-int verify_host_config_settings(host_config *hostconfig, bool update)
+int verify_host_config_settings(host_config *hostconfig, const sysinfo_t *sysinfo, bool update)
{
if (g_verify_mock != nullptr) {
- return g_verify_mock->VerifyHostConfigSettings(hostconfig, update);
+ return g_verify_mock->VerifyHostConfigSettings(hostconfig, sysinfo, update);
}
return 0;
}
diff --git a/test/mocks/verify_mock.h b/test/mocks/verify_mock.h
index 7890159f..b9ad8627 100644
--- a/test/mocks/verify_mock.h
+++ b/test/mocks/verify_mock.h
@@ -21,7 +21,7 @@
class MockVerify {
public:
- MOCK_METHOD2(VerifyHostConfigSettings, int(host_config *hostconfig, bool update));
+ MOCK_METHOD3(VerifyHostConfigSettings, int(host_config *hostconfig, const sysinfo_t *sysinfo, bool update));
};
void MockVerify_SetMock(MockVerify* mock);
--
2.42.0

92
0042-2268-bugfix-for-the-bliko-zero-value-exception-when-.patch Normal file
View File

@ -0,0 +1,92 @@
From dddba4ec73b56bc2fcf3a95171fad104e962dfda Mon Sep 17 00:00:00 2001
From: zhongtao <zhongtao17@huawei.com>
Date: Wed, 29 Nov 2023 09:33:53 +0000
Subject: [PATCH 42/64] =?UTF-8?q?!2268=20bugfix=20for=20the=20bliko=20zero?=
=?UTF-8?q?=20value=20exception=20when=20executing=20the=20stats=20command?=
=?UTF-8?q?=20on=20the=20oci=20container=20*=20bugfix=20for=20the=20bliko?=
=?UTF-8?q?=20zero=20value=20exception=20when=20executing=20the=20stats=20?=
=?UTF-8?q?com=E2=80=A6?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
---
.../modules/runtime/isula/isula_rt_ops.c | 55 +++++++++++++------
1 file changed, 38 insertions(+), 17 deletions(-)
diff --git a/src/daemon/modules/runtime/isula/isula_rt_ops.c b/src/daemon/modules/runtime/isula/isula_rt_ops.c
index 5d7ae500..1e2ecdb2 100644
--- a/src/daemon/modules/runtime/isula/isula_rt_ops.c
+++ b/src/daemon/modules/runtime/isula/isula_rt_ops.c
@@ -610,6 +610,43 @@ out:
return ret;
}
+static void transform_stats_info_from_runtime(shim_client_runtime_stats *stats, struct runtime_container_resources_stats_info *info)
+{
+ if (stats == NULL || stats->data == NULL) {
+ return;
+ }
+ if (stats->data->pids != NULL) {
+ info->pids_current = stats->data->pids->current;
+ }
+ if (stats->data->cpu != NULL && stats->data->cpu->usage != NULL) {
+ info->cpu_use_nanos = stats->data->cpu->usage->total;
+ info->cpu_system_use = stats->data->cpu->usage->kernel;
+ }
+ shim_client_runtime_stats_data_memory *memory = stats->data->memory;
+ if (memory != NULL && memory->usage != NULL) {
+ info->mem_used = memory->usage->usage;
+ info->mem_limit = memory->usage->limit;
+ }
+ if (memory != NULL && memory->raw != NULL) {
+ info->inactive_file_total = memory->raw->total_inactive_file;
+ info->rss_bytes = memory->raw->rss;
+ info->page_faults = memory->raw->pgfault;
+ info->major_page_faults = memory->raw->pgmajfault;
+ }
+ shim_client_runtime_stats_data_blkio *blkio = stats->data->blkio;
+ if (blkio == NULL) {
+ return;
+ }
+ for (size_t i = 0; i < blkio->io_service_bytes_recursive_len; i++) {
+ if (strcasecmp(blkio->io_service_bytes_recursive[i]->op, "read") == 0) {
+ info->blkio_read += blkio->io_service_bytes_recursive[i]->value;
+ }
+ if (strcasecmp(blkio->io_service_bytes_recursive[i]->op, "write") == 0) {
+ info->blkio_write += blkio->io_service_bytes_recursive[i]->value;
+ }
+ }
+}
+
static int runtime_call_stats(const char *workdir, const char *runtime, const char *id,
struct runtime_container_resources_stats_info *info)
{
@@ -658,23 +695,7 @@ static int runtime_call_stats(const char *workdir, const char *runtime, const ch
goto out;
}
- if (stats != NULL && stats->data != NULL && stats->data->pids != NULL) {
- info->pids_current = stats->data->pids->current;
- }
- if (stats != NULL && stats->data != NULL && stats->data->cpu != NULL && stats->data->cpu->usage) {
- info->cpu_use_nanos = stats->data->cpu->usage->total;
- info->cpu_system_use = stats->data->cpu->usage->kernel;
- }
- if (stats != NULL && stats->data != NULL && stats->data->memory != NULL && stats->data->memory->usage) {
- info->mem_used = stats->data->memory->usage->usage;
- info->mem_limit = stats->data->memory->usage->limit;
- }
- if (stats != NULL && stats->data != NULL && stats->data->memory != NULL && stats->data->memory->raw) {
- info->inactive_file_total = stats->data->memory->raw->total_inactive_file;
- info->rss_bytes = stats->data->memory->raw->rss;
- info->page_faults = stats->data->memory->raw->pgfault;
- info->major_page_faults = stats->data->memory->raw->pgmajfault;
- }
+ transform_stats_info_from_runtime(stats, info);
out:
free_shim_client_runtime_stats(stats);
--
2.42.0

34
0043-move-variable-declaration-out-of-loop.patch Normal file
View File

@ -0,0 +1,34 @@
From 261a924b656eea9eff2ca6cbdd611eb1f9555af7 Mon Sep 17 00:00:00 2001
From: zhongtao <zhongtao17@huawei.com>
Date: Thu, 30 Nov 2023 16:02:44 +1400
Subject: [PATCH 43/64] move variable declaration out of loop
Signed-off-by: zhongtao <zhongtao17@huawei.com>
---
src/daemon/modules/runtime/isula/isula_rt_ops.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/src/daemon/modules/runtime/isula/isula_rt_ops.c b/src/daemon/modules/runtime/isula/isula_rt_ops.c
index 1e2ecdb2..3950ff4a 100644
--- a/src/daemon/modules/runtime/isula/isula_rt_ops.c
+++ b/src/daemon/modules/runtime/isula/isula_rt_ops.c
@@ -612,6 +612,7 @@ out:
static void transform_stats_info_from_runtime(shim_client_runtime_stats *stats, struct runtime_container_resources_stats_info *info)
{
+ size_t i;
if (stats == NULL || stats->data == NULL) {
return;
}
@@ -637,7 +638,7 @@ static void transform_stats_info_from_runtime(shim_client_runtime_stats *stats,
if (blkio == NULL) {
return;
}
- for (size_t i = 0; i < blkio->io_service_bytes_recursive_len; i++) {
+ for (i = 0; i < blkio->io_service_bytes_recursive_len; i++) {
if (strcasecmp(blkio->io_service_bytes_recursive[i]->op, "read") == 0) {
info->blkio_read += blkio->io_service_bytes_recursive[i]->value;
}
--
2.42.0

40
0044-2289-check-protobuf-and-grpc-version-in-cmake-for-cr.patch Normal file
View File

@ -0,0 +1,40 @@
From 8045fcfb3765698d8cc3f07186fcc29d6702ee71 Mon Sep 17 00:00:00 2001
From: jake <jikai11@huawei.com>
Date: Thu, 30 Nov 2023 11:58:47 +0000
Subject: [PATCH 44/64] !2289 check protobuf and grpc version in cmake for cri
v1 * check protobuf and grpc version in cmake for cri v1
---
cmake/checker.cmake | 9 ++++++++-
1 file changed, 8 insertions(+), 1 deletion(-)
diff --git a/cmake/checker.cmake b/cmake/checker.cmake
index cc4a1fc3..e19618e4 100644
--- a/cmake/checker.cmake
+++ b/cmake/checker.cmake
@@ -125,7 +125,11 @@ endif()
if (GRPC_CONNECTOR)
# check protobuf
- pkg_check_modules(PC_PROTOBUF "protobuf>=3.1.0")
+ if (ENABLE_CRI_API_V1)
+ pkg_check_modules(PC_PROTOBUF "protobuf>=3.14.0")
+ else()
+ pkg_check_modules(PC_PROTOBUF "protobuf>=3.1.0")
+ endif()
find_library(PROTOBUF_LIBRARY protobuf
HINTS ${PC_PROTOBUF_LIBDIR} ${PC_PROTOBUF_LIBRARY_DIRS})
_CHECK(PROTOBUF_LIBRARY "PROTOBUF_LIBRARY-NOTFOUND" "libprotobuf.so")
@@ -136,6 +140,9 @@ if (GRPC_CONNECTOR)
_CHECK(CMD_GRPC_CPP_PLUGIN "CMD_GRPC_CPP_PLUGIN-NOTFOUND" "grpc_cpp_plugin")
# check grpc
+ if (ENABLE_CRI_API_V1)
+ pkg_check_modules(PC_GRPC++ "grpc++>=1.41.0")
+ endif()
find_path(GRPC_INCLUDE_DIR grpc/grpc.h)
_CHECK(GRPC_INCLUDE_DIR "GRPC_INCLUDE_DIR-NOTFOUND" "grpc/grpc.h")
find_library(GRPC_PP_REFLECTION_LIBRARY grpc++_reflection)
--
2.42.0

