packages/iSulad
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

upgrade from upstream

Browse Source 
Signed-off-by: zhongtao <zhongtao17@huawei.com>
(cherry picked from commit 0cdbd434956257cb303368fcba4dcc192b4955cf)
This commit is contained in:
zhongtao 2024-03-19 19:23:42 +08:00 committed by openeuler-sync-bot
parent ad9fca6166
commit d6fb72d02a
21 changed files with 2711 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

174
0007-update-annotations-and-add-ci-cases.patch Normal file
View File

@ -0,0 +1,174 @@
From ed4b71b2027a6e9fdf15931fe93aa9e0bb3dc79d Mon Sep 17 00:00:00 2001
From: leizhongkai <leizhongkai@huawei.com>
Date: Wed, 31 Jan 2024 18:17:52 +0800
Subject: [PATCH 07/26] update annotations and add ci cases
Signed-off-by: leizhongkai <leizhongkai@huawei.com>
---
.../container_cases/dev_cgroup_rule.sh | 24 +++++++++++
src/daemon/modules/api/specs_api.h | 2 +
.../modules/service/service_container.c | 18 +++++++-
src/daemon/modules/spec/specs.c | 41 ++++++++++++++++++-
4 files changed, 82 insertions(+), 3 deletions(-)
diff --git a/CI/test_cases/container_cases/dev_cgroup_rule.sh b/CI/test_cases/container_cases/dev_cgroup_rule.sh
index 839a546c..5616d37a 100755
--- a/CI/test_cases/container_cases/dev_cgroup_rule.sh
+++ b/CI/test_cases/container_cases/dev_cgroup_rule.sh
@@ -29,6 +29,9 @@ function test_cpu_dev_cgoup_rule_spec()
local image="busybox"
local test="container device cgroup rule test with (${runtime}) => (${FUNCNAME[@]})"
local test_dev="/dev/testA"
+ local default_config="/etc/default/isulad/config.json"
+ local default_config_bak="/etc/default/isulad/config.json.bak"
+ local test_cgroup_parent="/testABC"
msg_info "${test} starting..."
@@ -54,6 +57,27 @@ function test_cpu_dev_cgoup_rule_spec()
[[ $? -ne 0 ]] && [[ $cnt -le $priv_minor_88_cnt ]] && msg_err "${FUNCNAME[0]}:${LINENO} - check device minor failed" && ((ret++))
isula rm -f $priv_cid
+ def_cid=$(isula run -tid --runtime $runtime -m 10m $image /bin/sh)
+ [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - run container failed" && ((ret++))
+ cp $default_config $default_config_bak
+ sed -i '/"linux": {/a \ \t\t"devices": [\n\t\t{\n\t\t\t"type": "c",\n\t\t\t"path": "\/dev\/testABC",\n\t\t\t"major": 88,\n\t\t\t"minor": 88\n\t\t}\n\t\t],' $default_config
+ stop_isulad_without_valgrind
+ start_isulad_with_valgrind --cgroup-parent $test_cgroup_parent
+ [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - start isulad failed" && ((ret++))
+ isula restart -t 0 $def_cid
+ [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - restart container failed" && ((ret++))
+ cat /sys/fs/cgroup/memory/$test_cgroup_parent/$def_cid/memory.limit_in_bytes | grep ^10485760$
+ [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - --cgroup-parent cannot work" && ((ret++))
+ cnt=$(cat ${RUNTIME_ROOT_PATH}/${runtime}/$def_cid/config.json | grep "major\": 88" | wc -l)
+ [[ $? -ne 0 ]]&& [[ $cnt -ne 2 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - check device major failed" && ((ret++))
+ cnt=$(cat ${RUNTIME_ROOT_PATH}/${runtime}/$def_cid/config.json | grep "minor\": 88" | wc -l)
+ [[ $? -ne 0 ]] && [[ $cnt -ne 2 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - check device minor failed" && ((ret++))
+ isula rm -f $def_cid
+ cp $default_config_bak $default_config
+ stop_isulad_without_valgrind
+ start_isulad_with_valgrind
+ [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - start isulad failed" && ((ret++))
+
cid=$(isula run -tid --device "$test_dev:$test_dev" --runtime $runtime $image /bin/sh)
[[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - run container failed" && ((ret++))
cnt=$(cat ${RUNTIME_ROOT_PATH}/${runtime}/$cid/config.json | grep "major\": 88" | wc -l)
diff --git a/src/daemon/modules/api/specs_api.h b/src/daemon/modules/api/specs_api.h
index 7c904614..f5f6ad8b 100644
--- a/src/daemon/modules/api/specs_api.h
+++ b/src/daemon/modules/api/specs_api.h
@@ -41,6 +41,8 @@ int merge_share_namespace(oci_runtime_spec *oci_spec, const host_config *host_sp
const container_config_v2_common_config *v2_spec,
const container_network_settings *network_settings);
+int update_spec_annotations(oci_runtime_spec *oci_spec, container_config *container_spec, host_config *host_spec);
+
oci_runtime_spec *load_oci_config(const char *rootpath, const char *name);
oci_runtime_spec *default_spec(bool system_container);
diff --git a/src/daemon/modules/service/service_container.c b/src/daemon/modules/service/service_container.c
index 97f73768..239783b8 100644
--- a/src/daemon/modules/service/service_container.c
+++ b/src/daemon/modules/service/service_container.c
@@ -691,11 +691,18 @@ out:
epoll_loop_close(&descr);
}
-static int do_oci_spec_update(const char *id, oci_runtime_spec *oci_spec, host_config *hostconfig)
+static int do_oci_spec_update(const char *id, oci_runtime_spec *oci_spec, container_config *container_spec, host_config *hostconfig)
{
__isula_auto_free char *cgroup_parent = NULL;
int ret;
+ // First renew annotations for oci spec, cgroup path, rootfs.mount, native.mask
+ // for iSulad daemon might get updated
+ ret = update_spec_annotations(oci_spec, container_spec, hostconfig);
+ if (ret < 0) {
+ return -1;
+ }
+
// If isulad daemon cgroup parent updated, we should update this config into oci spec
cgroup_parent = merge_container_cgroups_path(id, hostconfig);
if (cgroup_parent == NULL) {
@@ -802,13 +809,20 @@ static int do_start_container(container_t *cont, const char *console_fifos[], bo
}
// Update possible changes
- nret = do_oci_spec_update(id, oci_spec, cont->hostconfig);
+ nret = do_oci_spec_update(id, oci_spec, cont->common_config->config, cont->hostconfig);
if (nret != 0) {
ERROR("Failed to update possible changes for oci spec");
ret = -1;
goto close_exit_fd;
}
+ nret = container_to_disk(cont);
+ if (nret != 0) {
+ ERROR("Failed to save container info to disk");
+ ret = -1;
+ goto close_exit_fd;
+ }
+
nret = setup_ipc_dirs(cont->hostconfig, cont->common_config);
if (nret != 0) {
ERROR("Failed to setup ipc dirs");
diff --git a/src/daemon/modules/spec/specs.c b/src/daemon/modules/spec/specs.c
index cc49d85f..62e340b1 100644
--- a/src/daemon/modules/spec/specs.c
+++ b/src/daemon/modules/spec/specs.c
@@ -385,6 +385,44 @@ out:
return ret;
}
+int update_spec_annotations(oci_runtime_spec *oci_spec, container_config *container_spec, host_config *host_spec)
+{
+ int ret = 0;
+ if (oci_spec == NULL || container_spec == NULL || host_spec == NULL) {
+ return -1;
+ }
+
+ ret = make_sure_container_spec_annotations(container_spec);
+ if (ret < 0) {
+ return -1;
+ }
+
+ ret = make_annotations_cgroup_dir(container_spec, host_spec);
+ if (ret != 0) {
+ return -1;
+ }
+
+ /* add rootfs.mount */
+ ret = add_rootfs_mount(container_spec);
+ if (ret != 0) {
+ ERROR("Failed to add rootfs mount");
+ return -1;
+ }
+
+ /* add native.umask */
+ ret = add_native_umask(container_spec);
+ if (ret != 0) {
+ ERROR("Failed to add native umask");
+ return -1;
+ }
+
+ if (merge_annotations(oci_spec, container_spec)) {
+ return -1;
+ }
+
+ return 0;
+}
+
static int make_sure_oci_spec_root(oci_runtime_spec *oci_spec)
{
if (oci_spec->root == NULL) {
@@ -2501,4 +2539,5 @@ int spec_module_init(void)
return -1;
}
return 0;
-}
\ No newline at end of file
+}
+
--
2.25.1

184
0008-bug-fix-for-device-cgroup-ulimt-oci-update.patch Normal file
View File

@ -0,0 +1,184 @@
From fe3413bb8ebae90f29ce3cc02373f3fc2b5d2fd2 Mon Sep 17 00:00:00 2001
From: jikai <jikai11@huawei.com>
Date: Mon, 22 Jan 2024 20:19:29 +0800
Subject: [PATCH 08/26] bug fix for device/cgroup/ulimt oci update
Signed-off-by: jikai <jikai11@huawei.com>
---
.../executor/container_cb/execution_create.c | 7 ++-
src/daemon/modules/api/specs_api.h | 4 ++
.../modules/service/service_container.c | 18 +++---
src/daemon/modules/spec/specs.c | 60 +++++++++++++++----
4 files changed, 63 insertions(+), 26 deletions(-)
diff --git a/src/daemon/executor/container_cb/execution_create.c b/src/daemon/executor/container_cb/execution_create.c
index ca2a9163..e00afb68 100644
--- a/src/daemon/executor/container_cb/execution_create.c
+++ b/src/daemon/executor/container_cb/execution_create.c
@@ -533,12 +533,15 @@ static int merge_config_for_syscontainer(const container_create_request *request
value = request->rootfs;
}
- if (append_json_map_string_string(oci_spec->annotations, "rootfs.mount", value)) {
+ // should also update to container spec
+ if (append_json_map_string_string(container_spec->annotations, "rootfs.mount", value)
+ || append_json_map_string_string(oci_spec->annotations, "rootfs.mount", value)) {
ERROR("Realloc annotations failed");
ret = -1;
goto out;
}
- if (request->rootfs != NULL && append_json_map_string_string(oci_spec->annotations, "external.rootfs", "true")) {
+ if (request->rootfs != NULL && (append_json_map_string_string(container_spec->annotations, "external.rootfs", "true")
+ || append_json_map_string_string(oci_spec->annotations, "external.rootfs", "true"))) {
ERROR("Realloc annotations failed");
ret = -1;
goto out;
diff --git a/src/daemon/modules/api/specs_api.h b/src/daemon/modules/api/specs_api.h
index f5f6ad8b..f54c0d31 100644
--- a/src/daemon/modules/api/specs_api.h
+++ b/src/daemon/modules/api/specs_api.h
@@ -47,6 +47,10 @@ oci_runtime_spec *load_oci_config(const char *rootpath, const char *name);
oci_runtime_spec *default_spec(bool system_container);
+int update_oci_container_cgroups_path(const char *id, oci_runtime_spec *oci_spec, const host_config *host_spec);
+
+int update_oci_ulimit(oci_runtime_spec *oci_spec, const host_config *host_spec);
+
const oci_runtime_spec *get_readonly_default_oci_spec(bool system_container);
int spec_module_init(void);
diff --git a/src/daemon/modules/service/service_container.c b/src/daemon/modules/service/service_container.c
index 239783b8..a3606a82 100644
--- a/src/daemon/modules/service/service_container.c
+++ b/src/daemon/modules/service/service_container.c
@@ -693,26 +693,21 @@ out:
static int do_oci_spec_update(const char *id, oci_runtime_spec *oci_spec, container_config *container_spec, host_config *hostconfig)
{
- __isula_auto_free char *cgroup_parent = NULL;
int ret;
- // First renew annotations for oci spec, cgroup path, rootfs.mount, native.mask
- // for iSulad daemon might get updated
+ // Renew annotations for oci spec, cgroup path only,
+ // since lxc uses the "cgroup.dir" in oci annotations to create cgroup
+ // should ensure that container spec has the same annotations as oci spec
ret = update_spec_annotations(oci_spec, container_spec, hostconfig);
if (ret < 0) {
return -1;
}
// If isulad daemon cgroup parent updated, we should update this config into oci spec
- cgroup_parent = merge_container_cgroups_path(id, hostconfig);
- if (cgroup_parent == NULL) {
+ ret = update_oci_container_cgroups_path(id, oci_spec, hostconfig);
+ if (ret < 0) {
return -1;
}
- if (oci_spec->linux->cgroups_path != NULL && strcmp(oci_spec->linux->cgroups_path, cgroup_parent) != 0) {
- free(oci_spec->linux->cgroups_path);
- oci_spec->linux->cgroups_path = cgroup_parent;
- cgroup_parent = NULL;
- }
// For Linux.Resources, isula update will save changes into oci spec;
// so we just skip it;
@@ -725,7 +720,8 @@ static int do_oci_spec_update(const char *id, oci_runtime_spec *oci_spec, contai
}
// If isulad daemon ulimit updated, we should update this config into oci spec.
- if (merge_global_ulimit(oci_spec) != 0) {
+ ret = update_oci_ulimit(oci_spec, hostconfig);
+ if (ret < 0) {
return -1;
}
diff --git a/src/daemon/modules/spec/specs.c b/src/daemon/modules/spec/specs.c
index 62e340b1..464b4fb4 100644
--- a/src/daemon/modules/spec/specs.c
+++ b/src/daemon/modules/spec/specs.c
@@ -402,19 +402,8 @@ int update_spec_annotations(oci_runtime_spec *oci_spec, container_config *contai
return -1;
}
- /* add rootfs.mount */
- ret = add_rootfs_mount(container_spec);
- if (ret != 0) {
- ERROR("Failed to add rootfs mount");
- return -1;
- }
-
- /* add native.umask */
- ret = add_native_umask(container_spec);
- if (ret != 0) {
- ERROR("Failed to add native umask");
- return -1;
- }
+ // other annotations will either not be updated after containers created
+ // or for rootfs mnt and umask, we do not support the update operation
if (merge_annotations(oci_spec, container_spec)) {
return -1;
@@ -2302,6 +2291,27 @@ char *merge_container_cgroups_path(const char *id, const host_config *host_spec)
return util_path_join(path, id);
}
+int update_oci_container_cgroups_path(const char *id, oci_runtime_spec *oci_spec, const host_config *hostconfig)
+{
+ if (oci_spec == NULL || oci_spec->linux == NULL) {
+ ERROR("Invalid arguments");
+ return -1;
+ }
+
+ __isula_auto_free char *cgroup_parent = merge_container_cgroups_path(id, hostconfig);
+ if (cgroup_parent == NULL) {
+ return -1;
+ }
+
+ if (oci_spec->linux->cgroups_path != NULL && strcmp(oci_spec->linux->cgroups_path, cgroup_parent) != 0) {
+ free(oci_spec->linux->cgroups_path);
+ oci_spec->linux->cgroups_path = cgroup_parent;
+ cgroup_parent = NULL;
+ }
+
+ return 0;
+}
+
static int merge_oci_cgroups_path(const char *id, oci_runtime_spec *oci_spec, const host_config *host_spec)
{
if (id == NULL || oci_spec == NULL || host_spec == NULL) {
@@ -2445,6 +2455,30 @@ out:
return ret;
}
+int update_oci_ulimit(oci_runtime_spec *oci_spec, const host_config *hostconfig) {
+ if (oci_spec == NULL || hostconfig == NULL) {
+ ERROR("Invalid arguments");
+ return -1;
+ }
+
+ size_t i = 0;
+ if (oci_spec->process != NULL) {
+ for (i = 0; i < oci_spec->process->rlimits_len; i++) {
+ free_defs_process_rlimits_element(oci_spec->process->rlimits[i]);
+ oci_spec->process->rlimits[i] = NULL;
+ }
+ free(oci_spec->process->rlimits);
+ oci_spec->process->rlimits = NULL;
+ oci_spec->process->rlimits_len = 0;
+ }
+
+ if (merge_conf_ulimits(oci_spec, hostconfig) != 0 || merge_global_ulimit(oci_spec) != 0) {
+ return -1;
+ }
+
+ return 0;
+}
+
/* read oci config */
oci_runtime_spec *load_oci_config(const char *rootpath, const char *name)
{
--
2.25.1