381
0045-improve-ut-for-devicemapper.patch Normal file
View File

@ -0,0 +1,381 @@
From 2ad7ecf5adbd75f1ba4678e69d768d4b807ae08d Mon Sep 17 00:00:00 2001
From: jikai <jikai11@huawei.com>
Date: Wed, 29 Nov 2023 17:08:31 +0800
Subject: [PATCH 45/64] improve ut for devicemapper
Signed-off-by: jikai <jikai11@huawei.com>
---
.../storage/layers/devmapper/CMakeLists.txt | 8 +-
.../id | 1 +
.../layers/devmapper/driver_devmapper_ut.cc | 209 +++++++++++++-----
3 files changed, 165 insertions(+), 53 deletions(-)
create mode 100644 test/image/oci/storage/layers/devmapper/data/devicemapper/mnt/068615102be4457b22d40c9702e4bd316dd50ae85467b0378a419b23b60ba73d/id
diff --git a/test/image/oci/storage/layers/devmapper/CMakeLists.txt b/test/image/oci/storage/layers/devmapper/CMakeLists.txt
index f98de1a8..e6ba0307 100644
--- a/test/image/oci/storage/layers/devmapper/CMakeLists.txt
+++ b/test/image/oci/storage/layers/devmapper/CMakeLists.txt
@@ -23,14 +23,18 @@ add_executable(${DRIVER_DEVMAPPER_EXE}
${CMAKE_CURRENT_SOURCE_DIR}/../../../../../../src/utils/tar/util_gzip.c
${CMAKE_CURRENT_SOURCE_DIR}/../../../../../../src/utils/sha256/sha256.c
${CMAKE_CURRENT_SOURCE_DIR}/../../../../../../src/daemon/config/daemon_arguments.c
- ${CMAKE_CURRENT_SOURCE_DIR}/../../../../../../src/daemon/config/isulad_config.c
${CMAKE_CURRENT_SOURCE_DIR}/../../../../../../src/daemon/common/err_msg.c
${CMAKE_CURRENT_SOURCE_DIR}/../../../../../../src/daemon/common/selinux_label.c
+ ${CMAKE_CURRENT_SOURCE_DIR}/../../../../../../src/daemon/modules/image/oci/storage/layer_store/graphdriver/driver.c
${CMAKE_CURRENT_SOURCE_DIR}/../../../../../../src/daemon/modules/image/oci/storage/layer_store/graphdriver/devmapper/deviceset.c
${CMAKE_CURRENT_SOURCE_DIR}/../../../../../../src/daemon/modules/image/oci/storage/layer_store/graphdriver/devmapper/driver_devmapper.c
${CMAKE_CURRENT_SOURCE_DIR}/../../../../../../src/daemon/modules/image/oci/storage/layer_store/graphdriver/devmapper/metadata_store.c
${CMAKE_CURRENT_SOURCE_DIR}/../../../../../../src/daemon/modules/image/oci/storage/layer_store/graphdriver/devmapper/wrapper_devmapper.c
+ ${CMAKE_CURRENT_SOURCE_DIR}/../../../../../../src/daemon/modules/image/oci/storage/layer_store/graphdriver/overlay2/driver_overlay2.c
+ ${CMAKE_CURRENT_SOURCE_DIR}/../../../../../../src/daemon/modules/image/oci/storage/remote_layer_support/ro_symlink_maintain.c
+ ${CMAKE_CURRENT_SOURCE_DIR}/../../../../../../src/daemon/modules/image/oci/storage/layer_store/graphdriver/quota/project_quota.c
${CMAKE_CURRENT_SOURCE_DIR}/../../../../../mocks/libdevmapper_mock.cc
+ ${CMAKE_CURRENT_SOURCE_DIR}/../../../../../mocks/isulad_config_mock.cc
driver_devmapper_ut.cc)
target_include_directories(${DRIVER_DEVMAPPER_EXE} PUBLIC
@@ -56,7 +60,7 @@ target_include_directories(${DRIVER_DEVMAPPER_EXE} PUBLIC
${CMAKE_CURRENT_SOURCE_DIR}/../../../../../mocks
)
-set_target_properties(${DRIVER_DEVMAPPER_EXE} PROPERTIES LINK_FLAGS "-Wl,--wrap,util_exec_cmd -Wl,--wrap,util_mount -Wl,--wrap,umount2")
+set_target_properties(${DRIVER_DEVMAPPER_EXE} PROPERTIES LINK_FLAGS "-Wl,--wrap,util_exec_cmd -Wl,--wrap,util_mount -Wl,--wrap,umount2 -Wl,--wrap,archive_unpack")
target_link_libraries(${DRIVER_DEVMAPPER_EXE}
${GTEST_BOTH_LIBRARIES}
diff --git a/test/image/oci/storage/layers/devmapper/data/devicemapper/mnt/068615102be4457b22d40c9702e4bd316dd50ae85467b0378a419b23b60ba73d/id b/test/image/oci/storage/layers/devmapper/data/devicemapper/mnt/068615102be4457b22d40c9702e4bd316dd50ae85467b0378a419b23b60ba73d/id
new file mode 100644
index 00000000..5e6b1b2a
--- /dev/null
+++ b/test/image/oci/storage/layers/devmapper/data/devicemapper/mnt/068615102be4457b22d40c9702e4bd316dd50ae85467b0378a419b23b60ba73d/id
@@ -0,0 +1 @@
+3d24ee258efc3bfe4066a1a9fb83febf6dc0b1548dfe896161533668281c9f4f
\ No newline at end of file
diff --git a/test/image/oci/storage/layers/devmapper/driver_devmapper_ut.cc b/test/image/oci/storage/layers/devmapper/driver_devmapper_ut.cc
index 59e53f97..088aa4d4 100644
--- a/test/image/oci/storage/layers/devmapper/driver_devmapper_ut.cc
+++ b/test/image/oci/storage/layers/devmapper/driver_devmapper_ut.cc
@@ -16,11 +16,16 @@
#include <gtest/gtest.h>
#include <gmock/gmock.h>
+#include "driver.h"
#include "driver_devmapper.h"
+#include "driver_overlay2.h"
#include "mock.h"
#include "path.h"
#include "utils.h"
+#include "util_archive.h"
#include "libdevmapper_mock.h"
+#include "isulad_config_mock.h"
+#include "wrapper_devmapper.h"
using ::testing::Invoke;
using ::testing::NiceMock;
@@ -29,13 +34,20 @@ using ::testing::_;
extern "C" {
DECLARE_WRAPPER_V(util_exec_cmd, bool, (exec_func_t cb_func, void *args, const char *stdin_msg, char **stdout_msg, char **stderr_msg));
- DEFINE_WRAPPER_V(util_exec_cmd, bool, (exec_func_t cb_func, void *args, const char *stdin_msg, char **stdout_msg, char **stderr_msg), (cb_func, args, stdin_msg, stdout_msg, stderr_msg));
+ DEFINE_WRAPPER_V(util_exec_cmd, bool, (exec_func_t cb_func, void *args, const char *stdin_msg, char **stdout_msg, char **stderr_msg),
+ (cb_func, args, stdin_msg, stdout_msg, stderr_msg));
DECLARE_WRAPPER(util_mount, int, (const char *src, const char *dst, const char *mtype, const char *mntopts));
DEFINE_WRAPPER(util_mount, int, (const char *src, const char *dst, const char *mtype, const char *mntopts), (src, dst, mtype, mntopts));
DECLARE_WRAPPER(umount2, int, (const char *__special_file, int __flags));
DEFINE_WRAPPER(umount2, int, (const char *__special_file, int __flags), (__special_file, __flags));
+
+ DECLARE_WRAPPER(archive_unpack, int, (const io_read_wrapper *content, const char *dstdir, const archive_options *options,
+ const char *root_dir, char **errmsg));
+ DEFINE_WRAPPER(archive_unpack, int, (const io_read_wrapper *content, const char *dstdir, const archive_options *options,
+ const char *root_dir, char **errmsg),
+ (content, dstdir, options, root_dir, errmsg));
}
static std::string GetDirectory()
@@ -118,6 +130,7 @@ protected:
void SetUp() override
{
MockLibdevmapper_SetMock(&m_libdevmapper_mock);
+ MockIsuladConf_SetMock(&m_isulad_conf_mock);
std::string isulad_dir { "/tmp/isulad/" };
mkdir(isulad_dir.c_str(), 0755);
std::string root_dir = isulad_dir + "data";
@@ -129,13 +142,18 @@ protected:
std::string cp_command = "cp -r " + std::string(data_path) + " " + isulad_dir;
ASSERT_EQ(system(cp_command.c_str()), 0);
- char **driver_opts = static_cast<char **>(util_common_calloc_s(3 * sizeof(char *)));
- driver_opts[0] = strdup("dm.thinpooldev=/dev/mapper/isulad0-thinpool");
- driver_opts[1] = strdup("dm.fs=ext4");
- driver_opts[2] = strdup("dm.min_free_space=10%");
- int driver_opts_len = 3;
-
- ASSERT_EQ(devmapper_init(&driver, nullptr, (const char **)driver_opts, driver_opts_len), -1);
+ opts = (struct storage_module_init_options *)util_common_calloc_s(sizeof(struct storage_module_init_options));
+ opts->storage_root = strdup(root_dir.c_str());
+ opts->storage_run_root = strdup(run_dir.c_str());
+ opts->driver_name = strdup("devicemapper");
+ opts->driver_opts = (char **)util_common_calloc_s(6 * sizeof(char *));
+ opts->driver_opts[0] = strdup("dm.thinpooldev=/dev/mapper/isulad0-thinpool");
+ opts->driver_opts[1] = strdup("dm.fs=ext4");
+ opts->driver_opts[2] = strdup("dm.min_free_space=10%");
+ opts->driver_opts[3] = strdup("dm.basesize=12G");
+ opts->driver_opts[4] = strdup("dm.mkfsarg=-q");
+ opts->driver_opts[5] = strdup("dm.mountopt=rw");
+ opts->driver_opts_len = 6;
EXPECT_CALL(m_libdevmapper_mock, DMTaskCreate(_)).WillRepeatedly(Invoke(invokeDMTaskCreate));
EXPECT_CALL(m_libdevmapper_mock, DMTaskSetMessage(_, _)).WillRepeatedly(Return(1));
@@ -152,7 +170,6 @@ protected:
EXPECT_CALL(m_libdevmapper_mock, DMUdevComplete(_)).WillRepeatedly(Return(1));
EXPECT_CALL(m_libdevmapper_mock, DMTaskDeferredRemove(_)).WillRepeatedly(Return(1));
-
char *names = static_cast<char *>(util_common_calloc_s(sizeof(struct dm_names) + strlen("isulad0-pool") + 1));
struct dm_names *dname = (struct dm_names *)names;
dname->dev = 1;
@@ -164,32 +181,76 @@ protected:
EXPECT_CALL(m_libdevmapper_mock, DMUdevGetSyncSupport()).WillOnce(Return(1));
MOCK_SET_V(util_exec_cmd, invokeUtilExecCmd);
-
- ASSERT_EQ(devmapper_init(&driver, driver_home.c_str(), (const char **)driver_opts, driver_opts_len), 0);
+ MOCK_SET(util_mount, 0);
+ MOCK_SET(umount2, 0);
+ ASSERT_EQ(graphdriver_init(opts), 0);
MOCK_CLEAR(util_exec_cmd);
-
- util_free_array_by_len(driver_opts, driver_opts_len);
- free(names);
+ MOCK_CLEAR(util_mount);
+ MOCK_CLEAR(umount2);
}
void TearDown() override
{
+ MOCK_SET(umount2, 0);
+ ASSERT_EQ(graphdriver_cleanup(), 0);
+ MOCK_CLEAR(umount2);
+
MockLibdevmapper_SetMock(nullptr);
+ MockIsuladConf_SetMock(nullptr);
std::string rm_command = "rm -rf /tmp/isulad/";
ASSERT_EQ(system(rm_command.c_str()), 0);
+
+ if (opts != NULL) {
+ free(opts->storage_root);
+ free(opts->storage_run_root);
+ free(opts->driver_name);
+ util_free_array_by_len(opts->driver_opts, opts->driver_opts_len);
+ free(opts);
+ }
}
NiceMock<MockLibdevmapper> m_libdevmapper_mock;
+ NiceMock<MockIsuladConf> m_isulad_conf_mock;
char data_path[PATH_MAX] = { 0x00 };
- graphdriver driver = {.ops = nullptr, .name = "devicemapper", };
+ struct storage_module_init_options *opts = NULL;
};
+TEST_F(DriverDevmapperUnitTest, test_devmapper_init)
+{
+ // cleanup before
+ MOCK_SET(umount2, 0);
+ ASSERT_EQ(graphdriver_cleanup(), 0);
+ MOCK_CLEAR(umount2);
+
+ std::string rm_command = "rm -rf /tmp/isulad/";
+ ASSERT_EQ(system(rm_command.c_str()), 0);
+ std::string mk_command = "mkdir -p /tmp/isulad/data/devicemapper/mnt";
+ ASSERT_EQ(system(mk_command.c_str()), 0);
+ char *names = static_cast<char *>(util_common_calloc_s(sizeof(struct dm_names) + strlen("isulad0-pool") + 1));
+ struct dm_names *dname = (struct dm_names *)names;
+ dname->dev = 1;
+ dname->next = 0;
+ strcpy(names + sizeof(struct dm_names), "isulad0-pool");
+ EXPECT_CALL(m_libdevmapper_mock, DMTaskGetNames(_)).WillOnce(Return(dname));
+ EXPECT_CALL(m_libdevmapper_mock, DMSetDevDir(_)).WillOnce(Return(1));
+ EXPECT_CALL(m_libdevmapper_mock, DMTaskGetDriverVersion(_, _, _)).WillOnce(Invoke(invokeDMTaskGetDriverVersion));
+ EXPECT_CALL(m_libdevmapper_mock, DMUdevGetSyncSupport()).WillOnce(Return(1));
+
+ MOCK_SET_V(util_exec_cmd, invokeUtilExecCmd);
+ MOCK_SET(util_mount, 0);
+ MOCK_SET(umount2, 0);
+ ASSERT_EQ(graphdriver_init(opts), 0);
+ MOCK_CLEAR(util_exec_cmd);
+ MOCK_CLEAR(util_mount);
+ MOCK_CLEAR(umount2);
+}
+
TEST_F(DriverDevmapperUnitTest, test_devmapper_layer_exists)
{
std::string id { "3d24ee258efc3bfe4066a1a9fb83febf6dc0b1548dfe896161533668281c9f4f" };
std::string incorrectId { "eb29745b8228e1e97c01b1d5c2554a319c00a94d8dd5746a3904222ad65a13f8" };
- ASSERT_TRUE(devmapper_layer_exist(id.c_str(), &driver));
- ASSERT_FALSE(devmapper_layer_exist(incorrectId.c_str(), &driver));
+ ASSERT_TRUE(graphdriver_layer_exists(id.c_str()));
+ ASSERT_FALSE(graphdriver_layer_exists(incorrectId.c_str()));
}
TEST_F(DriverDevmapperUnitTest, test_devmapper_create_rw)
@@ -205,11 +266,42 @@ TEST_F(DriverDevmapperUnitTest, test_devmapper_create_rw)
create_opts->storage_opt->keys = static_cast<char **>(util_common_calloc_s(sizeof(char *)));
create_opts->storage_opt->values = static_cast<char **>(util_common_calloc_s(sizeof(char *)));
create_opts->storage_opt->keys[0] = strdup("size");
- create_opts->storage_opt->values[0] = strdup("10G");
+ create_opts->storage_opt->values[0] = strdup("12G");
+ create_opts->storage_opt->len = 1;
+
+ ASSERT_EQ(graphdriver_create_rw(id.c_str(), nullptr, create_opts), 0);
+ ASSERT_TRUE(graphdriver_layer_exists(id.c_str()));
+ free_driver_create_opts(create_opts);
+}
+
+TEST_F(DriverDevmapperUnitTest, test_devmapper_create_ro)
+{
+ std::string id { "eb29745b8228e1e97c01b1d5c2554a319c00a94d8dd5746a3904222ad65a13f8" };
+ struct driver_create_opts *create_opts;
+
+ create_opts = (struct driver_create_opts *)util_common_calloc_s(sizeof(struct driver_create_opts));
+ ASSERT_NE(create_opts, nullptr);
+
+ create_opts->storage_opt = static_cast<json_map_string_string *>(util_common_calloc_s(sizeof(json_map_string_string)));
+ ASSERT_NE(create_opts->storage_opt, nullptr);
+ create_opts->storage_opt->keys = static_cast<char **>(util_common_calloc_s(sizeof(char *)));
+ create_opts->storage_opt->values = static_cast<char **>(util_common_calloc_s(sizeof(char *)));
+ create_opts->storage_opt->keys[0] = strdup("size");
+ create_opts->storage_opt->values[0] = strdup("12G");
create_opts->storage_opt->len = 1;
- ASSERT_EQ(devmapper_create_rw(id.c_str(), nullptr, &driver, create_opts), 0);
- ASSERT_TRUE(devmapper_layer_exist(id.c_str(), &driver));
+ ASSERT_EQ(graphdriver_create_ro(id.c_str(), nullptr, create_opts), 0);
+ ASSERT_TRUE(graphdriver_layer_exists(id.c_str()));
+ free_driver_create_opts(create_opts);
+}
+
+TEST_F(DriverDevmapperUnitTest, test_devmapper_rm_layer)
+{
+ std::string existed_id { "3d24ee258efc3bfe4066a1a9fb83febf6dc0b1548dfe896161533668281c9f4f" };
+ std::string not_existed_id { "eb29745b8228e1e97c01b1d5c2554a319c00a94d8dd5746a3904222ad65a13f8" };
+
+ ASSERT_EQ(graphdriver_rm_layer(existed_id.c_str()), 0);
+ ASSERT_EQ(graphdriver_rm_layer(not_existed_id.c_str()), 0);
}
TEST_F(DriverDevmapperUnitTest, test_devmapper_mount_layer)
@@ -220,12 +312,12 @@ TEST_F(DriverDevmapperUnitTest, test_devmapper_mount_layer)
char* mount_dir = nullptr;
MOCK_SET(util_mount, 0);
- mount_dir = devmapper_mount_layer(id.c_str(), &driver, mount_opts);
+ mount_dir = graphdriver_mount_layer(id.c_str(), mount_opts);
ASSERT_STREQ(mount_dir, merged_dir.c_str());
MOCK_CLEAR(util_mount);
MOCK_SET(umount2, 0);
- ASSERT_EQ(devmapper_umount_layer(id.c_str(), &driver), 0);
+ ASSERT_EQ(graphdriver_umount_layer(id.c_str()), 0);
MOCK_CLEAR(umount2);
free(mount_dir);
mount_dir = nullptr;
@@ -237,47 +329,62 @@ TEST_F(DriverDevmapperUnitTest, test_devmapper_mount_layer)
mount_opts->options_len = 1;
MOCK_SET(util_mount, 0);
- mount_dir = devmapper_mount_layer(id.c_str(), &driver, mount_opts);
+ mount_dir = graphdriver_mount_layer(id.c_str(), mount_opts);
ASSERT_STREQ(mount_dir, merged_dir.c_str());
MOCK_CLEAR(util_mount);
MOCK_SET(umount2, 0);
- ASSERT_EQ(devmapper_umount_layer(id.c_str(), &driver), 0);
+ ASSERT_EQ(graphdriver_umount_layer(id.c_str()), 0);
MOCK_CLEAR(umount2);
- free(mount_opts->mount_label);
- util_free_array_by_len(mount_opts->options, mount_opts->options_len);
- free(mount_opts);
- free(mount_dir);
+ free_driver_mount_opts(mount_opts);
}
-TEST_F(DriverDevmapperUnitTest, test_devmapper_get_layer_metadata)
+TEST_F(DriverDevmapperUnitTest, test_devmapper_get_data)
{
std::string id { "3d24ee258efc3bfe4066a1a9fb83febf6dc0b1548dfe896161533668281c9f4f" };
- json_map_string_string *map_info = static_cast<json_map_string_string *>(util_common_calloc_s(sizeof(json_map_string_string)));
-
- ASSERT_EQ(devmapper_get_layer_metadata(id.c_str(), &driver, map_info), 0);
- ASSERT_EQ(map_info->len, 4);
- ASSERT_STREQ(map_info->keys[0], "DeviceId");
- ASSERT_STREQ(map_info->values[0], "4");
- ASSERT_STREQ(map_info->keys[1], "DeviceSize");
- ASSERT_STREQ(map_info->values[1], "10737418240");
- ASSERT_STREQ(map_info->keys[2], "DeviceName");
- ASSERT_STREQ(map_info->keys[3], "MergedDir");
- ASSERT_STREQ(map_info->values[3], "/tmp/isulad/data/devicemapper/mnt/3d24ee258efc3bfe4066a1a9fb83febf6dc0b1548dfe896161533668281c9f4f/rootfs");
-
- free_json_map_string_string(map_info);
-}
-TEST_F(DriverDevmapperUnitTest, test_devmapper_get_driver_status)
-{
- struct graphdriver_status *status = static_cast<struct graphdriver_status *>(util_common_calloc_s(sizeof(struct graphdriver_status)));
+ container_inspect_graph_driver *inspect = graphdriver_get_metadata(id.c_str());
+ ASSERT_NE(inspect, nullptr);
+ ASSERT_STREQ(inspect->data->device_id, "4");
+ ASSERT_STREQ(inspect->data->device_size, "10737418240");
+ ASSERT_STREQ(inspect->data->merged_dir, "/tmp/isulad/data/devicemapper/mnt/3d24ee258efc3bfe4066a1a9fb83febf6dc0b1548dfe896161533668281c9f4f/rootfs");
+ free_container_inspect_graph_driver(inspect);
EXPECT_CALL(m_libdevmapper_mock, DMUdevGetSyncSupport()).WillOnce(Return(1));
- ASSERT_EQ(devmapper_get_driver_status(&driver, status), 0);
+ struct graphdriver_status *status = graphdriver_get_status();
+ ASSERT_NE(status, nullptr);
ASSERT_STREQ(status->driver_name, "devicemapper");
- free(status->driver_name);
- free(status->backing_fs);
- free(status->status);
- free(status);
+ free_graphdriver_status(status);
+
+ ASSERT_EQ(devmapper_repair_lowers(nullptr, nullptr, nullptr), 0);
+ ASSERT_EQ(devmapper_get_layer_fs_info(nullptr, nullptr, nullptr), 0);
}
+
+TEST_F(DriverDevmapperUnitTest, test_devmapper_apply_diff)
+{
+ struct io_read_wrapper reader = {0};
+ std::string id { "3d24ee258efc3bfe4066a1a9fb83febf6dc0b1548dfe896161533668281c9f4f" };
+ MOCK_SET(util_mount, 0);
+ MOCK_SET(archive_unpack, 0);
+ MOCK_SET(umount2, 0);
+ EXPECT_CALL(m_isulad_conf_mock, ConfGetISuladRootDir()).WillOnce(Return(util_strdup_s("/tmp/isulad")));
+ ASSERT_EQ(graphdriver_apply_diff(id.c_str(), &reader), 0);
+ MOCK_CLEAR(archive_unpack);
+ MOCK_CLEAR(util_mount);
+ MOCK_CLEAR(umount2);
+}
+
+TEST_F(DriverDevmapperUnitTest, test_wrapper_devmapper)
+{
+ ASSERT_STREQ(dev_strerror(ERR_TASK_RUN), "Task run error");
+ ASSERT_STREQ(dev_strerror(ERR_TASK_SET_COOKIE), "Task set cookie error");
+ ASSERT_STREQ(dev_strerror(ERR_NIL_COOKIE), "cookie ptr can't be nil");
+ ASSERT_STREQ(dev_strerror(ERR_TASK_SET_ADD_NODE), "Task add dm node failed");
+ ASSERT_STREQ(dev_strerror(ERR_BUSY), "Device busy");
+ ASSERT_STREQ(dev_strerror(ERR_DEVICE_ID_EXISTS), "Device exists already");
+ ASSERT_STREQ(dev_strerror(ERR_ENXIO), "No such device of address");
+ ASSERT_STREQ(dev_strerror(ERR_TASK_ADD_TARGET), "Task add target device error");
+ ASSERT_STREQ(dev_strerror(ERR_TASK_DEFERRED_REMOVE), "dm_task_deferred_remove failed");
+ ASSERT_STREQ(dev_strerror(100), "Unknown error");
+}
\ No newline at end of file
--
2.42.0