281
0009-improve-dt-for-oci-spec-update.patch Normal file
View File

@ -0,0 +1,281 @@
From 82dd5a1db70fdb3f4934a3f9c0ee290ce5bee1b2 Mon Sep 17 00:00:00 2001
From: jikai <jikai11@huawei.com>
Date: Sat, 27 Jan 2024 15:30:05 +0800
Subject: [PATCH 09/26] improve dt for oci spec update
Signed-off-by: jikai <jikai11@huawei.com>
---
.../container_cases/dev_cgroup_rule.sh | 4 +-
CI/test_cases/container_cases/ulimit.sh | 19 ++
test/specs/specs/CMakeLists.txt | 1 +
test/specs/specs/specs_ut.cc | 168 ++++++++++++++++++
4 files changed, 190 insertions(+), 2 deletions(-)
diff --git a/CI/test_cases/container_cases/dev_cgroup_rule.sh b/CI/test_cases/container_cases/dev_cgroup_rule.sh
index 5616d37a..33a839c5 100755
--- a/CI/test_cases/container_cases/dev_cgroup_rule.sh
+++ b/CI/test_cases/container_cases/dev_cgroup_rule.sh
@@ -60,13 +60,13 @@ function test_cpu_dev_cgoup_rule_spec()
def_cid=$(isula run -tid --runtime $runtime -m 10m $image /bin/sh)
[[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - run container failed" && ((ret++))
cp $default_config $default_config_bak
- sed -i '/"linux": {/a \ \t\t"devices": [\n\t\t{\n\t\t\t"type": "c",\n\t\t\t"path": "\/dev\/testABC",\n\t\t\t"major": 88,\n\t\t\t"minor": 88\n\t\t}\n\t\t],' $default_config
+ sed -i '/"linux": {/a \ \t\t"devices": [\n\t\t{\n\t\t\t"type": "c",\n\t\t\t"path": "\/dev\/testA",\n\t\t\t"major": 88,\n\t\t\t"minor": 88\n\t\t}\n\t\t],' $default_config
stop_isulad_without_valgrind
start_isulad_with_valgrind --cgroup-parent $test_cgroup_parent
[[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - start isulad failed" && ((ret++))
isula restart -t 0 $def_cid
[[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - restart container failed" && ((ret++))
- cat /sys/fs/cgroup/memory/$test_cgroup_parent/$def_cid/memory.limit_in_bytes | grep ^10485760$
+ isula exec -it $def_cid sh -c "cat /sys/fs/cgroup/memory/memory.limit_in_bytes | grep ^10485760$"
[[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - --cgroup-parent cannot work" && ((ret++))
cnt=$(cat ${RUNTIME_ROOT_PATH}/${runtime}/$def_cid/config.json | grep "major\": 88" | wc -l)
[[ $? -ne 0 ]]&& [[ $cnt -ne 2 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - check device major failed" && ((ret++))
diff --git a/CI/test_cases/container_cases/ulimit.sh b/CI/test_cases/container_cases/ulimit.sh
index f823dc1c..41cdcece 100755
--- a/CI/test_cases/container_cases/ulimit.sh
+++ b/CI/test_cases/container_cases/ulimit.sh
@@ -49,9 +49,28 @@ function test_ulimit()
[[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - restart failed" && ((ret++))
cat ${RUNTIME_ROOT_PATH}/${runtime}/$cid/config.json | grep "RLIMIT_"
[[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - check rlimit failed after restart" && ((ret++))
+
+ check_valgrind_log
+ [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - stop isulad failed" && ((ret++))
+
+ start_isulad_with_valgrind
+ [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - start isulad failed" && ((ret++))
+
+ # if default ulimit of isulad changed, isula start should do update ulimit of oci spec
+ isula restart -t 0 $cid
+ [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - restart failed" && ((ret++))
+ cat ${RUNTIME_ROOT_PATH}/${runtime}/$cid/config.json | grep "RLIMIT_"
+ [[ $? -eq 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - check rlimit failed after restart" && ((ret++))
+
isula rm -f $cid
[[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - rm container failed" && ((ret++))
+ check_valgrind_log
+ [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - stop isulad failed" && ((ret++))
+
+ start_isulad_with_valgrind --default-ulimit nproc=2048:4096 --default-ulimit nproc=2048:8192 --default-ulimit nofile=1024:4096
+ [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - start isulad failed" && ((ret++))
+
isula run --ulimit nproc= $image --runtime $runtime /bin/sh > $ulimitlog 2>&1
cat $ulimitlog | grep "delimiter '=' can't be the first or the last character"
[[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - check failed" && ((ret++))
diff --git a/test/specs/specs/CMakeLists.txt b/test/specs/specs/CMakeLists.txt
index a9dbc52c..508123fa 100644
--- a/test/specs/specs/CMakeLists.txt
+++ b/test/specs/specs/CMakeLists.txt
@@ -84,6 +84,7 @@ target_include_directories(${EXE} PUBLIC
${CMAKE_CURRENT_SOURCE_DIR}/../../../test/mocks
)
+set_target_properties(${EXE} PROPERTIES LINK_FLAGS "-Wl,--wrap,util_common_calloc_s -Wl,--wrap,util_smart_calloc_s -Wl,--wrap,get_readonly_default_oci_spec")
target_link_libraries(${EXE} ${GTEST_BOTH_LIBRARIES} ${GMOCK_LIBRARY} ${GMOCK_MAIN_LIBRARY} ${CMAKE_THREAD_LIBS_INIT} ${ISULA_LIBUTILS_LIBRARY} -lgrpc++ -lprotobuf -lcrypto -lyajl -lz)
add_test(NAME ${EXE} COMMAND ${EXE} --gtest_output=xml:${EXE}-Results.xml)
set_tests_properties(${EXE} PROPERTIES TIMEOUT 120)
diff --git a/test/specs/specs/specs_ut.cc b/test/specs/specs/specs_ut.cc
index ad903a3f..47e4ca6e 100644
--- a/test/specs/specs/specs_ut.cc
+++ b/test/specs/specs/specs_ut.cc
@@ -19,6 +19,7 @@
#include "mock.h"
#include "isula_libutils/oci_runtime_spec.h"
#include "specs_api.h"
+#include "specs_mount.h"
#include "specs_namespace.h"
#include "specs_security.h"
#include "isula_libutils/host_config.h"
@@ -43,6 +44,46 @@ using ::testing::_;
using namespace std;
+static int g_malloc_count = 0;
+static int g_malloc_match = 1;
+
+extern "C" {
+ DECLARE_WRAPPER_V(util_common_calloc_s, void *, (size_t size));
+ DEFINE_WRAPPER_V(util_common_calloc_s, void *, (size_t size), (size));
+
+ DECLARE_WRAPPER_V(util_smart_calloc_s, void *, (size_t size, size_t len));
+ DEFINE_WRAPPER_V(util_smart_calloc_s, void *, (size_t size, size_t len), (size, len));
+
+ DECLARE_WRAPPER(get_readonly_default_oci_spec, const oci_runtime_spec *, (bool system_container));
+ DEFINE_WRAPPER(get_readonly_default_oci_spec, const oci_runtime_spec *, (bool system_container), (system_container));
+}
+
+void *util_common_calloc_s_fail(size_t size)
+{
+ g_malloc_count++;
+
+ if (g_malloc_count == g_malloc_match) {
+ g_malloc_match++;
+ g_malloc_count = 0;
+ return nullptr;
+ } else {
+ return __real_util_common_calloc_s(size);
+ }
+}
+
+void *util_smart_calloc_s_fail(size_t size, size_t len)
+{
+ g_malloc_count++;
+
+ if (g_malloc_count == g_malloc_match) {
+ g_malloc_match++;
+ g_malloc_count = 0;
+ return nullptr;
+ } else {
+ return __real_util_smart_calloc_s(size, len);
+ }
+}
+
class SpecsUnitTest : public testing::Test {
public:
void SetUp() override
@@ -234,6 +275,32 @@ char *invoke_conf_get_isulad_cgroup_parent()
return util_strdup_s("/var/lib/isulad/engines/lcr");
}
+int invoke_conf_get_isulad_default_ulimit_empty(host_config_ulimits_element ***ulimit)
+{
+ if (ulimit == nullptr) {
+ return -1;
+ }
+ return 0;
+}
+
+int invoke_conf_get_isulad_default_ulimit(host_config_ulimits_element ***ulimit)
+{
+ if (ulimit == nullptr) {
+ return -1;
+ }
+ host_config_ulimits_element *ele = static_cast<host_config_ulimits_element*>(util_common_calloc_s(sizeof(host_config_ulimits_element)));
+ if (ele == nullptr) {
+ return -1;
+ }
+ ele->hard = 8192;
+ ele->soft = 2048;
+ ele->name = util_strdup_s("NPROC");
+
+ int ret = ulimit_array_append(ulimit, ele, ulimit_array_len(*ulimit));
+ free_host_config_ulimits_element(ele);
+ return ret;
+}
+
TEST_F(SpecsUnitTest, test_merge_container_cgroups_path_1)
{
ASSERT_EQ(merge_container_cgroups_path(nullptr, nullptr), nullptr);
@@ -347,6 +414,107 @@ TEST_F(SpecsUnitTest, test_merge_container_cgroups_path_5)
testing::Mock::VerifyAndClearExpectations(&m_isulad_conf);
}
+TEST_F(SpecsUnitTest, test_update_oci_container_cgroups_path)
+{
+ parser_error err = nullptr;
+ host_config *hostspec = static_cast<host_config *>(util_common_calloc_s(sizeof(host_config)));
+ ASSERT_NE(hostspec, nullptr);
+
+ oci_runtime_spec *ocispec = oci_runtime_spec_parse_data("{\"ociVersion\": \"1.0.1\", \"linux\": \
+ {} }", nullptr, &err);
+ ASSERT_NE(ocispec, nullptr);
+
+ ocispec->linux->cgroups_path = util_strdup_s("/isulad");
+ ASSERT_EQ(update_oci_container_cgroups_path("abcdef", nullptr, nullptr), -1);
+ EXPECT_CALL(m_isulad_conf, GetCgroupParent()).WillRepeatedly(Invoke(invoke_conf_get_isulad_cgroup_parent));
+ ASSERT_EQ(update_oci_container_cgroups_path("abcdef", ocispec, hostspec), 0);
+ ASSERT_STREQ(ocispec->linux->cgroups_path, "/var/lib/isulad/engines/lcr/abcdef");
+
+ free(err);
+ free_host_config(hostspec);
+ free_oci_runtime_spec(ocispec);
+
+ testing::Mock::VerifyAndClearExpectations(&m_isulad_conf);
+}
+
+TEST_F(SpecsUnitTest, test_update_oci_ulimit)
+{
+ parser_error err = nullptr;
+ host_config *hostspec = static_cast<host_config *>(util_common_calloc_s(sizeof(host_config)));
+ ASSERT_NE(hostspec, nullptr);
+
+ char *oci_config_file = json_path(OCI_RUNTIME_SPEC_FILE);
+ ASSERT_TRUE(oci_config_file != nullptr);
+ oci_runtime_spec *ocispec = oci_runtime_spec_parse_file(oci_config_file, nullptr, &err);
+ ASSERT_NE(ocispec, nullptr);
+
+ ASSERT_EQ(update_oci_ulimit(nullptr, nullptr), -1);
+ EXPECT_CALL(m_isulad_conf, GetUlimit(_)).WillRepeatedly(Invoke(invoke_conf_get_isulad_default_ulimit));
+ ASSERT_EQ(update_oci_ulimit(ocispec, hostspec), 0);
+ ASSERT_EQ(ocispec->process->rlimits_len, 1);
+ ASSERT_EQ(ocispec->process->rlimits[0]->hard, 8192);
+ ASSERT_EQ(ocispec->process->rlimits[0]->soft, 2048);
+ ASSERT_STREQ(ocispec->process->rlimits[0]->type, "RLIMIT_NPROC");
+ EXPECT_CALL(m_isulad_conf, GetUlimit(_)).WillRepeatedly(Invoke(invoke_conf_get_isulad_default_ulimit_empty));
+ ASSERT_EQ(update_oci_ulimit(ocispec, hostspec), 0);
+ ASSERT_EQ(ocispec->process->rlimits_len, 0);
+
+ free(err);
+ free(oci_config_file);
+ free_host_config(hostspec);
+ free_oci_runtime_spec(ocispec);
+ testing::Mock::VerifyAndClearExpectations(&m_isulad_conf);
+}
+
+TEST_F(SpecsUnitTest, test_update_devcies_for_oci_spec)
+{
+ parser_error err = nullptr;
+ oci_runtime_spec *readonly_spec = oci_runtime_spec_parse_data("{\"ociVersion\": \"1.0.1\", \"linux\": \
+ { \"devices\": \
+ [ { \"type\": \"c\", \"path\": \"/dev/testA\", \
+ \"fileMode\": 8612, \"major\": 99, \"minor\": 99} ], \
+ \"resources\": { \"devices\": [ { \"allow\": false, \
+ \"type\": \"a\", \"major\": -1, \
+ \"minor\": -1, \"access\": \"rwm\" } ] } } }", nullptr, &err);
+ ASSERT_NE(readonly_spec, nullptr);
+ free(err);
+ err = nullptr;
+ host_config *hostspec = static_cast<host_config *>(util_common_calloc_s(sizeof(host_config)));
+ ASSERT_NE(hostspec, nullptr);
+
+ oci_runtime_spec *ocispec = oci_runtime_spec_parse_data("{\"ociVersion\": \"1.0.1\", \"linux\": \
+ { \"devices\": [ ], \
+ \"resources\": { \"devices\": [ ] } } }", nullptr, &err);
+ ASSERT_NE(ocispec, nullptr);
+
+ MOCK_SET(get_readonly_default_oci_spec, readonly_spec);
+ MOCK_SET_V(util_smart_calloc_s, util_smart_calloc_s_fail);
+ MOCK_SET_V(util_common_calloc_s, util_common_calloc_s_fail);
+
+ ASSERT_EQ(update_devcies_for_oci_spec(ocispec, hostspec), -1);
+ ASSERT_EQ(update_devcies_for_oci_spec(ocispec, hostspec), -1);
+ ASSERT_EQ(update_devcies_for_oci_spec(ocispec, hostspec), -1);
+ free(ocispec->linux->devices[0]);
+ free(ocispec->linux->devices);
+ ocispec->linux->devices = NULL;
+ ocispec->linux->devices_len = 0;
+ ASSERT_EQ(update_devcies_for_oci_spec(ocispec, hostspec), -1);
+ free(ocispec->linux->devices[0]);
+ free(ocispec->linux->devices);
+ ocispec->linux->devices = NULL;
+ ocispec->linux->devices_len = 0;
+ ASSERT_EQ(update_devcies_for_oci_spec(ocispec, hostspec), 0);
+
+ MOCK_CLEAR(get_readonly_default_oci_spec);
+ MOCK_CLEAR(util_smart_calloc_s);
+ MOCK_CLEAR(util_common_calloc_s);
+
+ free_oci_runtime_spec(readonly_spec);
+ free_oci_runtime_spec(ocispec);
+ free_host_config(hostspec);
+ free(err);
+}
+
/********************************* UT for merge caps *******************************************/
struct capabilities_lens {
size_t bounding_len;
--
2.25.1