56
0046-2292-bugfix-for-run.sh-and-add-build-notify-msg-for-.patch Normal file
View File

@ -0,0 +1,56 @@
From d813e654b5b964f79857df3c9130f174443a76be Mon Sep 17 00:00:00 2001
From: zhongtao <zhongtao17@huawei.com>
Date: Mon, 4 Dec 2023 09:44:42 +0000
Subject: [PATCH 46/64] !2292 bugfix for run.sh and add build notify msg for
ENABLE_GRPC_REMOTE_CONNECT * bugfix for run.sh and add build notify msg for
ENABLE_GRPC_REMOTE_CONNECT
---
CI/test_cases/container_cases/run.sh | 6 +++---
cmake/options.cmake | 1 +
2 files changed, 4 insertions(+), 3 deletions(-)
diff --git a/CI/test_cases/container_cases/run.sh b/CI/test_cases/container_cases/run.sh
index 8ea3e514..1bfd388b 100755
--- a/CI/test_cases/container_cases/run.sh
+++ b/CI/test_cases/container_cases/run.sh
@@ -27,7 +27,8 @@ function do_test_t()
{
tid=`isula run --runtime $1 -tid --name hostname busybox`
chostname=`isula exec -it $tid hostname`
- fn_check_eq "$chostname" "${tid:0:12}" "default hostname is id of container"
+ clean_hostname=$(echo "$hostname" | sed 's/[\x01-\x1F\x7F]//g')
+ fn_check_eq "${clean_hostname}" "${tid:0:12}" "default hostname is not id of container"
isula exec -it hostname env | grep HOSTNAME
fn_check_eq "$?" "0" "check HOSTNAME env failed"
isula stop -t 0 $tid
@@ -149,13 +150,12 @@ function do_run_remote_test_t()
isula run --runtime $1 -ti -H "$config" --name $containername busybox xxx
[[ $? -eq 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - failed check invalid run ${containername} remote" && ((ret++))
- testcontainer $containername exited
+
isula rm -f -H "$config" $containername
[[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - failed to rm container remote" && ((ret++))
isula run --runtime $1 -ti -H "$config" --name $containername busybox /bin/sh -c 'echo "hello"' | grep hello
[[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - failed to run ${containername} remote" && ((ret++))
- testcontainer $containername exited
isula rm -f -H "$config" $containername
[[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - failed to rm container remote" && ((ret++))
diff --git a/cmake/options.cmake b/cmake/options.cmake
index aeb24662..bf7db93a 100644
--- a/cmake/options.cmake
+++ b/cmake/options.cmake
@@ -110,6 +110,7 @@ option(ENABLE_GRPC_REMOTE_CONNECT "enable gRPC remote connect" OFF)
if (ENABLE_GRPC_REMOTE_CONNECT STREQUAL "ON")
add_definitions(-DENABLE_GRPC_REMOTE_CONNECT=1)
set(ENABLE_GRPC_REMOTE_CONNECT 1)
+ message("${Green}-- enable gRPC remote connect${ColourReset}")
endif()
option(ENABLE_SHIM_V2 "enable shim v2 runtime" OFF)
--
2.42.0

251
0047-2295-keep-the-service-status-unchanged-after-iSulad-.patch Normal file
View File