30
0010-open-run-container-with-dev-volume-testcase.patch Normal file
View File

@ -0,0 +1,30 @@
From 44d15a7451a922ca7266b756d3f9a83908199cb3 Mon Sep 17 00:00:00 2001
From: zhangxiaoyu <zhangxiaoyu58@huawei.com>
Date: Tue, 23 Jan 2024 10:35:59 +0800
Subject: [PATCH 10/26] open run container with dev volume testcase
Signed-off-by: zhangxiaoyu <zhangxiaoyu58@huawei.com>
---
CI/test_cases/container_cases/bind_special_dir.sh | 5 ++---
1 file changed, 2 insertions(+), 3 deletions(-)
diff --git a/CI/test_cases/container_cases/bind_special_dir.sh b/CI/test_cases/container_cases/bind_special_dir.sh
index 545d5099..04bf437a 100755
--- a/CI/test_cases/container_cases/bind_special_dir.sh
+++ b/CI/test_cases/container_cases/bind_special_dir.sh
@@ -40,10 +40,9 @@ function test_bind_special_dir()
# when create container in container, runc not support to mount /dev
# adapt fedora base image, we just remove rshared option of sys dir
if [ $runtime == "runc" ]; then
- c_id=`isula run -itd -v -itd --runtime=$runtime -v /sys/fs:/sys/fs:rw -v /proc:/proc -v /dev/pts:/dev/pts:rw busybox sh`
+ c_id=`isula run -itd --runtime=$runtime -v /sys/fs:/sys/fs:rw -v /proc:/proc -v /dev/pts:/dev/pts:rw busybox sh`
else
- # lxc 5.X cannot support mount /dev directory
- c_id=`isula run --runtime=$runtime -itd -v -itd -v /sys/fs:/sys/fs:rw -v /proc:/proc busybox sh`
+ c_id=`isula run --runtime=$runtime -itd -v /sys/fs:/sys/fs:rw -v /proc:/proc -v /dev:/dev:ro -v /dev/pts:/dev/pts:rw busybox sh`
fi
[[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - failed to run container with image: ${image}" && ((ret++))
--
2.25.1

81
0011-add-cpu-usage-nano-cores-for-sandbox.patch Normal file
View File

@ -0,0 +1,81 @@
From 3dc12d7806fda8d5ceee183595e993079bee4056 Mon Sep 17 00:00:00 2001
From: jikai <jikai11@huawei.com>
Date: Fri, 12 Jan 2024 17:38:09 +0800
Subject: [PATCH 11/26] add cpu usage nano cores for sandbox
Signed-off-by: jikai <jikai11@huawei.com>
---
.../v1/v1_cri_pod_sandbox_manager_service.cc | 17 ++++++++++++++---
.../cri/v1/v1_cri_pod_sandbox_manager_service.h | 1 +
2 files changed, 15 insertions(+), 3 deletions(-)
diff --git a/src/daemon/entry/cri/v1/v1_cri_pod_sandbox_manager_service.cc b/src/daemon/entry/cri/v1/v1_cri_pod_sandbox_manager_service.cc
index a0c45111..76fa17bc 100644
--- a/src/daemon/entry/cri/v1/v1_cri_pod_sandbox_manager_service.cc
+++ b/src/daemon/entry/cri/v1/v1_cri_pod_sandbox_manager_service.cc
@@ -1024,6 +1024,7 @@ void PodSandboxManagerService::PodSandboxStatsToGRPC(const std::string &id, cons
const std::vector<Network::NetworkInterfaceStats> &netMetrics,
const std::unique_ptr<ContainerManagerService> &containerManager,
std::unique_ptr<runtime::v1::PodSandboxStats> &podStats,
+ sandbox::StatsInfo &oldStatsRec,
Errors &error)
{
std::unique_ptr<runtime::v1::PodSandboxStats> podStatsPtr(
@@ -1044,8 +1045,13 @@ void PodSandboxManagerService::PodSandboxStatsToGRPC(const std::string &id, cons
auto cpu = podStatsPtr->mutable_linux()->mutable_cpu();
cpu->set_timestamp(timestamp);
cpu->mutable_usage_core_nano_seconds()->set_value(cgroupMetrics.cgcpu_metrics.cpu_use_nanos);
- // todo
- // cpu->mutable_usage_nano_cores()->set_value(getNanoCores());
+ if (oldStatsRec.cpuUseNanos != 0 && timestamp > oldStatsRec.timestamp &&
+ cgroupMetrics.cgcpu_metrics.cpu_use_nanos > oldStatsRec.cpuUseNanos) {
+ uint64_t usage = cgroupMetrics.cgcpu_metrics.cpu_use_nanos - oldStatsRec.cpuUseNanos;
+ uint64_t nanoSeconds = timestamp - oldStatsRec.timestamp;
+ uint64_t usage_nano_cores = (uint64_t)(((double)usage / (double)nanoSeconds) * (double)Time_Second);
+ cpu->mutable_usage_nano_cores()->set_value(usage_nano_cores);
+ }
// Memory
auto memory = podStatsPtr->mutable_linux()->mutable_memory();
@@ -1114,6 +1120,7 @@ auto PodSandboxManagerService::PodSandboxStats(const std::string &podSandboxID,
return nullptr;
}
auto &config = sandbox->GetSandboxConfig();
+ auto oldStatsRec = sandbox->GetStatsInfo();
auto status = PodSandboxStatus(sandbox->GetId(), tmpErr);
if (error.NotEmpty()) {
@@ -1136,13 +1143,17 @@ auto PodSandboxManagerService::PodSandboxStats(const std::string &podSandboxID,
tmpErr.Clear();
}
- PodSandboxStatsToGRPC(sandbox->GetId(), cgroupMetrics, netMetrics, containerManager, podStats, tmpErr);
+ PodSandboxStatsToGRPC(sandbox->GetId(), cgroupMetrics, netMetrics, containerManager, podStats, oldStatsRec, tmpErr);
if (tmpErr.NotEmpty()) {
ERROR("Failed to set PodSandboxStats: %s", tmpErr.GetCMessage());
error.Errorf("Failed to set PodSandboxStats");
return nullptr;
}
+ // update stats info that sandbox recorded
+ sandbox::StatsInfo newStatsRec { podStats->linux().cpu().timestamp(), podStats->linux().cpu().usage_core_nano_seconds().value() };
+ sandbox->UpdateStatsInfo(newStatsRec);
+
return podStats;
}
diff --git a/src/daemon/entry/cri/v1/v1_cri_pod_sandbox_manager_service.h b/src/daemon/entry/cri/v1/v1_cri_pod_sandbox_manager_service.h
index 2bd28007..c3d98b8c 100644
--- a/src/daemon/entry/cri/v1/v1_cri_pod_sandbox_manager_service.h
+++ b/src/daemon/entry/cri/v1/v1_cri_pod_sandbox_manager_service.h
@@ -123,6 +123,7 @@ private:
const std::vector<Network::NetworkInterfaceStats> &netMetrics,
const std::unique_ptr<ContainerManagerService> &containerManager,
std::unique_ptr<runtime::v1::PodSandboxStats> &podStats,
+ sandbox::StatsInfo &statsInfo,
Errors &error);
void GetFilterPodSandbox(const runtime::v1::PodSandboxStatsFilter *filter,
std::vector<std::string> &podSandboxIDs, Errors &error);
--
2.25.1

27
0012-sleep-some-time-in-ServiceWorkThread-to-prevent-the-.patch Normal file
View File

@ -0,0 +1,27 @@
From 384cf7870c155d41f742b1928a4cb1b56aa46c94 Mon Sep 17 00:00:00 2001
From: zhongtao <zhongtao17@huawei.com>
Date: Tue, 6 Feb 2024 20:05:05 +0800
Subject: [PATCH 12/26] sleep some time in ServiceWorkThread to prevent the CPU
from being occupied all the time
Signed-off-by: zhongtao <zhongtao17@huawei.com>
---
src/daemon/entry/cri/streams/websocket/ws_server.cc | 2 ++
1 file changed, 2 insertions(+)
diff --git a/src/daemon/entry/cri/streams/websocket/ws_server.cc b/src/daemon/entry/cri/streams/websocket/ws_server.cc
index 6319a67f..a8d89b36 100644
--- a/src/daemon/entry/cri/streams/websocket/ws_server.cc
+++ b/src/daemon/entry/cri/streams/websocket/ws_server.cc
@@ -551,6 +551,8 @@ void WebsocketServer::ServiceWorkThread(int threadid)
while (n >= 0 && m_forceExit == 0) {
n = lws_service(m_context, 0);
+ // sleep some time to prevent the CPU from being occupied all the time
+ std::this_thread::sleep_for(std::chrono::milliseconds(10));
}
}
--
2.25.1

29
0013-restore-name-for-rename-failed.patch Normal file
View File

@ -0,0 +1,29 @@
From 2df7a67ad2cb0249b18ca5eba46f9aab8f72038f Mon Sep 17 00:00:00 2001
From: zhongtao <zhongtao17@huawei.com>
Date: Sun, 18 Feb 2024 11:32:55 +0800
Subject: [PATCH 13/26] restore name for rename failed
Signed-off-by: zhongtao <zhongtao17@huawei.com>
---
src/daemon/executor/container_cb/execution_information.c | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/src/daemon/executor/container_cb/execution_information.c b/src/daemon/executor/container_cb/execution_information.c
index 2a71e82a..c02cc830 100644
--- a/src/daemon/executor/container_cb/execution_information.c
+++ b/src/daemon/executor/container_cb/execution_information.c
@@ -1116,6 +1116,11 @@ static void restore_names_at_fail(container_t *cont, const char *ori_name, const
if (!container_name_index_rename(ori_name, new_name, id)) {
ERROR("Failed to restore name from \"%s\" to \"%s\" for container %s", new_name, ori_name, id);
}
+
+ // restore name in id-name manager
+ if (!id_name_manager_rename(ori_name, new_name)) {
+ ERROR("Failed to restore name from \"%s\" to \"%s\" in id-name manager", new_name, ori_name);
+ }
}
static int container_rename(container_t *cont, const char *new_name)
--
2.25.1

45
0014-2371-Allow-iSulad-to-pull-load-image-with-symlink.patch Normal file
View File

@ -0,0 +1,45 @@
From fd4c80b8de768d7132cef0720cd46167173a653b Mon Sep 17 00:00:00 2001
From: xuxuepeng <xuxuepeng1@huawei.com>
Date: Mon, 19 Feb 2024 01:05:18 +0000
Subject: [PATCH 14/26] !2371 Allow iSulad to pull/load image with symlink *
Allow iSulad to pull/load image with symlink
---
src/utils/tar/util_archive.c | 13 ++++++++++---
1 file changed, 10 insertions(+), 3 deletions(-)
diff --git a/src/utils/tar/util_archive.c b/src/utils/tar/util_archive.c
index e4c302bc..52b51162 100644
--- a/src/utils/tar/util_archive.c
+++ b/src/utils/tar/util_archive.c
@@ -637,6 +637,11 @@ static void try_to_replace_exited_dst(const char *dst_path, struct archive_entry
}
}
+/**
+ * This function has to be used with chroot to prevent a potential attack from manipulating
+ * the path of the file to be extracted, such as using a symbolic link to extract the file to
+ * a location outside the path.
+ */
int archive_unpack_handler(const struct io_read_wrapper *content, const struct archive_options *options)
{
int ret = 0;
@@ -671,10 +676,12 @@ int archive_unpack_handler(const struct io_read_wrapper *content, const struct a
flags |= ARCHIVE_EXTRACT_PERM;
flags |= ARCHIVE_EXTRACT_ACL;
flags |= ARCHIVE_EXTRACT_FFLAGS;
- flags |= ARCHIVE_EXTRACT_SECURE_SYMLINKS;
- flags |= ARCHIVE_EXTRACT_SECURE_NODOTDOT;
flags |= ARCHIVE_EXTRACT_XATTR;
- flags |= ARCHIVE_EXTRACT_SECURE_NOABSOLUTEPATHS;
+ /**
+ * ARCHIVE_EXTRACT_SECURE_SYMLINKS, ARCHIVE_EXTRACT_SECURE_NODOTDOT,
+ * ARCHIVE_EXTRACT_SECURE_NOABSOLUTEPATHS flags are not set here,
+ * since this function is called after chroot, the security of the path is guaranteed.
+ */
a = archive_read_new();
if (a == NULL) {
--
2.25.1