@ -0,0 +1,251 @@
From 98825c56135aeeb02f50a5eec5896d39d3ea649f Mon Sep 17 00:00:00 2001
From: zhongtao <zhongtao17@huawei.com>
Date: Wed, 6 Dec 2023 01:56:52 +0000
Subject: [PATCH 47/64] !2295 keep the service status unchanged after iSulad
service upgrade * keep the service status unchanged after iSulad service
upgrade and
---
iSulad.spec | 121 +++++++++++++++++++++++++++-------------------------
1 file changed, 62 insertions(+), 59 deletions(-)
diff --git a/iSulad.spec b/iSulad.spec
index 6be2067d..0efbf043 100644
--- a/iSulad.spec
+++ b/iSulad.spec
@@ -1,24 +1,23 @@
%global _version 2.1.4
-%global _release 1
+%global _release 2
%global is_systemd 1
%global enable_criv1 1
%global enable_shimv2 1
-%global enable_embedded 1
+%global is_embedded 1
+%global cpp_std 17
Name: iSulad
Version: %{_version}
Release: %{_release}
Summary: Lightweight Container Runtime Daemon
License: Mulan PSL v2
-URL: isulad
-Source: iSulad-2.1.tar.gz
+URL: https://gitee.com/openeuler/iSulad
+Source: https://gitee.com/openeuler/iSulad/repository/archive/v%{version}.tar.gz
BuildRoot: {_tmppath}/iSulad-%{version}
-ExclusiveArch: x86_64 aarch64
%ifarch x86_64 aarch64
Provides: libhttpclient.so()(64bit)
Provides: libisula_client.so()(64bit)
-Provides: libisulad_img.so()(64bit)
Provides: libisulad_tools.so()(64bit)
%endif
@@ -33,40 +32,56 @@ Requires(preun): chkconfig
Requires(preun): initscripts
%endif
-%if 0%{?enable_embedded}
+%if 0%{?is_embedded}
BuildRequires: sqlite-devel
-Requires: sqlite
+Requires: sqlite
%endif
-%if 0%{?enable_shimv2}
-BuildRequires: lib-shim-v2-devel
-Requires: lib-shim-v2
+%if %{defined openeuler}
+BuildRequires: gtest-devel gmock-devel
%endif
-BuildRequires: cmake gcc-c++ lxc-devel lcr-devel yajl-devel libisula-devel
-BuildRequires: grpc-plugins grpc-devel protobuf-devel
-BuildRequires: libcurl-devel libarchive-devel device-mapper-devel
+%define lcrver_lower 2.1.3-0
+%define lcrver_upper 2.1.4-0
+
+BuildRequires: libisula-devel > %{lcrver_lower} libisula-devel < %{lcrver_upper}
+BuildRequires: cmake gcc-c++ yajl-devel
+BuildRequires: grpc grpc-plugins grpc-devel protobuf-devel
+BuildRequires: libcurl libcurl-devel libarchive-devel device-mapper-devel
BuildRequires: http-parser-devel
-BuildRequires: libselinux-devel libwebsockets-devel
+BuildRequires: libseccomp-devel libcap-devel libselinux-devel libwebsockets libwebsockets-devel
BuildRequires: systemd-devel git
+BuildRequires: libevhtp-devel libevent-devel
+%if 0%{?enable_shimv2}
+BuildRequires: lib-shim-v2 lib-shim-v2-devel
+%endif
+
-Requires: libisula lxc
-Requires: grpc libcurl http-parser
-Requires: libselinux libwebsockets libarchive device-mapper
+Requires: libisula > %{lcrver_lower} libisula < %{lcrver_upper}
+Requires: grpc protobuf
+Requires: libcurl
+Requires: http-parser libseccomp
+Requires: libcap libselinux libwebsockets libarchive device-mapper
Requires: systemd
+Requires: (docker-runc or runc)
+BuildRequires: libevhtp libevent
+%if 0%{?enable_shimv2}
+Requires: lib-shim-v2
+%endif
%description
This is a umbrella project for gRPC-services based Lightweight Container
Runtime Daemon, written by C.
%prep
-%autosetup -c -n iSulad-%{version}
+%autosetup -n iSulad-v%{_version} -Sgit -p1
%build
mkdir -p build
cd build
%cmake \
-DDEBUG=ON \
+ -DCMAKE_SKIP_RPATH=TRUE \
-DLIB_INSTALL_DIR=%{_libdir} \
-DCMAKE_INSTALL_PREFIX=/usr \
%if 0%{?enable_criv1}
@@ -76,36 +91,47 @@ cd build
%if 0%{?enable_shimv2}
-DENABLE_SHIM_V2=ON \
%endif
+%if %{defined openeuler}
+ -DENABLE_UT=OFF \
+%endif
+ -DENABLE_GRPC_REMOTE_CONNECT=OFF \
+ -DENABLE_GRPC=ON \
+ -DCMAKE_CXX_STANDARD=%{cpp_std} \
../
+
+sed -i "10 a\# undef linux" grpc/src/api/services/cri/v1alpha/api.pb.h
+%if 0%{?enable_criv1}
+sed -i "10 a\# undef linux" grpc/src/api/services/cri/v1/api_v1.pb.h
+%endif
+
%make_build
+%check
+%if %{defined openeuler}
+cd build
+# registry_images_ut and volume_ut must run with root user
+ctest -E "registry_images_ut|volume_ut"
+%endif
+
%install
rm -rf %{buildroot}
cd build
install -d $RPM_BUILD_ROOT/%{_libdir}
-install -m 0644 ./src/libisula_client.so %{buildroot}/%{_libdir}/libisula_client.so
-install -m 0644 ./src/utils/http/libhttpclient.so %{buildroot}/%{_libdir}/libhttpclient.so
-chrpath -d ./src/libisulad_tools.so
-install -m 0644 ./src/libisulad_tools.so %{buildroot}/%{_libdir}/libisulad_tools.so
-chrpath -d ./src/daemon/modules/image/libisulad_img.so
-install -m 0644 ./src/daemon/modules/image/libisulad_img.so %{buildroot}/%{_libdir}/libisulad_img.so
-chmod +x %{buildroot}/%{_libdir}/libisula_client.so
-chmod +x %{buildroot}/%{_libdir}/libhttpclient.so
-chmod +x %{buildroot}/%{_libdir}/libisulad_img.so
+install -m 0755 ./src/libisula_client.so %{buildroot}/%{_libdir}/libisula_client.so
+install -m 0755 ./src/utils/http/libhttpclient.so %{buildroot}/%{_libdir}/libhttpclient.so
+install -m 0755 ./src/libisulad_tools.so %{buildroot}/%{_libdir}/libisulad_tools.so
install -d $RPM_BUILD_ROOT/%{_libdir}/pkgconfig
install -m 0640 ./conf/isulad.pc %{buildroot}/%{_libdir}/pkgconfig/isulad.pc
install -d $RPM_BUILD_ROOT/%{_bindir}
+
install -m 0755 ./src/isula %{buildroot}/%{_bindir}/isula
install -m 0755 ./src/isulad-shim %{buildroot}/%{_bindir}/isulad-shim
-install -m 0755 ./src/isulad %{buildroot}/%{_bindir}/isulad
-chrpath -d ./src/isula
-chrpath -d ./src/isulad-shim
-chrpath -d ./src/isulad
+
+install -m 0755 ./src/isulad %{buildroot}/%{_bindir}/isulad
install -d $RPM_BUILD_ROOT/%{_includedir}/isulad
-install -m 0644 ../src/daemon/modules/api/image_api.h %{buildroot}/%{_includedir}/isulad/image_api.h
install -d $RPM_BUILD_ROOT/%{_sysconfdir}/isulad
install -m 0640 ../src/contrib/config/daemon.json %{buildroot}/%{_sysconfdir}/isulad/daemon.json
@@ -134,8 +160,6 @@ install -d $RPM_BUILD_ROOT/%{_initddir}
install -p -m 0640 ../src/contrib/init/isulad.init $RPM_BUILD_ROOT/%{_initddir}/isulad.init
%endif
-install -d $RPM_BUILD_ROOT/usr/share/bash-completion/completions
-install -p -m 0644 ../src/contrib/completion/isula $RPM_BUILD_ROOT/usr/share/bash-completion/completions/isula
%clean
rm -rf %{buildroot}
@@ -143,19 +167,17 @@ rm -rf %{buildroot}
# support update from lcrd to isulad, will remove in next version
if [ "$1" = "2" ]; then
%if 0%{?is_systemd}
-systemctl stop lcrd
-systemctl disable lcrd
+systemctl stop lcrd &>/dev/null
+systemctl disable lcrd &>/dev/null
if [ -e %{_sysconfdir}/isulad/daemon.json ];then
sed -i 's#/etc/default/lcrd/hooks#/etc/default/isulad/hooks#g' %{_sysconfdir}/isulad/daemon.json
fi
%else
-/sbin/chkconfig --del lcrd
+/sbin/chkconfig --del lcrd &>/dev/null
%endif
fi
%post
-source /usr/share/bash-completion/completions/isula
-
if ! getent group isula > /dev/null; then
groupadd --system isula
fi
@@ -174,12 +196,6 @@ if [ -e %{_unitdir}/lcrd.service.rpmsave ]; then
mv %{_unitdir}/lcrd.service.rpmsave %{_unitdir}/isulad.service
sed -i 's/lcrd/isulad/g' %{_unitdir}/isulad.service
fi
-systemctl status isulad | grep 'Active:' | grep 'running'
-if [ $? -eq 0 ]; then
- systemctl restart isulad
-else
- systemctl start isulad
-fi
%else
/sbin/service isulad status | grep 'Active:' | grep 'running'
if [ $? -eq 0 ]; then
@@ -226,7 +242,6 @@ fi
%{_initddir}/isulad.init
%attr(0640,root,root) %{_initddir}/isulad.init
%endif
-%{_includedir}/isulad/*
%attr(0755,root,root) %{_libdir}/pkgconfig
%attr(0640,root,root) %{_libdir}/pkgconfig/isulad.pc
%defattr(0755,root,root,0755)
@@ -242,17 +257,5 @@ fi
%else
%config(noreplace,missingok) %{_initddir}/isulad.init
%endif
-/usr/share/bash-completion/completions/isula
%changelog
-* Tue Sep 10 2020 openEuler Buildteam <buildteam@openeuler.org> - 2.0.5-20200910.140350.git72990229
-- Type:enhancement
-- ID:NA
-- SUG:NA
-- DESC: add chrpath
-
-* Mon Aug 03 2020 openEuler Buildteam <buildteam@openeuler.org> - 2.0.3-20200803.130854.git0c7dc28a
-- Type:enhancement
-- ID:NA
-- SUG:NA
-- DESC: add debug packages
--
2.42.0

40
0048-modify-attach-socket-name.patch Normal file
View File

@ -0,0 +1,40 @@
From c01b761e14e6b4ea6745688e47b255f17ba26055 Mon Sep 17 00:00:00 2001
From: zhongtao <zhongtao17@huawei.com>
Date: Wed, 6 Dec 2023 15:15:32 +0800
Subject: [PATCH 48/64] modify attach socket name
Signed-off-by: zhongtao <zhongtao17@huawei.com>
---
src/cmd/isulad-shim/common.h | 2 +-
src/daemon/modules/runtime/isula/isula_rt_ops.c | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/src/cmd/isulad-shim/common.h b/src/cmd/isulad-shim/common.h
index 2020a799..c4f86d24 100644
--- a/src/cmd/isulad-shim/common.h
+++ b/src/cmd/isulad-shim/common.h
@@ -60,7 +60,7 @@ extern "C" {
#define CONTAINER_ACTION_REBOOT 129
#define CONTAINER_ACTION_SHUTDOWN 130
-#define ATTACH_SOCKET "attach_socket.sock"
+#define ATTACH_SOCKET "attach.sock"
#define ATTACH_LOG_NAME "attach-log.json"
#define ATTACH_DETACH_MSG "read escape sequence"
#define MAX_ATTACH_NUM 16
diff --git a/src/daemon/modules/runtime/isula/isula_rt_ops.c b/src/daemon/modules/runtime/isula/isula_rt_ops.c
index 3950ff4a..fbb779f7 100644
--- a/src/daemon/modules/runtime/isula/isula_rt_ops.c
+++ b/src/daemon/modules/runtime/isula/isula_rt_ops.c
@@ -57,7 +57,7 @@
#define SHIM_BINARY "isulad-shim"
#define RESIZE_FIFO_NAME "resize_fifo"
-#define ATTACH_SOCKET "attach_socket.sock"
+#define ATTACH_SOCKET "attach.sock"
#define SHIM_LOG_SIZE ((BUFSIZ - 100) / 2)
#define RESIZE_DATA_SIZE 100
#define PID_WAIT_TIME 120
--
2.42.0

110
0049-2298-bugfix-for-hook_ignore_poststart_error-run-in-o.patch Normal file
View File

@ -0,0 +1,110 @@
From 94122c5752936b4f5db14521cdd0f39a3dec6851 Mon Sep 17 00:00:00 2001
From: zhongtao <zhongtao17@huawei.com>
Date: Thu, 7 Dec 2023 03:32:15 +0000
Subject: [PATCH 49/64] !2298 bugfix for hook_ignore_poststart_error run in oci
runtime * bugfix for hook_ignore_poststart_error run in oci runtime
---
.../hook_ignore_poststart_error.sh | 70 +++++++++++++------
1 file changed, 50 insertions(+), 20 deletions(-)
diff --git a/CI/test_cases/container_cases/hook_ignore_poststart_error.sh b/CI/test_cases/container_cases/hook_ignore_poststart_error.sh
index 8c636f7e..38b6f021 100755
--- a/CI/test_cases/container_cases/hook_ignore_poststart_error.sh
+++ b/CI/test_cases/container_cases/hook_ignore_poststart_error.sh
@@ -24,6 +24,48 @@ source ../helpers.sh
test_data_path=$(realpath $curr_path/test_data)
+# $1 hook process
+# $2 container id
+# $3 expect container status
+# $4 process statement
+function test_kill_hook()
+{
+ for a in `seq 20`
+ do
+ bpid=`ps aux | grep "$1" | grep -v grep | awk '{print $2}'`
+ if [ "x" != "x$bpid" ];then
+ kill -9 $bpid
+ break
+ else
+ sleep .5
+ continue
+ fi
+ done
+
+ if [ "x" != "x$4" ];then
+ for a in `seq 20`
+ do
+ bpid=`ps aux | grep "$4" | grep -v grep | awk '{print $2}'`
+ if [ "x" != "x$bpid" ];then
+ kill -9 $bpid
+ break
+ else
+ sleep .5
+ continue
+ fi
+ done
+ fi
+
+ status=`isula inspect -f '{{json .State.Status}}' $2`
+ if [ "$status" == "$3" ];then
+ echo "get right status"
+ return 0
+ else
+ echo "expect $2 $3, but get $status"
+ return 1
+ fi
+}
+
function test_hook_ignore_poststart_error_spec()
{
local ret=0
@@ -42,27 +84,15 @@ function test_hook_ignore_poststart_error_spec()
[[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - missing list image: ${image}" && ((ret++))
isula run -n $CONT -itd --runtime $runtime --hook-spec ${test_data_path}/oci_hook_poststart_check.json ${image} &
-
- for a in `seq 20`
- do
- bpid=`ps aux | grep "poststart.sh" | grep -v grep | awk '{print $2}'`
- if [ "x" != "x$bpid" ];then
- kill -9 $bpid
- break
- else
- sleep .5
- continue
- fi
- done
-
- status=`isula inspect -f '{{json .State.Status}}' $CONT`
- if [ "$status" == "\"running\"" ];then
- echo "get right status"
+
+ # when runc container run poststart hook, the process structure is different from lxc
+ if [ $runtime == "lcr" ]; then
+ test_kill_hook "poststart.sh" $CONT \"running\"
else
- echo "expect $CONT running, but get $status"
- ret++
+ test_kill_hook "poststart.sh" $CONT \"exited\" "sleep 300"
fi
-
+ [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - failed to test kill hook: ${image}" && ((ret++))
+
isula stop -t 0 ${CONT}
[[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - failed to stop ${CONT}" && ((ret++))
@@ -77,7 +107,7 @@ declare -i ans=0
for element in ${RUNTIME_LIST[@]};
do
- test_hook_ignore_poststart_error_spec $1 || ((ans++))
+ test_hook_ignore_poststart_error_spec $element || ((ans++))
done
show_result ${ans} "${curr_path}/${0}"
--
2.42.0

28
0050-2304-remove-build-and-test-in-coverage.patch Normal file
View File

@ -0,0 +1,28 @@
From c2e9919ec8612d6e811644ec8aacf53cec0c4f20 Mon Sep 17 00:00:00 2001
From: jake <jikai11@huawei.com>
Date: Tue, 12 Dec 2023 08:55:30 +0000
Subject: [PATCH 50/64] !2304 remove build and test in coverage * remove build
and test in coverage
---
CI/generate_gcov.sh | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/CI/generate_gcov.sh b/CI/generate_gcov.sh
index 153c9f5a..76bf382b 100755
--- a/CI/generate_gcov.sh
+++ b/CI/generate_gcov.sh
@@ -31,8 +31,8 @@ ctest
lcov --directory . --capture --output-file coverage.info --rc lcov_branch_coverage=1
# Remove std/build files
lcov --remove coverage.info '/usr/*' -o coverage.info --rc lcov_branch_coverage=1
-lcov --remove coverage.info 'build/*' -o coverage.info --rc lcov_branch_coverage=1
-lcov --remove coverage.info 'test/*' -o coverage.info --rc lcov_branch_coverage=1
+lcov --remove coverage.info "$ISULAD_SRC_PATH/build/*" -o coverage.info --rc lcov_branch_coverage=1
+lcov --remove coverage.info "$ISULAD_SRC_PATH/test/*" -o coverage.info --rc lcov_branch_coverage=1
# Generate html
genhtml --ignore-errors source -o $GCOV_RESULT_PATH/coverage coverage.info --branch-coverage --rc lcov_branch_coverage=1
--
2.42.0

197
0051-2303-use-a-timeout-epoll-loop-to-ensure-complete-dat.patch Normal file
View File