427
0015-Replace-http-parser-dependency-with-lcr.patch Normal file
View File

@ -0,0 +1,427 @@
From fb76605985166c4d2172270c8d633ed26d62f698 Mon Sep 17 00:00:00 2001
From: xuxuepeng <xuxuepeng1@huawei.com>
Date: Mon, 19 Feb 2024 23:52:47 +0800
Subject: [PATCH 15/26] Replace http-parser dependency with lcr
Signed-off-by: xuxuepeng <xuxuepeng1@huawei.com>
---
CI/dockerfiles/Dockerfile-centos | 13 -------------
CI/dockerfiles/Dockerfile-fedora | 1 -
CI/dockerfiles/Dockerfile-ubuntu | 1 -
CI/pr-gateway.sh | 2 +-
Dockerfile | 13 -------------
cmake/checker.cmake | 5 -----
docs/build_docs/guide/build_guide.md | 13 -------------
docs/build_docs/guide/build_guide_with_rpm.md | 4 +---
docs/build_docs/guide/build_guide_with_rpm_zh.md | 4 +---
docs/build_docs/guide/build_guide_zh.md | 13 -------------
.../guide/script/install_iSulad_on_Centos_7.sh | 11 -----------
.../script/install_iSulad_on_Ubuntu_20_04_LTS.sh | 2 +-
.../isulad_build_in_openeuler.Dockerfile | 2 +-
docs/vs_other_engines/vs_docker_command.md | 1 -
iSulad.spec | 3 +--
src/CMakeLists.txt | 1 -
src/contrib/env_checkconfig | 1 -
.../modules/image/oci/registry/registry_apiv1.c | 2 +-
.../modules/image/oci/registry/registry_apiv2.c | 2 +-
src/utils/http/CMakeLists.txt | 2 +-
src/utils/http/parser.c | 2 +-
src/utils/http/parser.h | 2 +-
src/utils/http/rest_common.c | 2 +-
23 files changed, 12 insertions(+), 90 deletions(-)
diff --git a/CI/dockerfiles/Dockerfile-centos b/CI/dockerfiles/Dockerfile-centos
index 1d76b4ec..af3ce035 100644
--- a/CI/dockerfiles/Dockerfile-centos
+++ b/CI/dockerfiles/Dockerfile-centos
@@ -207,19 +207,6 @@ RUN export PKG_CONFIG_PATH=/usr/local/lib/pkgconfig:$PKG_CONFIG_PATH && \
make install && \
ldconfig
-# install http-parser
-RUN export PKG_CONFIG_PATH=/usr/local/lib/pkgconfig:$PKG_CONFIG_PATH && \
- set -x && \
- cd ~ && \
- git clone https://gitee.com/src-openeuler/http-parser.git && \
- cd http-parser && \
- git checkout -b openEuler-20.03-LTS-tag openEuler-20.03-LTS-tag && \
- tar -xzvf http-parser-2.9.2.tar.gz && \
- cd http-parser-2.9.2 && \
- make -j CFLAGS="-Wno-error" && \
- make CFLAGS="-Wno-error" install && \
- ldconfig
-
# install libwebsockets
RUN export PKG_CONFIG_PATH=/usr/local/lib/pkgconfig:$PKG_CONFIG_PATH && \
set -x && \
diff --git a/CI/dockerfiles/Dockerfile-fedora b/CI/dockerfiles/Dockerfile-fedora
index a105cbb4..be2bf412 100644
--- a/CI/dockerfiles/Dockerfile-fedora
+++ b/CI/dockerfiles/Dockerfile-fedora
@@ -42,7 +42,6 @@ RUN dnf update -y && dnf install -y automake \
grpc-plugins \
libevent-devel \
libwebsockets-devel \
- http-parser-devel \
gtest-devel \
gmock-devel \
libarchive-devel \
diff --git a/CI/dockerfiles/Dockerfile-ubuntu b/CI/dockerfiles/Dockerfile-ubuntu
index 2441a7ce..09a20eb5 100644
--- a/CI/dockerfiles/Dockerfile-ubuntu
+++ b/CI/dockerfiles/Dockerfile-ubuntu
@@ -71,7 +71,6 @@ RUN apt update -y && apt upgrade -y && \
language-pack-en \
curl \
cmake \
- libhttp-parser-dev \
libprotobuf-dev \
libgrpc-dev \
libgrpc++-dev \
diff --git a/CI/pr-gateway.sh b/CI/pr-gateway.sh
index e5bf627e..e3613e8e 100755
--- a/CI/pr-gateway.sh
+++ b/CI/pr-gateway.sh
@@ -22,7 +22,7 @@ sed -i "s#http://repo.openeuler.org#https://repo.huaweicloud.com/openeuler#g" /e
dnf update -y
-dnf install -y docbook2X doxygen gtest-devel gmock-devel diffutils cmake gcc-c++ yajl-devel patch make libtool libevent-devel libevhtp-devel grpc grpc-plugins grpc-devel protobuf-devel libcurl libcurl-devel sqlite-devel libarchive-devel device-mapper-devel http-parser-devel libseccomp-devel libcap-devel libselinux-devel libwebsockets libwebsockets-devel systemd-devel git chrpath ncurses-devel
+dnf install -y docbook2X doxygen gtest-devel gmock-devel diffutils cmake gcc-c++ yajl-devel patch make libtool libevent-devel libevhtp-devel grpc grpc-plugins grpc-devel protobuf-devel libcurl libcurl-devel sqlite-devel libarchive-devel device-mapper-devel libseccomp-devel libcap-devel libselinux-devel libwebsockets libwebsockets-devel systemd-devel git chrpath ncurses-devel
if [ $? -ne 0 ]; then
echo "install dependences failed"
exit 1
diff --git a/Dockerfile b/Dockerfile
index 3b284630..a30ed12a 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -197,19 +197,6 @@ RUN export PKG_CONFIG_PATH=/usr/local/lib/pkgconfig:$PKG_CONFIG_PATH && \
make install && \
ldconfig
-# install http-parser
-RUN export PKG_CONFIG_PATH=/usr/local/lib/pkgconfig:$PKG_CONFIG_PATH && \
- set -x && \
- cd ~ && \
- git clone https://gitee.com/src-openeuler/http-parser.git && \
- cd http-parser && \
- git checkout -b openEuler-20.03-LTS-tag openEuler-20.03-LTS-tag && \
- tar -xzvf http-parser-2.9.2.tar.gz && \
- cd http-parser-2.9.2 && \
- make -j CFLAGS="-Wno-error" && \
- make CFLAGS="-Wno-error" install && \
- ldconfig
-
# install libwebsockets
RUN export PKG_CONFIG_PATH=/usr/local/lib/pkgconfig:$PKG_CONFIG_PATH && \
set -x && \
diff --git a/cmake/checker.cmake b/cmake/checker.cmake
index b0c395ef..13f0fd62 100644
--- a/cmake/checker.cmake
+++ b/cmake/checker.cmake
@@ -66,11 +66,6 @@ if (ANDROID OR MUSL)
_CHECK(CRYPTO_LIBRARY "LIBSSL_LIBRARY-NOTFOUND" "libssl.so")
endif()
-find_path(HTTP_PARSER_INCLUDE_DIR http_parser.h)
-_CHECK(HTTP_PARSER_INCLUDE_DIR "HTTP_PARSER_INCLUDE_DIR-NOTFOUND" "http_parser.h")
-find_library(HTTP_PARSER_LIBRARY http_parser)
-_CHECK(HTTP_PARSER_LIBRARY "HTTP_PARSER_LIBRARY-NOTFOUND" "libhttp_parser.so")
-
pkg_check_modules(PC_CURL "libcurl>=7.4.0")
find_path(CURL_INCLUDE_DIR "curl/curl.h"
HINTS ${PC_CURL_INCLUDEDIR} ${PC_CURL_INCLUDE_DIRS})
diff --git a/docs/build_docs/guide/build_guide.md b/docs/build_docs/guide/build_guide.md
index 741abddd..73a0d9d8 100644
--- a/docs/build_docs/guide/build_guide.md
+++ b/docs/build_docs/guide/build_guide.md
@@ -150,19 +150,6 @@ $ sudo -E make install
$ sudo -E ldconfig
```
-#### build and install http-parser
-
-```bash
-$ git clone https://gitee.com/src-openeuler/http-parser.git
-$ cd http-parser
-$ git checkout openEuler-20.03-LTS-tag
-$ tar -xzvf http-parser-2.9.2.tar.gz
-$ cd http-parser-2.9.2
-$ sudo -E make -j CFLAGS="-Wno-error"
-$ sudo -E make CFLAGS="-Wno-error" install
-$ sudo -E ldconfig
-```
-
#### build and install libwebsockets
```bash
diff --git a/docs/build_docs/guide/build_guide_with_rpm.md b/docs/build_docs/guide/build_guide_with_rpm.md
index 181b2ef5..acf8e7c0 100644
--- a/docs/build_docs/guide/build_guide_with_rpm.md
+++ b/docs/build_docs/guide/build_guide_with_rpm.md
@@ -29,7 +29,7 @@ BUILD BUILDROOT RPMS SOURCES SPECS SRPMS
```shell
dnf install -y patch automake autoconf libtool cmake make libcap libcap-devel libselinux libselinux-devel libseccomp libseccomp-devel git libcgroup tar python3 python3-pip libcurl-devel zlib-devel glibc-headers openssl-devel gcc gcc-c++ systemd-devel systemd-libs golang libtar && \
-dnf --enablerepo=powertools install -y yajl-devel device-mapper-devel http-parser-devel && \
+dnf --enablerepo=powertools install -y yajl-devel device-mapper-devel && \
dnf install -y epel-release && \
dnf --enablerepo=powertools install libuv-devel &&\
dnf install libwebsockets-devel
@@ -281,7 +281,6 @@ rpm -Uvh libarchive-devel-3.4.3-4.x86_64.rpm
### 9.1 install iSulad dependencies
```shell
-dnf --enablerepo=powertools install http-parser-devel
dnf install -y sqlite-devel
```
@@ -317,7 +316,6 @@ dnf install libwebsockets-devel
then, you can install iSulad
```shell
-dnf --enablerepo=powertools install http-parser-devel
dnf install -y sqlite-devel.x86_64
rpm -Uvh iSulad-2.1.0-1.x86_64.rpm
```
\ No newline at end of file
diff --git a/docs/build_docs/guide/build_guide_with_rpm_zh.md b/docs/build_docs/guide/build_guide_with_rpm_zh.md
index edb565e3..b9574b4e 100644
--- a/docs/build_docs/guide/build_guide_with_rpm_zh.md
+++ b/docs/build_docs/guide/build_guide_with_rpm_zh.md
@@ -25,7 +25,7 @@ BUILD BUILDROOT RPMS SOURCES SPECS SRPMS
```shell
dnf install -y patch automake autoconf libtool cmake make libcap libcap-devel libselinux libselinux-devel libseccomp libseccomp-devel git libcgroup tar python3 python3-pip libcurl-devel zlib-devel glibc-headers openssl-devel gcc gcc-c++ systemd-devel systemd-libs golang libtar && \
-dnf --enablerepo=powertools install -y yajl-devel device-mapper-devel http-parser-devel && \
+dnf --enablerepo=powertools install -y yajl-devel device-mapper-devel && \
dnf install -y epel-release && \
dnf --enablerepo=powertools install libuv-devel &&\
dnf install libwebsockets-devel
@@ -272,7 +272,6 @@ rpm -Uvh libarchive-devel-3.4.3-4.x86_64.rpm
### 9.1 安装iSulad的依赖
```shell
-dnf --enablerepo=powertools install http-parser-devel
dnf install -y sqlite-devel
```
@@ -310,7 +309,6 @@ dnf install libwebsockets-devel
再安装isulad
```shell
-dnf --enablerepo=powertools install http-parser-devel
dnf install -y sqlite-devel.x86_64
rpm -Uvh iSulad-2.1.0-1.x86_64.rpm
```
\ No newline at end of file
diff --git a/docs/build_docs/guide/build_guide_zh.md b/docs/build_docs/guide/build_guide_zh.md
index bfdc69dc..2d853d9c 100644
--- a/docs/build_docs/guide/build_guide_zh.md
+++ b/docs/build_docs/guide/build_guide_zh.md
@@ -150,19 +150,6 @@ $ sudo -E make install
$ sudo -E ldconfig
```
-#### 编译安装http-parser
-
-```bash
-$ git clone https://gitee.com/src-openeuler/http-parser.git
-$ cd http-parser
-$ git checkout openEuler-20.03-LTS-tag
-$ tar -xzvf http-parser-2.9.2.tar.gz
-$ cd http-parser-2.9.2
-$ sudo -E make -j CFLAGS="-Wno-error"
-$ sudo -E make CFLAGS="-Wno-error" install
-$ sudo -E ldconfig
-```
-
#### 编译安装libwebsockets
```bash
diff --git a/docs/build_docs/guide/script/install_iSulad_on_Centos_7.sh b/docs/build_docs/guide/script/install_iSulad_on_Centos_7.sh
index 3834d333..b268d777 100755
--- a/docs/build_docs/guide/script/install_iSulad_on_Centos_7.sh
+++ b/docs/build_docs/guide/script/install_iSulad_on_Centos_7.sh
@@ -68,17 +68,6 @@ make -j $(nproc)
make install
ldconfig
-# build http_parser
-cd $BUILD_DIR
-git clone https://gitee.com/src-openeuler/http-parser.git
-cd http-parser
-git checkout openEuler-20.03-LTS-tag
-tar -xzvf http-parser-2.9.2.tar.gz
-cd http-parser-2.9.2
-make -j CFLAGS="-Wno-error"
-make CFLAGS="-Wno-error" install
-ldconfig
-
# build libwebsockets
cd $BUILD_DIR
git clone https://gitee.com/src-openeuler/libwebsockets.git
diff --git a/docs/build_docs/guide/script/install_iSulad_on_Ubuntu_20_04_LTS.sh b/docs/build_docs/guide/script/install_iSulad_on_Ubuntu_20_04_LTS.sh
index 4f27244e..f44bddb4 100755
--- a/docs/build_docs/guide/script/install_iSulad_on_Ubuntu_20_04_LTS.sh
+++ b/docs/build_docs/guide/script/install_iSulad_on_Ubuntu_20_04_LTS.sh
@@ -7,7 +7,7 @@ set -e
export PKG_CONFIG_PATH=/usr/local/lib/pkgconfig:$PKG_CONFIG_PATH
export LD_LIBRARY_PATH=/usr/local/lib:/usr/lib:/lib/x86_64-linux-gnu/:$LD_LIBRARY_PATH
echo "/usr/local/lib" >> /etc/ld.so.conf
-apt install -y g++ libprotobuf-dev protobuf-compiler protobuf-compiler-grpc libgrpc++-dev libgrpc-dev libtool automake autoconf cmake make pkg-config libyajl-dev zlib1g-dev libselinux1-dev libseccomp-dev libcap-dev libsystemd-dev git libarchive-dev libcurl4-gnutls-dev openssl libdevmapper-dev python3 libtar0 libtar-dev libhttp-parser-dev libwebsockets-dev
+apt install -y g++ libprotobuf-dev protobuf-compiler protobuf-compiler-grpc libgrpc++-dev libgrpc-dev libtool automake autoconf cmake make pkg-config libyajl-dev zlib1g-dev libselinux1-dev libseccomp-dev libcap-dev libsystemd-dev git libarchive-dev libcurl4-gnutls-dev openssl libdevmapper-dev python3 libtar0 libtar-dev libwebsockets-dev
BUILD_DIR=/tmp/build_isulad
diff --git a/docs/dockerfiles/isulad_build_in_openeuler.Dockerfile b/docs/dockerfiles/isulad_build_in_openeuler.Dockerfile
index 5049f783..a081b009 100644
--- a/docs/dockerfiles/isulad_build_in_openeuler.Dockerfile
+++ b/docs/dockerfiles/isulad_build_in_openeuler.Dockerfile
@@ -26,7 +26,7 @@ RUN dnf install -y rust rust-packaging cargo
RUN dnf install -y grpc grpc-plugins grpc-devel protobuf-devel libwebsockets libwebsockets-devel
# depends for image module and restful client of iSulad
-RUN dnf install -y libcurl libcurl-devel libarchive-devel http-parser-devel
+RUN dnf install -y libcurl libcurl-devel libarchive-devel
# depends for embedded image of iSulad: -DENABLE_EMBEDDED=ON
RUN dnf install -y sqlite-devel
diff --git a/docs/vs_other_engines/vs_docker_command.md b/docs/vs_other_engines/vs_docker_command.md
index 5c38d31b..d7b587ea 100644
--- a/docs/vs_other_engines/vs_docker_command.md
+++ b/docs/vs_other_engines/vs_docker_command.md
@@ -114,7 +114,6 @@ Installing dependencies:
abseil-cpp
clibcni
grpc
- http-parser
lcr
lib-shim-v2
libwebsockets
diff --git a/iSulad.spec b/iSulad.spec
index eda87f7a..eafa82a0 100644
--- a/iSulad.spec
+++ b/iSulad.spec
@@ -48,7 +48,6 @@ BuildRequires: libisula-devel > %{lcrver_lower} libisula-devel < %{lcrver_upper}
BuildRequires: cmake gcc-c++ yajl-devel
BuildRequires: grpc grpc-plugins grpc-devel protobuf-devel
BuildRequires: libcurl libcurl-devel libarchive-devel device-mapper-devel
-BuildRequires: http-parser-devel
BuildRequires: libseccomp-devel libcap-devel libselinux-devel libwebsockets libwebsockets-devel
BuildRequires: systemd-devel git
BuildRequires: libevhtp-devel libevent-devel
@@ -60,7 +59,7 @@ BuildRequires: lib-shim-v2 lib-shim-v2-devel
Requires: libisula > %{lcrver_lower} libisula < %{lcrver_upper}
Requires: grpc protobuf
Requires: libcurl
-Requires: http-parser libseccomp
+Requires: libseccomp
Requires: libcap libselinux libwebsockets libarchive device-mapper
Requires: systemd
Requires: (docker-runc or runc)
diff --git a/src/CMakeLists.txt b/src/CMakeLists.txt
index d1bc65f9..48c1bad0 100644
--- a/src/CMakeLists.txt
+++ b/src/CMakeLists.txt
@@ -3,7 +3,6 @@ set(CHECKED_INCLUDE_DIRS
${STD_HEADER_SYS_PARAM}
${LIBYAJL_INCLUDE_DIR}
${LIBARCHIVE_INCLUDE_DIR}
- ${HTTP_PARSER_INCLUDE_DIR}
${OPENSSL_INCLUDE_DIR}
${CURL_INCLUDE_DIR}
${SYSTEMD_INCLUDE_DIR}
diff --git a/src/contrib/env_checkconfig b/src/contrib/env_checkconfig
index 62a91354..9080e01a 100755
--- a/src/contrib/env_checkconfig
+++ b/src/contrib/env_checkconfig
@@ -164,7 +164,6 @@ config_set CONFIG_SMP && echo -n "Cpuset Cgroup Result: " && config_enable CONFI
echo ""
echo "--- Third-party Packages ---"
echo -n "libyajl: " && has_lib libyajl
-echo -n "libhttp_parser: " && has_lib libhttp_parser
echo -n "libevhtp.so.1.2.16: " && has_lib libevhtp.so.1.2.16
echo -n "libseccomp: " && has_lib libseccomp
echo -n "libcap.so: " && has_lib libcap.so
diff --git a/src/daemon/modules/image/oci/registry/registry_apiv1.c b/src/daemon/modules/image/oci/registry/registry_apiv1.c
index 414eb65c..6da24c1d 100644
--- a/src/daemon/modules/image/oci/registry/registry_apiv1.c
+++ b/src/daemon/modules/image/oci/registry/registry_apiv1.c
@@ -18,7 +18,7 @@
#include <stdio.h>
#include <string.h>
#include <limits.h>
-#include <http_parser.h>
+#include <isula_libutils/http_parser.h>
#include <isula_libutils/json_common.h>
#include <stdbool.h>
#include <stdlib.h>
diff --git a/src/daemon/modules/image/oci/registry/registry_apiv2.c b/src/daemon/modules/image/oci/registry/registry_apiv2.c
index 3b3bbd93..dd49fab7 100644
--- a/src/daemon/modules/image/oci/registry/registry_apiv2.c
+++ b/src/daemon/modules/image/oci/registry/registry_apiv2.c
@@ -18,7 +18,7 @@
#include <stdio.h>
#include <string.h>
#include <limits.h>
-#include <http_parser.h>
+#include <isula_libutils/http_parser.h>
#include <isula_libutils/json_common.h>
#include <stdbool.h>
#include <stdlib.h>
diff --git a/src/utils/http/CMakeLists.txt b/src/utils/http/CMakeLists.txt
index ad7d0747..23d92cdc 100644
--- a/src/utils/http/CMakeLists.txt
+++ b/src/utils/http/CMakeLists.txt
@@ -20,7 +20,7 @@ target_include_directories(libhttpclient PUBLIC
# set libhttpclient FLAGS
set_target_properties(libhttpclient PROPERTIES PREFIX "")
-target_link_libraries(libhttpclient ${HTTP_PARSER_LIBRARY} ${CURL_LIBRARY})
+target_link_libraries(libhttpclient ${CURL_LIBRARY})
set_target_properties(libhttpclient PROPERTIES LINKER_LANGUAGE "C")
diff --git a/src/utils/http/parser.c b/src/utils/http/parser.c
index cf8425e4..3e910efc 100644
--- a/src/utils/http/parser.c
+++ b/src/utils/http/parser.c
@@ -38,7 +38,7 @@
*/
#include "parser.h"
-#include <http_parser.h>
+#include <isula_libutils/http_parser.h>
#include <string.h>
#include <stdlib.h>
#include <stdint.h>
diff --git a/src/utils/http/parser.h b/src/utils/http/parser.h
index ce5fe5e7..fd8f150d 100644
--- a/src/utils/http/parser.h
+++ b/src/utils/http/parser.h
@@ -42,7 +42,7 @@
#include <stddef.h>
-#include "http_parser.h"
+#include <isula_libutils/http_parser.h>
#undef TRUE
#define TRUE 1
diff --git a/src/utils/http/rest_common.c b/src/utils/http/rest_common.c
index 885375f2..d851ba96 100644
--- a/src/utils/http/rest_common.c
+++ b/src/utils/http/rest_common.c
@@ -16,7 +16,7 @@
#include <dlfcn.h>
#include <string.h>
-#include <http_parser.h>
+#include <isula_libutils/http_parser.h>
#include <stdlib.h>
#include "isula_libutils/log.h"
--
2.25.1