@ -0,0 +1,197 @@
From 7d1b8d25468528a59318430d50d839032f2c1a07 Mon Sep 17 00:00:00 2001
From: zhongtao <zhongtao17@huawei.com>
Date: Tue, 12 Dec 2023 12:26:32 +0000
Subject: [PATCH 51/64] !2303 use a timeout epoll loop to ensure complete data
reception * use a timeout epoll loop to ensure complete data reception
---
src/cmd/isulad-shim/process.c | 105 +++++++++-------------------------
src/cmd/isulad-shim/process.h | 1 -
2 files changed, 26 insertions(+), 80 deletions(-)
diff --git a/src/cmd/isulad-shim/process.c b/src/cmd/isulad-shim/process.c
index e8cb9b32..97524f1a 100644
--- a/src/cmd/isulad-shim/process.c
+++ b/src/cmd/isulad-shim/process.c
@@ -169,6 +169,7 @@ static int get_exec_winsize(const char *buf, struct winsize *wsize)
static int sync_exit_cb(int fd, uint32_t events, void *cbdata, isula_epoll_descr_t *descr)
{
+ isula_epoll_remove_handler(descr, fd);
return EPOLL_LOOP_HANDLE_CLOSE;
}
@@ -364,23 +365,14 @@ static int stdout_cb(int fd, uint32_t events, void *cbdata, isula_epoll_descr_t
int r_count = 0;
int w_count = 0;
- if (events & EPOLLHUP) {
- return EPOLL_LOOP_HANDLE_CLOSE;
- }
-
- if (!(events & EPOLLIN)) {
- return EPOLL_LOOP_HANDLE_CONTINUE;
- }
-
(void)memset(p->buf, 0, DEFAULT_IO_COPY_BUF);
- if (p->block_read) {
- r_count = isula_file_read_nointr(fd, p->buf, DEFAULT_IO_COPY_BUF);
- } else {
- r_count = read(fd, p->buf, DEFAULT_IO_COPY_BUF);
- }
- if (r_count <= 0) {
- return EPOLL_LOOP_HANDLE_CLOSE;
+ r_count = isula_file_read_nointr(fd, p->buf, DEFAULT_IO_COPY_BUF);
+ if (r_count <= 0 ) {
+ isula_epoll_remove_handler(descr, fd);
+ // fd cannot be closed here, which will cause the container process to exit abnormally
+ // due to terminal fd receiving the sighup signal.
+ return EPOLL_LOOP_HANDLE_CONTINUE;
}
shim_write_container_log_file(p->terminal, STDID_OUT, p->buf, r_count);
@@ -419,23 +411,14 @@ static int stderr_cb(int fd, uint32_t events, void *cbdata, isula_epoll_descr_t
int r_count = 0;
int w_count = 0;
- if (events & EPOLLHUP) {
- return EPOLL_LOOP_HANDLE_CLOSE;
- }
-
- if (!(events & EPOLLIN)) {
- return EPOLL_LOOP_HANDLE_CONTINUE;
- }
-
(void)memset(p->buf, 0, DEFAULT_IO_COPY_BUF);
- if (p->block_read) {
- r_count = isula_file_read_nointr(fd, p->buf, DEFAULT_IO_COPY_BUF);
- } else {
- r_count = read(fd, p->buf, DEFAULT_IO_COPY_BUF);
- }
- if (r_count <= 0) {
- return EPOLL_LOOP_HANDLE_CLOSE;
+ r_count = isula_file_read_nointr(fd, p->buf, DEFAULT_IO_COPY_BUF);
+ if (r_count <= 0 ) {
+ isula_epoll_remove_handler(descr, fd);
+ // fd cannot be closed here, which will cause the container process to exit abnormally
+ // due to terminal fd receiving the sighup signal.
+ return EPOLL_LOOP_HANDLE_CONTINUE;
}
shim_write_container_log_file(p->terminal, STDID_ERR, p->buf, r_count);
@@ -474,18 +457,11 @@ static int resize_cb(int fd, uint32_t events, void *cbdata, isula_epoll_descr_t
int r_count = 0;
int resize_fd = -1;
- if (events & EPOLLHUP) {
- return EPOLL_LOOP_HANDLE_CLOSE;
- }
-
- if (!(events & EPOLLIN)) {
- return EPOLL_LOOP_HANDLE_CONTINUE;
- }
-
(void)memset(p->buf, 0, DEFAULT_IO_COPY_BUF);
r_count = isula_file_read_nointr(fd, p->buf, DEFAULT_IO_COPY_BUF);
if (r_count <= 0) {
- return EPOLL_LOOP_HANDLE_CLOSE;
+ close(fd);
+ return EPOLL_LOOP_HANDLE_CONTINUE;
}
resize_fd = p->recv_fd;
@@ -915,8 +891,6 @@ static int open_generic_io(process_t *p, isula_epoll_descr_t *descr)
static void *io_epoll_loop(void *data)
{
int ret = 0;
- int fd_out = -1;
- int fd_err = -1;
process_t *p = (process_t *)data;
isula_epoll_descr_t descr;
@@ -953,49 +927,23 @@ static void *io_epoll_loop(void *data)
(void)sem_post(&p->sem_mainloop);
+ // th frist epoll_loop will exit in the following scenarios:
+ // 1. Receive sync fd event
+ // 2. stdin fd receive EPOLLHUP event
+ // 3. stdin fd read failed
ret = isula_epoll_loop(&descr, -1);
if (ret != 0) {
write_message(ERR_MSG, "epoll loop failed");
exit(EXIT_FAILURE);
}
- // in order to avoid data loss, set fd non-block and read it
- p->block_read = false;
- if (p->state->terminal) {
- fd_out = p->recv_fd;
- } else {
- fd_out = p->shim_io->out;
- fd_err = p->shim_io->err;
- }
-
- if (fd_out > 0) {
- ret = isula_set_non_block(fd_out);
- if (ret != SHIM_OK) {
- write_message(ERR_MSG, "set fd %d non_block failed:%d", fd_out, SHIM_SYS_ERR(errno));
- exit(EXIT_FAILURE);
- }
-
- for (;;) {
- ret = stdout_cb(fd_out, EPOLLIN, p, &descr);
- if (ret == EPOLL_LOOP_HANDLE_CLOSE) {
- break;
- }
- }
- }
-
- if (fd_err > 0) {
- ret = isula_set_non_block(fd_err);
- if (ret != SHIM_OK) {
- write_message(ERR_MSG, "set fd %d non_block failed:%d", fd_err, SHIM_SYS_ERR(errno));
- exit(EXIT_FAILURE);
- }
-
- for (;;) {
- ret = stderr_cb(fd_err, EPOLLIN, p, &descr);
- if (ret == EPOLL_LOOP_HANDLE_CLOSE) {
- break;
- }
- }
+ // use a timeout epoll loop to ensure complete data reception
+ // th second epoll_loop will exit in the following scenarios:
+ // 1. both stdout fd and stderr fd failed to read
+ // 2. no event received within 100 milliseconds
+ ret = isula_epoll_loop(&descr, 100);
+ if (ret != 0) {
+ write_message(ERR_MSG, "Repeat the epoll loop to ensure that all data is transferred");
}
return NULL;
@@ -1220,7 +1168,6 @@ process_t *new_process(char *id, char *bundle, char *runtime)
p->bundle = bundle;
p->runtime = runtime;
p->state = p_state;
- p->block_read = true;
p->console_sock_path = NULL;
p->exit_fd = -1;
p->io_loop_fd = -1;
diff --git a/src/cmd/isulad-shim/process.h b/src/cmd/isulad-shim/process.h
index 5607316c..32ba7366 100644
--- a/src/cmd/isulad-shim/process.h
+++ b/src/cmd/isulad-shim/process.h
@@ -55,7 +55,6 @@ typedef struct process {
int sync_fd;
int listen_fd;
int recv_fd;
- bool block_read;
log_terminal *terminal;
stdio_t *stdio; // shim to on runtime side, in:r out/err: w
stdio_t *shim_io; // shim io on isulad side, in: w out/err: r
--
2.42.0

170
0052-modify-the-default-value-of-ISULAD_TMPDIR-to-var-lib.patch Normal file
View File

@ -0,0 +1,170 @@
From 06d42781cbfc3d9baa7155b480e22b9f4164ab91 Mon Sep 17 00:00:00 2001
From: zhongtao <zhongtao17@huawei.com>
Date: Tue, 12 Dec 2023 20:24:57 +0800
Subject: [PATCH 52/64] modify the default value of ISULAD_TMPDIR to
/var/lib/isulad
Signed-off-by: zhongtao <zhongtao17@huawei.com>
---
src/cmd/isulad/main.c | 13 +++++++------
src/common/constants.h | 2 ++
src/contrib/config/iSulad.sysconfig | 4 ++--
.../modules/container/leftover_cleanup/cleanup.c | 6 +++---
src/daemon/modules/image/oci/utils_images.c | 2 +-
src/utils/cutils/utils_verify.c | 5 +++++
src/utils/cutils/utils_verify.h | 2 ++
src/utils/tar/util_archive.c | 9 +++++----
8 files changed, 27 insertions(+), 16 deletions(-)
diff --git a/src/cmd/isulad/main.c b/src/cmd/isulad/main.c
index 95454e2a..d33e4004 100644
--- a/src/cmd/isulad/main.c
+++ b/src/cmd/isulad/main.c
@@ -1295,8 +1295,8 @@ static int ensure_isulad_tmpdir_security()
char *isulad_tmp_dir = NULL;
isulad_tmp_dir = getenv("ISULAD_TMPDIR");
- if (!util_valid_str(isulad_tmp_dir)) {
- isulad_tmp_dir = "/tmp";
+ if (!util_valid_isulad_tmpdir(isulad_tmp_dir)) {
+ isulad_tmp_dir = DEFAULT_ISULAD_TMPDIR;
}
if (do_ensure_isulad_tmpdir_security(isulad_tmp_dir) != 0) {
@@ -1304,14 +1304,15 @@ static int ensure_isulad_tmpdir_security()
return -1;
}
- if (strcmp(isulad_tmp_dir, "/tmp") == 0) {
+ if (strcmp(isulad_tmp_dir, DEFAULT_ISULAD_TMPDIR) == 0) {
return 0;
}
// No matter whether ISULAD_TMPDIR is set or not,
- // ensure the "/tmp" directory is a safe directory
- if (do_ensure_isulad_tmpdir_security("/tmp") != 0) {
- WARN("Failed to ensure the /tmp directory is a safe directory");
+ // ensure the DEFAULT_ISULAD_TMPDIR directory is a safe directory
+ // TODO: if isula is no longer tarred in the future, we can delete it.
+ if (do_ensure_isulad_tmpdir_security(DEFAULT_ISULAD_TMPDIR) != 0) {
+ WARN("Failed to ensure the default ISULAD_TMPDIR : %s directory is a safe directory", DEFAULT_ISULAD_TMPDIR);
}
return 0;
diff --git a/src/common/constants.h b/src/common/constants.h
index 5f12ae25..27d4956e 100644
--- a/src/common/constants.h
+++ b/src/common/constants.h
@@ -129,6 +129,8 @@ extern "C" {
#define OCI_IMAGE_GRAPH_ROOTPATH_NAME "storage"
+#define DEFAULT_ISULAD_TMPDIR "/var/lib/isulad"
+
#ifdef ENABLE_GRPC_REMOTE_CONNECT
#define DEFAULT_TCP_HOST "tcp://localhost:2375"
#define DEFAULT_TLS_HOST "tcp://localhost:2376"
diff --git a/src/contrib/config/iSulad.sysconfig b/src/contrib/config/iSulad.sysconfig
index 43ba7cbd..25099480 100644
--- a/src/contrib/config/iSulad.sysconfig
+++ b/src/contrib/config/iSulad.sysconfig
@@ -22,5 +22,5 @@
#SYSMONITOR_OPTIONS='-H tcp://127.0.0.1:2375 --tlsverify --tlscacert=/root/.iSulad/ca.pem --tlscert=/root/.iSulad/cert.pem --tlskey=/root/.iSulad/key.pem'
# Location used for temporary files, such as those created by isula load and pull operations.
-# Default is /var/tmp. Can be overridden by setting the following env variable.
-# ISULAD_TMPDIR=/var/tmp
+# Default is /var/lib/isulad. Can be overridden by setting the following env variable.
+# ISULAD_TMPDIR=/var/lib/isulad
diff --git a/src/daemon/modules/container/leftover_cleanup/cleanup.c b/src/daemon/modules/container/leftover_cleanup/cleanup.c
index 9a38ffc2..af5f0eee 100644
--- a/src/daemon/modules/container/leftover_cleanup/cleanup.c
+++ b/src/daemon/modules/container/leftover_cleanup/cleanup.c
@@ -203,12 +203,12 @@ void do_isulad_tmpdir_cleaner(void)
char *isula_tmp_dir = NULL;
isula_tmp_dir = getenv("ISULAD_TMPDIR");
- if (util_valid_str(isula_tmp_dir)) {
+ if (util_valid_isulad_tmpdir(isula_tmp_dir)) {
cleanup_path(isula_tmp_dir);
}
// No matter whether ISULAD_TMPDIR is set or not,
- // clean up the "/tmp" directory to prevent the mount point from remaining
- cleanup_path("/tmp");
+ // clean up the DEFAULT_ISULAD_TMPDIR directory to prevent the mount point from remaining
+ cleanup_path(DEFAULT_ISULAD_TMPDIR);
return;
}
diff --git a/src/daemon/modules/image/oci/utils_images.c b/src/daemon/modules/image/oci/utils_images.c
index f92ee59a..d94388bd 100644
--- a/src/daemon/modules/image/oci/utils_images.c
+++ b/src/daemon/modules/image/oci/utils_images.c
@@ -595,7 +595,7 @@ char *oci_get_isulad_tmpdir(const char *root_dir)
}
env_dir = getenv("ISULAD_TMPDIR");
- if (util_valid_str(env_dir)) {
+ if (util_valid_isulad_tmpdir(env_dir)) {
isulad_tmpdir = util_path_join(env_dir, "isulad_tmpdir");
} else {
isulad_tmpdir = util_path_join(root_dir, "isulad_tmpdir");
diff --git a/src/utils/cutils/utils_verify.c b/src/utils/cutils/utils_verify.c
index f4ce3199..7f2db48b 100644
--- a/src/utils/cutils/utils_verify.c
+++ b/src/utils/cutils/utils_verify.c
@@ -744,6 +744,11 @@ bool util_valid_volume_name(const char *name)
return util_reg_match(patten, name) == 0;
}
+bool util_valid_isulad_tmpdir(const char *dir)
+{
+ return util_valid_str(dir) && strcmp(dir, "/tmp") != 0;
+}
+
#ifdef ENABLE_IMAGE_SEARCH
bool util_valid_search_name(const char *name)
{
diff --git a/src/utils/cutils/utils_verify.h b/src/utils/cutils/utils_verify.h
index 54d1ce71..bafd2a82 100644
--- a/src/utils/cutils/utils_verify.h
+++ b/src/utils/cutils/utils_verify.h
@@ -124,6 +124,8 @@ bool util_valid_sysctl(const char *sysctl_key);
bool util_valid_volume_name(const char *name);
+bool util_valid_isulad_tmpdir(const char *dir);
+
#ifdef ENABLE_IMAGE_SEARCH
bool util_valid_search_name(const char *name);
#endif
diff --git a/src/utils/tar/util_archive.c b/src/utils/tar/util_archive.c
index 82e940a5..e8fad391 100644
--- a/src/utils/tar/util_archive.c
+++ b/src/utils/tar/util_archive.c
@@ -134,7 +134,7 @@ static void do_disable_unneccessary_caps()
// Add flock when bind mount and make it private.
// Because bind mount usually makes safedir shared mount point,
// and sometimes it will cause "mount point explosion".
-// E.g. concurrently execute isula cp /tmp/<XXX-File> <CONTAINER-ID>:<CONTAINER-PAT>
+// E.g. concurrently execute isula cp DEFAULT_ISULAD_TMPDIR/<XXX-File> <CONTAINER-ID>:<CONTAINER-PAT>
static int bind_mount_with_flock(const char *flock_path, const char *dstdir, const char *tmp_dir)
{
__isula_auto_close int fd = -1;
@@ -192,9 +192,10 @@ static int make_safedir_is_noexec(const char *flock_path, const char *dstdir, ch
int nret;
isulad_tmpdir_env = getenv("ISULAD_TMPDIR");
- if (!util_valid_str(isulad_tmpdir_env)) {
- // if not setted isulad tmpdir, just use /tmp
- isulad_tmpdir_env = "/tmp";
+ if (!util_valid_isulad_tmpdir(isulad_tmpdir_env)) {
+ INFO("if not setted isulad tmpdir or setted unvalid dir, use DEFAULT_ISULAD_TMPDIR");
+ // if not setted isulad tmpdir, just use DEFAULT_ISULAD_TMPDIR
+ isulad_tmpdir_env = DEFAULT_ISULAD_TMPDIR;
}
nret = snprintf(isula_tmpdir, PATH_MAX, "%s/isulad_tmpdir", isulad_tmpdir_env);
--
2.42.0

58
0053-prevent-the-parent-dir-from-being-bind-mounted-to-th.patch Normal file
View File

@ -0,0 +1,58 @@
From 05117ed2887ee1535978170cd06596ee015951f4 Mon Sep 17 00:00:00 2001
From: zhongtao <zhongtao17@huawei.com>
Date: Tue, 12 Dec 2023 20:26:30 +0800
Subject: [PATCH 53/64] prevent the parent dir from being bind mounted to the
subdir
Signed-off-by: zhongtao <zhongtao17@huawei.com>
---
src/utils/tar/util_archive.c | 26 ++++++++++++++++++++++++++
1 file changed, 26 insertions(+)
diff --git a/src/utils/tar/util_archive.c b/src/utils/tar/util_archive.c
index e8fad391..29c2bc03 100644
--- a/src/utils/tar/util_archive.c
+++ b/src/utils/tar/util_archive.c
@@ -182,6 +182,26 @@ unlock_out:
return ret;
}
+static int is_parent_directory(const char *parent_path, const char *child_path)
+{
+ size_t parent_len = strlen(parent_path);
+ size_t child_len = strlen(child_path);
+
+ if (parent_len == 0 || child_len == 0 || parent_len >= child_len) {
+ return -1;
+ }
+
+ if (strncmp(parent_path, child_path, parent_len) != 0) {
+ return -1;
+ }
+
+ if (child_path[parent_len] != '/') {
+ return -1;
+ }
+
+ return 0;
+}
+
static int make_safedir_is_noexec(const char *flock_path, const char *dstdir, char **safe_dir)
{
struct stat buf;
@@ -235,6 +255,12 @@ static int make_safedir_is_noexec(const char *flock_path, const char *dstdir, ch
return -1;
}
+ // prevent the parent directory from being bind mounted to the subdirectory
+ if (is_parent_directory(dstdir, tmp_dir) == 0) {
+ ERROR("Cannot bind mount the parent directory: %s to its subdirectory: %s", dstdir, tmp_dir);
+ return -1;
+ }
+
if (bind_mount_with_flock(flock_path, dstdir, tmp_dir) != 0) {
ERROR("Failed to bind mount from %s to %s with flock", dstdir, tmp_dir);
if (util_path_remove(tmp_dir) != 0) {
--
2.42.0

25
0054-2308-Remove-unused-header-file.patch Normal file
View File

@ -0,0 +1,25 @@
From 93071602df77cc3b5508266b181f1ace947bd3be Mon Sep 17 00:00:00 2001
From: xuxuepeng <xuxuepeng1@huawei.com>
Date: Wed, 13 Dec 2023 02:34:20 +0000
Subject: [PATCH 54/64] !2308 Remove unused header file * Fix compiling failure
in image oci UT
---
src/daemon/config/isulad_config.c | 1 -
1 file changed, 1 deletion(-)
diff --git a/src/daemon/config/isulad_config.c b/src/daemon/config/isulad_config.c
index 1af47127..51758adb 100644
--- a/src/daemon/config/isulad_config.c
+++ b/src/daemon/config/isulad_config.c
@@ -32,7 +32,6 @@
#include "constants.h"
#include "utils.h"
-#include "sysinfo.h"
#include "err_msg.h"
#include "daemon_arguments.h"
#include "utils_array.h"
--
2.42.0

43
0055-verify-the-mount-dir-first-and-then-create-tmpdir.patch Normal file
View File

@ -0,0 +1,43 @@
From 3d38013418d0c5304dfbafcb0b2a5b4062964c53 Mon Sep 17 00:00:00 2001
From: zhongtao <zhongtao17@huawei.com>
Date: Wed, 13 Dec 2023 15:13:12 +0800
Subject: [PATCH 55/64] verify the mount dir first and then create tmpdir
Signed-off-by: zhongtao <zhongtao17@huawei.com>
---
src/utils/tar/util_archive.c | 12 ++++++------
1 file changed, 6 insertions(+), 6 deletions(-)
diff --git a/src/utils/tar/util_archive.c b/src/utils/tar/util_archive.c
index 29c2bc03..655b3516 100644
--- a/src/utils/tar/util_archive.c
+++ b/src/utils/tar/util_archive.c
@@ -235,6 +235,12 @@ static int make_safedir_is_noexec(const char *flock_path, const char *dstdir, ch
return -1;
}
+ // prevent the parent directory from being bind mounted to the subdirectory
+ if (is_parent_directory(dstdir, tmp_dir) == 0) {
+ ERROR("Cannot bind mount the parent directory: %s to its subdirectory: %s", dstdir, tmp_dir);
+ return -1;
+ }
+
if (stat(dstdir, &buf) < 0) {
SYSERROR("Check chroot dir failed");
return -1;
@@ -255,12 +261,6 @@ static int make_safedir_is_noexec(const char *flock_path, const char *dstdir, ch
return -1;
}
- // prevent the parent directory from being bind mounted to the subdirectory
- if (is_parent_directory(dstdir, tmp_dir) == 0) {
- ERROR("Cannot bind mount the parent directory: %s to its subdirectory: %s", dstdir, tmp_dir);
- return -1;
- }
-
if (bind_mount_with_flock(flock_path, dstdir, tmp_dir) != 0) {
ERROR("Failed to bind mount from %s to %s with flock", dstdir, tmp_dir);
if (util_path_remove(tmp_dir) != 0) {
--
2.42.0

26
0056-2300-Maintaining-a-uniform-code-style.patch Normal file
View File

@ -0,0 +1,26 @@
From 2f36e5cae2414804040b6168b79011550281d8d7 Mon Sep 17 00:00:00 2001
From: chen524 <chenkui_yewu@cmss.chinamobile.com>
Date: Wed, 13 Dec 2023 08:02:20 +0000
Subject: [PATCH 56/64] !2300 Maintaining a uniform code style * update
src/cmd/command_parser.c.
---
src/cmd/command_parser.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/cmd/command_parser.c b/src/cmd/command_parser.c
index 1ad1d92b..93b19dae 100644
--- a/src/cmd/command_parser.c
+++ b/src/cmd/command_parser.c
@@ -438,7 +438,7 @@ int command_valid_socket_append_array(command_option_t *option, const char *arg)
}
if (util_array_append(option->data, arg) != 0) {
- ERROR("merge hosts config failed");
+ COMMAND_ERROR("Merge hosts config failed");
return -1;
}
len++;
--
2.42.0

36
0057-2312-Add-Huawei-Cloud-CodeArts-compilation-script.patch Normal file
View File

@ -0,0 +1,36 @@
From 5efff4c61ed885ce45d62e33e2e97a78519fefe8 Mon Sep 17 00:00:00 2001
From: dreamloy <3038807110@qq.com>
Date: Wed, 13 Dec 2023 08:39:04 +0000
Subject: [PATCH 57/64] =?UTF-8?q?!2312=20Add=20Huawei=20Cloud=20CodeArts?=
=?UTF-8?q?=20compilation=20script=20*=20=E5=B0=86codecheck=5Fcompile.sh?=
=?UTF-8?q?=20=E7=A7=BB=E5=8A=A8=E5=88=B0tools=E4=B8=8B=20*=20=E6=96=B0?=
=?UTF-8?q?=E5=A2=9E=E5=8D=8E=E4=B8=BA=E4=BA=91codeArs=E7=BC=96=E8=AF=91?=
=?UTF-8?q?=E8=84=9A=E6=9C=AC?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
---
tools/codecheck_compile.sh | 9 +++++++++
1 file changed, 9 insertions(+)
create mode 100644 tools/codecheck_compile.sh
diff --git a/tools/codecheck_compile.sh b/tools/codecheck_compile.sh
new file mode 100644
index 00000000..99cadfe7
--- /dev/null
+++ b/tools/codecheck_compile.sh
@@ -0,0 +1,9 @@
+## 华为云codeArts执行版本检查时规则集涉及到代码安全增强包需要编译脚本才能执行
+BASEPATH=$( cd -- "$( dirname -- "${BASH_SOURCE[0]:-$0}" )" &> /dev/null && pwd )
+ROOTDIR="$BASEPATH"
+PROGRAM=$(basename "${BASH_SOURCE[0]:-$0}")
+whoami
+ls
+cd docs/build_docs/guide/script
+chmod +x ./install_iSulad_on_Ubuntu_20_04_LTS.sh
+./install_iSulad_on_Ubuntu_20_04_LTS.sh
\ No newline at end of file
--
2.42.0

26
0058-bugfix-del-redundant-code.patch Normal file
View File

@ -0,0 +1,26 @@
From a593232e7f34de03142388fddecbea8f3b617245 Mon Sep 17 00:00:00 2001
From: liuxu <liuxu156@huawei.com>
Date: Wed, 13 Dec 2023 17:06:37 +0800
Subject: [PATCH 58/64] bugfix:del redundant code
---
src/daemon/modules/image/image.c | 3 ---
1 file changed, 3 deletions(-)
diff --git a/src/daemon/modules/image/image.c b/src/daemon/modules/image/image.c
index 4a1950fe..f01265bf 100644
--- a/src/daemon/modules/image/image.c
+++ b/src/daemon/modules/image/image.c
@@ -602,9 +602,6 @@ void free_im_prepare_request(im_prepare_request *request)
free(request->mount_label);
request->mount_label = NULL;
- free(request->mount_label);
- request->mount_label = NULL;
-
free_json_map_string_string(request->storage_opt);
request->storage_opt = NULL;
--
2.42.0

71
0059-improve-code-of-pull.patch Normal file
View File

@ -0,0 +1,71 @@
From e47abc01c8778cc07c11a331ae31ce46b6fd06a0 Mon Sep 17 00:00:00 2001
From: haozi007 <liuhao27@huawei.com>
Date: Thu, 14 Dec 2023 10:59:34 +0800
Subject: [PATCH 59/64] improve code of pull
1. ignore unneccessary error log;
2. do not show progress, if stdout is not tty;
Signed-off-by: haozi007 <liuhao27@huawei.com>
---
src/cmd/isula/images/pull.c | 6 ++++++
.../modules/image/oci/storage/image_store/image_type.c | 8 ++++++++
.../layer_store/graphdriver/overlay2/driver_overlay2.c | 5 +++++
3 files changed, 19 insertions(+)
diff --git a/src/cmd/isula/images/pull.c b/src/cmd/isula/images/pull.c
index 9d420778..b30cc0bd 100644
--- a/src/cmd/isula/images/pull.c
+++ b/src/cmd/isula/images/pull.c
@@ -36,6 +36,12 @@ struct client_arguments g_cmd_pull_args = {};
static bool is_terminal_show_supported()
{
#ifdef GRPC_CONNECTOR
+ // if stdout is not tty, just ingore progress
+ if (!isatty(STDOUT_FILENO)) {
+ WARN("Stdout is not tty device, just ignore progress.");
+ return false;
+ }
+
// Initialize the terminfo database
setupterm(NULL, STDOUT_FILENO, (int *)0);
diff --git a/src/daemon/modules/image/oci/storage/image_store/image_type.c b/src/daemon/modules/image/oci/storage/image_store/image_type.c
index 50af0a69..50a81db2 100644
--- a/src/daemon/modules/image/oci/storage/image_store/image_type.c
+++ b/src/daemon/modules/image/oci/storage/image_store/image_type.c
@@ -77,6 +77,14 @@ int try_fill_image_spec(image_t *img, const char *id, const char *image_store_di
goto out;
}
+ // for new_image(), first try will failed because config file not exist
+ // and image_store_set_big_data() will retry this function
+ if (!util_file_exists(config_file)) {
+ WARN("Oci image spec: %s not found.", config_file);
+ ret = -1;
+ goto out;
+ }
+
img->spec = oci_image_spec_parse_file(config_file, NULL, &err);
if (img->spec == NULL) {
ERROR("Failed to parse oci image spec: %s", err);
diff --git a/src/daemon/modules/image/oci/storage/layer_store/graphdriver/overlay2/driver_overlay2.c b/src/daemon/modules/image/oci/storage/layer_store/graphdriver/overlay2/driver_overlay2.c
index 3bc433ae..3d814954 100644
--- a/src/daemon/modules/image/oci/storage/layer_store/graphdriver/overlay2/driver_overlay2.c
+++ b/src/daemon/modules/image/oci/storage/layer_store/graphdriver/overlay2/driver_overlay2.c
@@ -1133,7 +1133,12 @@ static char *read_layer_lower_file(const char *layer_dir)
goto out;
}
+ // lowest layer do not have lower file
+ if (!util_file_exists(lower_file)) {
+ goto out;
+ }
lower = util_read_text_file(lower_file);
+
out:
free(lower_file);
return lower;
--
2.42.0