26
0016-add-more-detailed-log-information-for-load-sandbox.patch Normal file
View File

@ -0,0 +1,26 @@
From e4facfcd2947b5277789d58a452090b61ca2d383 Mon Sep 17 00:00:00 2001
From: zhongtao <zhongtao17@huawei.com>
Date: Wed, 21 Feb 2024 15:04:27 +0800
Subject: [PATCH 16/26] add more detailed log information for load sandbox
Signed-off-by: zhongtao <zhongtao17@huawei.com>
---
src/daemon/sandbox/sandbox_manager.cc | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/daemon/sandbox/sandbox_manager.cc b/src/daemon/sandbox/sandbox_manager.cc
index d3db4fb4..cee444f4 100644
--- a/src/daemon/sandbox/sandbox_manager.cc
+++ b/src/daemon/sandbox/sandbox_manager.cc
@@ -461,7 +461,7 @@ auto SandboxManager::LoadSandbox(std::string &id) -> std::shared_ptr<Sandbox>
Errors tmpError;
if (!sandbox->Load(tmpError)) {
- ERROR("Failed to load subdir:%s", id.c_str());
+ ERROR("Failed to load subdir:%s: %s", id.c_str(), tmpError.GetMessage().c_str());
return nullptr;
}
--
2.25.1

83
0017-bugfix-for-the-concurrency-competition-between-the-r.patch Normal file
View File