30
0060-remove-var-in-coverage-and-fix-build-test-remove.patch Normal file
View File

@ -0,0 +1,30 @@
From f1fa4c7bdc2c67a4ef9c476ba9e0e2de6b589bc5 Mon Sep 17 00:00:00 2001
From: jikai <jikai11@huawei.com>
Date: Thu, 14 Dec 2023 10:49:26 +0800
Subject: [PATCH 60/64] remove /var/* in coverage and fix build/test remove
Signed-off-by: jikai <jikai11@huawei.com>
---
CI/generate_gcov.sh | 6 ++----
1 file changed, 2 insertions(+), 4 deletions(-)
diff --git a/CI/generate_gcov.sh b/CI/generate_gcov.sh
index 76bf382b..7518c5c1 100755
--- a/CI/generate_gcov.sh
+++ b/CI/generate_gcov.sh
@@ -29,10 +29,8 @@ cp -r ~/build $ISULAD_COPY_PATH
cd $ISULAD_COPY_PATH/build
ctest
lcov --directory . --capture --output-file coverage.info --rc lcov_branch_coverage=1
-# Remove std/build files
-lcov --remove coverage.info '/usr/*' -o coverage.info --rc lcov_branch_coverage=1
-lcov --remove coverage.info "$ISULAD_SRC_PATH/build/*" -o coverage.info --rc lcov_branch_coverage=1
-lcov --remove coverage.info "$ISULAD_SRC_PATH/test/*" -o coverage.info --rc lcov_branch_coverage=1
+# extract src only files
+lcov --extract coverage.info '*/iSulad/src/*' -o coverage.info --rc lcov_branch_coverage=1
# Generate html
genhtml --ignore-errors source -o $GCOV_RESULT_PATH/coverage coverage.info --branch-coverage --rc lcov_branch_coverage=1
--
2.42.0

165
0061-2320-improve-CI-test.patch Normal file
View File

@ -0,0 +1,165 @@
From 712d82656ac9bafda7d29be70e7dbcd761a01f98 Mon Sep 17 00:00:00 2001
From: zhongtao <zhongtao17@huawei.com>
Date: Sun, 17 Dec 2023 05:58:56 +0000
Subject: [PATCH 61/64] !2320 improve CI test * improve CI test
---
.../container_cases/restartpolicy.sh | 35 ++++++++++++++-----
CI/test_cases/image_cases/image_digest.sh | 10 +++---
CI/test_cases/image_cases/image_search.sh | 26 ++------------
3 files changed, 35 insertions(+), 36 deletions(-)
diff --git a/CI/test_cases/container_cases/restartpolicy.sh b/CI/test_cases/container_cases/restartpolicy.sh
index 11c3608f..0ab09636 100755
--- a/CI/test_cases/container_cases/restartpolicy.sh
+++ b/CI/test_cases/container_cases/restartpolicy.sh
@@ -23,18 +23,37 @@ curr_path=$(dirname $(readlink -f "$0"))
data_path=$(realpath $curr_path/../data)
source ../helpers.sh
+# $1 : retry limit
+# $2 : retry_interval
+# $3 : container name
+# $4 : expect restart count
+function do_retry()
+{
+ for i in $(seq 1 "$1"); do
+ count=`isula inspect --format='{{json .RestartCount}}' ${3}`
+ if [ $count -eq $4 ]; then
+ return 0
+ fi
+ sleep $2
+ done
+ echo "expect $4, get $count"
+ return 1
+}
+
function do_test_on_failure()
{
+ local retry_limit=15
+ local retry_interval=1
containername=test_rp_on_failure
isula run --name $containername -td --restart on-failure:3 busybox /bin/sh -c "exit 2"
fn_check_eq "$?" "0" "run failed"
- sleep 8
- count=`isula inspect --format='{{json .RestartCount}}' $containername`
- if [[ $count != "3" ]];then
- echo "expect 3 but get $count"
+ do_retry ${retry_limit} ${retry_interval} ${containername} 3
+ if [[ $? -ne 0 ]];then
TC_RET_T=$(($TC_RET_T+1))
fi
+
+ isula stop -t 0 $containername
testcontainer $containername exited
isula rm $containername
@@ -43,14 +62,14 @@ function do_test_on_failure()
function do_test_unless_stopped()
{
+ local retry_limit=15
+ local retry_interval=1
containername=test_rp_unless_stopped
isula run --name $containername -td --restart unless-stopped busybox /bin/sh -c "exit 2"
fn_check_eq "$?" "0" "run failed"
- sleep 8
- count=`isula inspect --format='{{json .RestartCount}}' $containername`
- if [[ $count == "0" ]];then
- echo "expect not 0 but get $count"
+ do_retry ${retry_limit} ${retry_interval} ${containername} 0
+ if [[ $? -ne 0 ]];then
TC_RET_T=$(($TC_RET_T+1))
fi
diff --git a/CI/test_cases/image_cases/image_digest.sh b/CI/test_cases/image_cases/image_digest.sh
index e30f29f0..cc8b0e48 100755
--- a/CI/test_cases/image_cases/image_digest.sh
+++ b/CI/test_cases/image_cases/image_digest.sh
@@ -25,14 +25,14 @@ source ../helpers.sh
function test_image_with_digest()
{
local ret=0
- local image="busybox"
- local image2="ubuntu"
- local image_digest="busybox@sha256:5cd3db04b8be5773388576a83177aff4f40a03457a63855f4b9cbe30542b9a43"
+ local image="3laho3y3.mirror.aliyuncs.com/library/busybox"
+ local image2="3laho3y3.mirror.aliyuncs.com/library/ubuntu"
+ local image_digest="3laho3y3.mirror.aliyuncs.com/library/busybox@sha256:62ffc2ed7554e4c6d360bce40bbcf196573dd27c4ce080641a2c59867e732dee"
local test="pull && inspect && tag image with digest test => (${FUNCNAME[@]})"
msg_info "${test} starting..."
- isula pull docker.io/library/${image_digest}
+ isula pull ${image_digest}
[[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - failed to pull image: ${image}" && return ${FAILURE}
isula tag ${image_digest} ${image}:digest_test
@@ -71,7 +71,7 @@ function test_image_with_digest()
isula inspect -f '{{.image.repo_tags}}' ${image_digest} | grep "${image}:digest_test"
[[ $? -eq 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - image digest delete error: ${image_digest}" && ((ret++))
- isula pull docker.io/library/${image2}:latest
+ isula pull ${image2}:latest
[[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - failed to pull image: ${image2}" && return ${FAILURE}
digest=$(isula inspect "${image2}:latest" | grep "@sha256" | awk -F"\"" '{print $2}')
diff --git a/CI/test_cases/image_cases/image_search.sh b/CI/test_cases/image_cases/image_search.sh
index 1d281cb2..11af02f1 100755
--- a/CI/test_cases/image_cases/image_search.sh
+++ b/CI/test_cases/image_cases/image_search.sh
@@ -33,6 +33,7 @@ function test_image_search()
[[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - stop isulad failed" && return ${FAILURE}
msg_info "${test} starting..."
+ rm -rf /etc/isulad/daemon.bak
cp /etc/isulad/daemon.json /etc/isulad/daemon.bak
sed -i "/registry-mirrors/a\ \"docker.io\"," /etc/isulad/daemon.json
@@ -49,39 +50,18 @@ function test_image_search()
[[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - search ${invalid_image} should fail as it's search name is invalid" && return ${FAILURE}
# test search options
- isula search --no-trunc ${image}
- [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - failed to search images with no-trunc: ${image}" && ((ret++))
-
- isula search --limit 5 ${image}
- [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - failed to search images with limit: ${image}" && ((ret++))
+ isula search --no-trunc --limit 5 --filter stars=3 --filter is-official=true --filter is-automated=false --format "table {{.Name}}\t{{.IsOfficial}}" ${image}
+ [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - failed to search images with search options: ${image}" && ((ret++))
isula search --limit -1 ${image} 2>&1 | grep "Invalid value"
[[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - failed to search images with limit: ${image} and and catch error msg" && ((ret++))
- isula search --filter stars=3 ${image}
- [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - failed to search images with filter stars: ${image}" && ((ret++))
-
- isula search --filter is-official=true ${image}
- [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - failed to search images with filter is-official: ${image}" && ((ret++))
-
- isula search --filter is-automated=true ${image} 2>&1 | grep "AUTOMATED"
- [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - failed to search images with filter is-automated: ${image}" && ((ret++))
-
isula search --filter aa=true ${image} 2>&1 | grep "Invalid filter"
[[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - failed to set filter for search ${image} and catch error msg" && ((ret++))
- isula search ${image} 2>&1 | grep "NAME"
- [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - failed to search images with default table format: ${image}" && ((ret++))
-
- isula search --format "table {{.IsAutomated}}\t{{.IsOfficial}}" ${image} 2>&1 | grep "AUTOMATED"
- [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - failed to search images with table format: ${image}" && ((ret++))
-
isula search --format "{{Name}}" ${image} 2>&1 | grep "invalid format field"
[[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - failed to set format for search ${image} and catch error msg" && ((ret++))
- isula search --format "{{.Name}}" ${image} 2>&1
- [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - failed to search images with none-table format: ${image}" && ((ret++))
-
cp -f /etc/isulad/daemon.bak /etc/isulad/daemon.json
check_valgrind_log
--
2.42.0

319
0062-verify-name-and-digest-consistency.patch Normal file
View File

@ -0,0 +1,319 @@
From 950dc3c56f192061383de4d19229ace243eae503 Mon Sep 17 00:00:00 2001
From: zhongtao <zhongtao17@huawei.com>
Date: Mon, 18 Dec 2023 15:54:37 +0800
Subject: [PATCH 62/64] verify name and digest consistency
Signed-off-by: zhongtao <zhongtao17@huawei.com>
---
.../oci/storage/image_store/image_store.c | 265 +++++++++++-------
1 file changed, 162 insertions(+), 103 deletions(-)
diff --git a/src/daemon/modules/image/oci/storage/image_store/image_store.c b/src/daemon/modules/image/oci/storage/image_store/image_store.c
index 58baa47a..1b482504 100644
--- a/src/daemon/modules/image/oci/storage/image_store/image_store.c
+++ b/src/daemon/modules/image/oci/storage/image_store/image_store.c
@@ -22,6 +22,7 @@
#include <isula_libutils/storage_image.h>
#include <isula_libutils/imagetool_images_list.h>
#include <isula_libutils/json_common.h>
+#include <isula_libutils/auto_cleanup.h>
#include <limits.h>
#include <pthread.h>
#include <stdlib.h>
@@ -444,11 +445,161 @@ out:
return value;
}
+static int resort_image_names(const char **names, size_t names_len, char **first_name, char ***image_tags,
+ char ***image_digests)
+{
+ int ret = 0;
+ size_t i;
+ char *prefix = NULL;
+
+ for (i = 0; i < names_len; i++) {
+ size_t len = strlen(names[i]);
+ if (strlen(names[i]) > MAX_IMAGE_NAME_LENGTH) {
+ prefix = util_sub_string(names[i], len - MAX_IMAGE_NAME_LENGTH,
+ MAX_IMAGE_NAME_LENGTH - MAX_IMAGE_DIGEST_LENGTH);
+ }
+
+ // TODO: maybe should support other digest
+ if (prefix != NULL && strcmp(prefix, DIGEST_PREFIX) == 0) {
+ if (util_array_append(image_digests, names[i]) != 0) {
+ ERROR("Failed to append image to digest: %s", names[i]);
+ ret = -1;
+ goto out;
+ }
+ } else {
+ if (util_array_append(image_tags, names[i]) != 0) {
+ ERROR("Failed to append image to tags: %s", names[i]);
+ ret = -1;
+ goto out;
+ }
+ }
+ }
+
+ if (first_name == NULL) {
+ goto out;
+ }
+
+ if (util_array_len((const char **)(*image_digests)) > 0) {
+ free(*first_name);
+ *first_name = util_strdup_s((*image_digests)[0]);
+ }
+
+ if (util_array_len((const char **)(*image_tags)) > 0) {
+ free(*first_name);
+ *first_name = util_strdup_s((*image_tags)[0]);
+ }
+
+out:
+ if (ret != 0) {
+ util_free_array(*image_digests);
+ util_free_array(*image_tags);
+ free(*first_name);
+ }
+ free(prefix);
+ return ret;
+}
+
+// Validate checks that the contents is a valid digest
+static bool validate_digest(const char *digest)
+{
+ bool ret = true;
+ const char *sha256_encode_patten = "^[a-f0-9]{64}$";
+ char *value = util_strdup_s(digest);
+ char *index = strchr(value, ':');
+ char *alg = NULL;
+ char *encode = NULL;
+
+ // contains ':' and is not the last character
+ if (index == NULL || index - value + 1 == strlen(value)) {
+ INFO("Invalid checksum digest format");
+ ret = false;
+ goto out;
+ }
+
+ *index++ = '\0';
+
+ alg = value;
+ encode = index;
+ // Currently only support SHA256 algorithm
+ if (strcmp(alg, "sha256") != 0) {
+ DEBUG("Unsupported digest algorithm: %s", alg);
+ ret = false;
+ goto out;
+ }
+
+ ret = util_reg_match(sha256_encode_patten, encode) == 0;
+
+out:
+ free(value);
+ return ret;
+}
+
+// Parsing a reference string as a possible identifier, full digest, or familiar name.
+static char *parse_digest_reference(const char *ref)
+{
+ char *indentfier_patten = "^[a-f0-9]{64}$";
+
+ if (util_reg_match(indentfier_patten, ref) == 0) {
+ return util_string_append(ref, "sha256:");
+ }
+
+ if (validate_digest(ref)) {
+ return util_strdup_s(ref);
+ }
+
+ return oci_normalize_image_name(ref);
+}
+
+static int is_name_digest_consistent(const char *name, char **names, size_t names_len, const char *digest)
+{
+ size_t i;
+ int ret = -1;
+ int nret = 0;
+ char *tag_pos = NULL;
+ char **tags = NULL;
+ char **digests = NULL;
+
+ if (resort_image_names((const char **)names, names_len, NULL, &tags, &digests) != 0) {
+ ERROR("Failed to resort image names");
+ goto out;
+ }
+
+ for (i = 0; i < util_array_len((const char **)tags); i++) {
+ __isula_auto_free char *ref = NULL;
+ __isula_auto_free char *tmp_repo_digests = NULL;
+ ref = parse_digest_reference(tags[i]);
+ if (ref == NULL) {
+ continue;
+ }
+ tag_pos = util_tag_pos(ref);
+ if (tag_pos == NULL) {
+ ERROR("invalid ref %s", ref);
+ continue;
+ }
+ *tag_pos = '\0';
+
+ nret = asprintf(&tmp_repo_digests, "%s@%s", ref, digest);
+ if (nret < 0) {
+ ERROR("Failed to receive repo digest");
+ goto out;
+ }
+ if (strcmp(name, tmp_repo_digests) == 0) {
+ ret = 0;
+ goto out;
+ }
+ }
+out:
+ util_free_array(tags);
+ util_free_array(digests);
+ return ret;
+}
+
// by_digest returns the image which matches the specified name.
static image_t *by_digest(const char *name)
{
digest_image_t *digest_filter_images = NULL;
char *digest = NULL;
+ image_t *tmp_ret = NULL;
// split digest for image name with digest
digest = strrchr(name, '@');
@@ -457,12 +608,21 @@ static image_t *by_digest(const char *name)
}
digest++;
digest_filter_images = (digest_image_t *)map_search(g_image_store->bydigest, (void *)digest);
- if (digest_filter_images == NULL) {
+ if (digest_filter_images == NULL || linked_list_empty(&(digest_filter_images->images_list))) {
return NULL;
}
// currently, a digest corresponds to an image, directly returning the first element
- return linked_list_first_elem(&(digest_filter_images->images_list));
+ tmp_ret = linked_list_first_elem(&(digest_filter_images->images_list));
+
+ // verify name and digest consistency to ensure we are not matching images to different repositories,
+ // even if the digests match.
+ // For example, ubuntu@sha256:abc......, shouldn't match test@sha256:abc......
+ if (is_name_digest_consistent(name, tmp_ret->simage->names, tmp_ret->simage->names_len, digest) != 0) {
+ return NULL;
+ }
+
+ return tmp_ret;
}
static image_t *lookup(const char *id)
@@ -2001,107 +2161,6 @@ out:
return ret;
}
-static int resort_image_names(const char **names, size_t names_len, char **first_name, char ***image_tags,
- char ***image_digests)
-{
- int ret = 0;
- size_t i;
- char *prefix = NULL;
-
- for (i = 0; i < names_len; i++) {
- size_t len = strlen(names[i]);
- if (strlen(names[i]) > MAX_IMAGE_NAME_LENGTH) {
- prefix = util_sub_string(names[i], len - MAX_IMAGE_NAME_LENGTH,
- MAX_IMAGE_NAME_LENGTH - MAX_IMAGE_DIGEST_LENGTH);
- }
-
- // TODO: maybe should support other digest
- if (prefix != NULL && strcmp(prefix, DIGEST_PREFIX) == 0) {
- if (util_array_append(image_digests, names[i]) != 0) {
- ERROR("Failed to append image to digest: %s", names[i]);
- ret = -1;
- goto out;
- }
- } else {
- if (util_array_append(image_tags, names[i]) != 0) {
- ERROR("Failed to append image to tags: %s", names[i]);
- ret = -1;
- goto out;
- }
- }
- }
-
- if (util_array_len((const char **)(*image_digests)) > 0) {
- free(*first_name);
- *first_name = util_strdup_s((*image_digests)[0]);
- }
-
- if (util_array_len((const char **)(*image_tags)) > 0) {
- free(*first_name);
- *first_name = util_strdup_s((*image_tags)[0]);
- }
-
-out:
- if (ret != 0) {
- util_free_array(*image_digests);
- util_free_array(*image_tags);
- free(*first_name);
- }
- free(prefix);
- return ret;
-}
-
-// Validate checks that the contents is a valid digest
-static bool validate_digest(const char *digest)
-{
- bool ret = true;
- const char *sha256_encode_patten = "^[a-f0-9]{64}$";
- char *value = util_strdup_s(digest);
- char *index = strchr(value, ':');
- char *alg = NULL;
- char *encode = NULL;
-
- // contains ':' and is not the last character
- if (index == NULL || index - value + 1 == strlen(value)) {
- INFO("Invalid checksum digest format");
- ret = false;
- goto out;
- }
-
- *index++ = '\0';
-
- alg = value;
- encode = index;
- // Currently only support SHA256 algorithm
- if (strcmp(alg, "sha256") != 0) {
- DEBUG("Unsupported digest algorithm: %s", alg);
- ret = false;
- goto out;
- }
-
- ret = util_reg_match(sha256_encode_patten, encode) == 0;
-
-out:
- free(value);
- return ret;
-}
-
-// Parsing a reference string as a possible identifier, full digest, or familiar name.
-static char *parse_digest_reference(const char *ref)
-{
- char *indentfier_patten = "^[a-f0-9]{64}$";
-
- if (util_reg_match(indentfier_patten, ref) == 0) {
- return util_string_append(ref, "sha256:");
- }
-
- if (validate_digest(ref)) {
- return util_strdup_s(ref);
- }
-
- return oci_normalize_image_name(ref);
-}
-
static int pack_repo_digest(char ***old_repo_digests, const char **image_tags, const char *digest, char ***repo_digests)
{
int ret = 0;
--
2.42.0

35
0063-code-improve-for-oci_rmi.patch Normal file
View File

@ -0,0 +1,35 @@
From 2db6add74c621344e902ce28b5e6764f6ef55b8e Mon Sep 17 00:00:00 2001
From: zhongtao <zhongtao17@huawei.com>
Date: Mon, 18 Dec 2023 16:07:57 +0800
Subject: [PATCH 63/64] code improve for oci_rmi
Signed-off-by: zhongtao <zhongtao17@huawei.com>
---
src/daemon/modules/image/oci/oci_image.c | 11 +++++++++++
1 file changed, 11 insertions(+)
diff --git a/src/daemon/modules/image/oci/oci_image.c b/src/daemon/modules/image/oci/oci_image.c
index 471510e7..9cf2cd4f 100644
--- a/src/daemon/modules/image/oci/oci_image.c
+++ b/src/daemon/modules/image/oci/oci_image.c
@@ -542,6 +542,17 @@ int oci_rmi(const im_rmi_request *request)
goto out;
}
+ for (i = 0; i < image_names_len; i++) {
+ if (strcmp(real_image_name, image_names[i]) == 0) {
+ break;
+ }
+ }
+ if (i == image_names_len) {
+ ERROR("Invalid real_image_name");
+ ret = -1;
+ goto out;
+ }
+
reduced_image_names = (char **)util_smart_calloc_s(sizeof(char *), image_names_len - 1);
if (reduced_image_names == NULL) {
ERROR("Out of memory");
--
2.42.0

26
0064-bugfix-for-resort_image_names.patch Normal file
View File

@ -0,0 +1,26 @@
From 39686ee4443400b810edecb38e3891b808e3a065 Mon Sep 17 00:00:00 2001
From: zhongtao <zhongtao17@huawei.com>
Date: Mon, 18 Dec 2023 20:59:46 +0800
Subject: [PATCH 64/64] bugfix for resort_image_names
Signed-off-by: zhongtao <zhongtao17@huawei.com>
---
src/daemon/modules/image/oci/storage/image_store/image_store.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/src/daemon/modules/image/oci/storage/image_store/image_store.c b/src/daemon/modules/image/oci/storage/image_store/image_store.c
index 1b482504..034268bc 100644
--- a/src/daemon/modules/image/oci/storage/image_store/image_store.c
+++ b/src/daemon/modules/image/oci/storage/image_store/image_store.c
@@ -473,6 +473,8 @@ static int resort_image_names(const char **names, size_t names_len, char **first
goto out;
}
}
+ free(prefix);
+ prefix = NULL;
}
if (first_name == NULL) {
--
2.42.0

62
iSulad.spec
View File

@ -1,5 +1,5 @@
%global _version 2.1.4
%global _release 2
%global _release 3
%global is_systemd 1
%global enable_criv1 1
%global enable_shimv2 1
@ -30,9 +30,55 @@ Patch0012: 0012-add-runc-attach-implement-unit-test-and-ci-test.patch
Patch0013: 0013-support-gcov-of-CI.patch
Patch0014: 0014-compatibility-for-manage-pods-which-created-by-old-i.patch
Patch0015: 0015-2250-Remove-PERFMON-BPF-CHECKPOINT_RESTORE.patch
Patch0016: 0016-open-ENABLE_GRPC_REMOTE_CONNECT-in-CI.patch
Patch6001: 6001-modify-daemon-json-default-runtime-to-runc.patch
Patch0016: 0016-improve-event-logs.patch
Patch0017: 0017-2251-open-ENABLE_GRPC_REMOTE_CONNECT-in-CI.patch
Patch0018: 0018-Add-compatibility-between-iSulad-and-k8s.patch
Patch0019: 0019-2254-lcr-container-with-a-damaged-config-file-will-r.patch
Patch0020: 0020-2253-bugfix-for-runc-container-exec.patch
Patch0021: 0021-bugfix-of-update-restart-policy-for-auto-remove-cont.patch
Patch0022: 0022-add-update-restart-policy-test.patch
Patch0023: 0023-2260-bugfix-for-rebuild-config.patch
Patch0024: 0024-2170-isula-image-pull.patch
Patch0025: 0025-2084-image-pull.patch
Patch0026: 0026-CI-add-ncurse-for-ubuntu-and-centos.patch
Patch0027: 0027-improve-code-of-pull-progress.patch
Patch0028: 0028-2230-format-code.patch
Patch0029: 0029-2255-Fix-cpusets-offline-issue.patch
Patch0030: 0030-modify-daemon-json-default-runtime-to-runc.patch
Patch0031: 0031-modify-CI-for-default-runtime-to-runc.patch
Patch0032: 0032-add-ut-for-devicemapper.patch
Patch0033: 0033-2275-bugfix-for-rt_lcr_rebuild_config.patch
Patch0034: 0034-2277-remove-shim-v2-format-error-log.patch
Patch0035: 0035-2276-bugfix-for-integration_check.sh.patch
Patch0036: 0036-modify-create_network.sh-for-default-runtime-changed.patch
Patch0037: 0037-modify-the-container-runtime-when-running-embedded.s.patch
Patch0038: 0038-save-sandbox-to-disk-after-network-ready.patch
Patch0039: 0039-fix-the-problem-of-abnormal-branches-not-waiting-for.patch
Patch0040: 0040-remove-embedded-image-support-in-readme.patch
Patch0041: 0041-Acquire-system-info-in-on-demand.patch
Patch0042: 0042-2268-bugfix-for-the-bliko-zero-value-exception-when-.patch
Patch0043: 0043-move-variable-declaration-out-of-loop.patch
Patch0044: 0044-2289-check-protobuf-and-grpc-version-in-cmake-for-cr.patch
Patch0045: 0045-improve-ut-for-devicemapper.patch
Patch0046: 0046-2292-bugfix-for-run.sh-and-add-build-notify-msg-for-.patch
Patch0047: 0047-2295-keep-the-service-status-unchanged-after-iSulad-.patch
Patch0048: 0048-modify-attach-socket-name.patch
Patch0049: 0049-2298-bugfix-for-hook_ignore_poststart_error-run-in-o.patch
Patch0050: 0050-2304-remove-build-and-test-in-coverage.patch
Patch0051: 0051-2303-use-a-timeout-epoll-loop-to-ensure-complete-dat.patch
Patch0052: 0052-modify-the-default-value-of-ISULAD_TMPDIR-to-var-lib.patch
Patch0053: 0053-prevent-the-parent-dir-from-being-bind-mounted-to-th.patch
Patch0054: 0054-2308-Remove-unused-header-file.patch
Patch0055: 0055-verify-the-mount-dir-first-and-then-create-tmpdir.patch
Patch0056: 0056-2300-Maintaining-a-uniform-code-style.patch
Patch0057: 0057-2312-Add-Huawei-Cloud-CodeArts-compilation-script.patch
Patch0058: 0058-bugfix-del-redundant-code.patch
Patch0059: 0059-improve-code-of-pull.patch
Patch0060: 0060-remove-var-in-coverage-and-fix-build-test-remove.patch
Patch0061: 0061-2320-improve-CI-test.patch
Patch0062: 0062-verify-name-and-digest-consistency.patch
Patch0063: 0063-code-improve-for-oci_rmi.patch
Patch0064: 0064-bugfix-for-resort_image_names.patch
%ifarch x86_64 aarch64
Provides: libhttpclient.so()(64bit)
@ -65,7 +111,7 @@ BuildRequires: gtest-devel gmock-devel
BuildRequires: libisula-devel > %{lcrver_lower} libisula-devel < %{lcrver_upper}
BuildRequires: cmake gcc-c++ yajl-devel
BuildRequires: grpc grpc-plugins grpc-devel protobuf-devel
BuildRequires: grpc grpc-plugins grpc-devel protobuf-devel ncurses-devel
BuildRequires: libcurl libcurl-devel libarchive-devel device-mapper-devel
BuildRequires: http-parser-devel
BuildRequires: libseccomp-devel libcap-devel libselinux-devel libwebsockets libwebsockets-devel
@ -284,6 +330,12 @@ fi
%endif
%changelog
* Wed Dec 20 2023 zhongtao <zhongtao17@huawei.com> - 2.1.4-3
- Type: bugfix
- ID: NA
- SUG: NA
- DESC: upgrade from upstream
* Wed Nov 15 2023 zhongtao <zhongtao17@huawei.com> - 2.1.4-2
- Type: bugfix
- ID: NA