@ -0,0 +1,83 @@
From 0099190e7f18e890185e36c5a657e9ce95179bc8 Mon Sep 17 00:00:00 2001
From: zhongtao <zhongtao17@huawei.com>
Date: Fri, 1 Mar 2024 15:04:09 +0800
Subject: [PATCH 17/26] bugfix for the concurrency competition between the
reuse layer and the creation layer
Signed-off-by: zhongtao <zhongtao17@huawei.com>
---
src/daemon/modules/image/oci/oci_load.c | 9 ++++++++-
src/daemon/modules/image/oci/registry/registry.c | 9 ++++++++-
2 files changed, 16 insertions(+), 2 deletions(-)
diff --git a/src/daemon/modules/image/oci/oci_load.c b/src/daemon/modules/image/oci/oci_load.c
index 534e2647..85127f35 100644
--- a/src/daemon/modules/image/oci/oci_load.c
+++ b/src/daemon/modules/image/oci/oci_load.c
@@ -680,6 +680,12 @@ static int oci_load_set_layers_info(load_image_t *im, const image_manifest_items
char *parent_chain_id_sha256 = "";
char *id = NULL;
char *parent_chain_id = NULL;
+ // exist_flag is used to mark whether a non-existent layer has been encountered during this layer reuse process.
+ // 1.exist_flag is true if the layers are currently reusable;
+ // 2.exist_flag is false if encounter an uncreated layer that cannot be reused
+ // Prevent concurrent competition between the creation layer function
+ // and the reuse layer function on the im -> layer_of_hold_refs variable
+ bool exist_flag = true;
if (im == NULL || manifest == NULL || dstdir == NULL) {
ERROR("Invalid input params image or manifest is null");
@@ -761,7 +767,7 @@ static int oci_load_set_layers_info(load_image_t *im, const image_manifest_items
goto out;
}
- if (storage_inc_hold_refs(id) == 0) {
+ if (exist_flag && storage_inc_hold_refs(id) == 0) {
free(im->layer_of_hold_refs);
im->layer_of_hold_refs = util_strdup_s(id);
if (parent_chain_id != NULL && storage_dec_hold_refs(parent_chain_id) != 0) {
@@ -781,6 +787,7 @@ static int oci_load_set_layers_info(load_image_t *im, const image_manifest_items
continue;
}
+ exist_flag = false;
if (check_and_set_digest_from_tarball(im->layers[i], conf->rootfs->diff_ids[i]) != 0) {
ERROR("Check layer digest failed");
ret = -1;
diff --git a/src/daemon/modules/image/oci/registry/registry.c b/src/daemon/modules/image/oci/registry/registry.c
index aed3057a..66fa0076 100644
--- a/src/daemon/modules/image/oci/registry/registry.c
+++ b/src/daemon/modules/image/oci/registry/registry.c
@@ -1516,6 +1516,12 @@ static int fetch_all(pull_descriptor *desc)
struct layer_list *list = NULL;
pthread_t tid = 0;
struct timespec ts = { 0 };
+ // exist_flag is used to mark whether a non-existent layer has been encountered during this layer reuse process.
+ // 1.exist_flag is true if the layers are currently reusable;
+ // 2.exist_flag is false if encounter an uncreated layer that cannot be reused
+ // Prevent concurrent competition between the creation layer function
+ // and the reuse layer function on the im -> layer_of_hold_refs variable
+ bool exist_flag = true;
if (desc == NULL) {
ERROR("Invalid NULL param");
@@ -1547,7 +1553,7 @@ static int fetch_all(pull_descriptor *desc)
// Skip layer that already exist in local store
list = storage_layers_get_by_compress_digest(desc->layers[i].digest);
- if (list != NULL) {
+ if (exist_flag && list != NULL) {
for (j = 0; j < list->layers_len; j++) {
if ((list->layers[j]->parent == NULL && i == 0) ||
(parent_chain_id != NULL && list->layers[j]->parent != NULL &&
@@ -1579,6 +1585,7 @@ static int fetch_all(pull_descriptor *desc)
continue;
}
}
+ exist_flag = false;
// parent_chain_id = NULL means no parent chain match from now on, so no longer need
// to get layers by compressed digest to reuse layer.
--
2.25.1

73
0018-add-concurrent-load-test.patch Normal file
View File

@ -0,0 +1,73 @@
From 2af906d42a155a7b779dce017a2779b96dba2b61 Mon Sep 17 00:00:00 2001
From: zhongtao <zhongtao17@huawei.com>
Date: Fri, 1 Mar 2024 15:04:35 +0800
Subject: [PATCH 18/26] add concurrent load test
Signed-off-by: zhongtao <zhongtao17@huawei.com>
---
CI/test_cases/image_cases/image_load.sh | 47 +++++++++++++++++++++++++
1 file changed, 47 insertions(+)
diff --git a/CI/test_cases/image_cases/image_load.sh b/CI/test_cases/image_cases/image_load.sh
index 52b713d4..a2cada5f 100755
--- a/CI/test_cases/image_cases/image_load.sh
+++ b/CI/test_cases/image_cases/image_load.sh
@@ -79,8 +79,55 @@ function test_image_load()
return ${ret}
}
+function test_concurrent_load()
+{
+ local ret=0
+ local test="isula load image test => (${FUNCNAME[@]})"
+
+ msg_info "${test} starting..."
+
+ # clean exist image
+ ubuntu_id=`isula inspect -f '{{.image.id}}' ubuntu`
+ busybox_id=`isula inspect -f '{{.image.id}}' busybox`
+ isula rmi $ubuntu_id $busybox_id
+
+ concurrent_time=10
+ for i in `seq 1 $concurrent_time`
+ do
+ isula load -i $mult_image &
+ pids[$i]=$!
+ done
+
+ for i in `seq 1 $concurrent_time`;do
+ wait ${pids[$i]}
+ [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - fail to do isulad load $i" && ((ret++))
+ done
+
+ ubuntu_id=`isula inspect -f '{{.image.id}}' ubuntu`
+ [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - fail to inspect image: ubuntu" && ((ret++))
+
+ top_layer_id=$(isula inspect -f '{{.image.top_layer}}' ${ubuntu_id})
+
+ busybox_id=`isula inspect -f '{{.image.id}}' busybox`
+ [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - fail to inspect image: busybox" && ((ret++))
+
+ # delete image after concurrent load
+ isula rmi $ubuntu_id $busybox_id
+ [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - failed to remove image ${ubuntu_id} and ${busybox_id}" && ((ret++))
+
+ ls -l /var/lib/isulad/storage/overlay-layers
+ local top_layer_dir=/var/lib/isulad/storage/overlay-layers/${top_layer_id}
+ test -e ${top_layer_dir}
+ [[ $? -eq 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - top layer dir ${top_layer_id} exist after delete image" && ((ret++))
+
+ msg_info "${test} finished with return ${ret}..."
+ return ${ret}
+}
+
declare -i ans=0
+test_concurrent_load || ((ans++))
+
test_image_load || ((ans++))
show_result ${ans} "${curr_path}/${0}"
--
2.25.1

63
0019-get-the-realpath-of-the-host-path-for-archive-when-c.patch Normal file
View File

@ -0,0 +1,63 @@
From 96dfd32ee5d9a133ad63af13723402f10cd7cf7b Mon Sep 17 00:00:00 2001
From: zhongtao <zhongtao17@huawei.com>
Date: Mon, 11 Mar 2024 15:50:45 +0800
Subject: [PATCH 19/26] get the realpath of the host path for archive when cp
Signed-off-by: zhongtao <zhongtao17@huawei.com>
---
src/utils/tar/isulad_tar.c | 16 ++++++++++++++--
1 file changed, 14 insertions(+), 2 deletions(-)
diff --git a/src/utils/tar/isulad_tar.c b/src/utils/tar/isulad_tar.c
index bbe4c3b2..fe514acc 100644
--- a/src/utils/tar/isulad_tar.c
+++ b/src/utils/tar/isulad_tar.c
@@ -390,6 +390,7 @@ int archive_copy_to(const struct io_read_wrapper *content, const struct archive_
{
int ret = -1;
struct archive_copy_info *dstinfo = NULL;
+ char cleanpath[PATH_MAX] = { 0 };
char *dstdir = NULL;
char *src_base = NULL;
char *dst_base = NULL;
@@ -410,7 +411,12 @@ int archive_copy_to(const struct io_read_wrapper *content, const struct archive_
goto cleanup;
}
- ret = archive_chroot_untar_stream(content, dstdir, ".", src_base, dst_base, root_dir, err);
+ if (realpath(dstdir, cleanpath) == NULL) {
+ ERROR("Failed to get real path for %s", dstdir);
+ return -1;
+ }
+
+ ret = archive_chroot_untar_stream(content, cleanpath, ".", src_base, dst_base, root_dir, err);
cleanup:
free_archive_copy_info(dstinfo);
@@ -428,6 +434,7 @@ static int tar_resource_rebase(const char *path, const char *rebase, const char
struct stat st;
char *srcdir = NULL;
char *srcbase = NULL;
+ char cleanpath[PATH_MAX] = { 0 };
if (lstat(path, &st) < 0) {
SYSERROR("lstat %s failed", path);
@@ -438,9 +445,14 @@ static int tar_resource_rebase(const char *path, const char *rebase, const char
ERROR("Can not split path: %s", path);
goto cleanup;
}
+
+ if (realpath(srcdir, cleanpath) == NULL) {
+ ERROR("Failed to get real path for %s", srcdir);
+ return -1;
+ }
DEBUG("chroot tar stream srcdir(%s) srcbase(%s) rebase(%s)", srcdir, srcbase, rebase);
- nret = archive_chroot_tar_stream(srcdir, srcbase, srcbase, rebase, root_dir, archive_reader);
+ nret = archive_chroot_tar_stream(cleanpath, srcbase, srcbase, rebase, root_dir, archive_reader);
if (nret < 0) {
ERROR("Can not archive path: %s", path);
goto cleanup;
--
2.25.1

35
0020-bugfix-for-wrong-goto-branch.patch Normal file
View File

@ -0,0 +1,35 @@
From c67760ce928f67d9a8beeaf2e2d51c8f2239f69e Mon Sep 17 00:00:00 2001
From: zhongtao <zhongtao17@huawei.com>
Date: Tue, 12 Mar 2024 11:15:26 +0800
Subject: [PATCH 20/26] bugfix for wrong goto branch
Signed-off-by: zhongtao <zhongtao17@huawei.com>
---
src/utils/tar/isulad_tar.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/src/utils/tar/isulad_tar.c b/src/utils/tar/isulad_tar.c
index fe514acc..13343922 100644
--- a/src/utils/tar/isulad_tar.c
+++ b/src/utils/tar/isulad_tar.c
@@ -413,7 +413,7 @@ int archive_copy_to(const struct io_read_wrapper *content, const struct archive_
if (realpath(dstdir, cleanpath) == NULL) {
ERROR("Failed to get real path for %s", dstdir);
- return -1;
+ goto cleanup;
}
ret = archive_chroot_untar_stream(content, cleanpath, ".", src_base, dst_base, root_dir, err);
@@ -448,7 +448,7 @@ static int tar_resource_rebase(const char *path, const char *rebase, const char
if (realpath(srcdir, cleanpath) == NULL) {
ERROR("Failed to get real path for %s", srcdir);
- return -1;
+ goto cleanup;
}
DEBUG("chroot tar stream srcdir(%s) srcbase(%s) rebase(%s)", srcdir, srcbase, rebase);
--
2.25.1

29
0021-bugfix-for-wrong-dynamic-allocation-object-type.patch Normal file
View File

@ -0,0 +1,29 @@
From 0ef23c6caae4a97228705574b0c8f3445c6e65dc Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=E8=AE=B8=E7=BA=A2=E5=BC=BA?= <277922995@qq.com>
Date: Wed, 13 Mar 2024 17:00:16 +0800
Subject: [PATCH 21/26] bugfix for wrong dynamic allocation object type
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Signed-off-by: 许红强 <277922995@qq.com>
---
src/daemon/modules/image/image.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/daemon/modules/image/image.c b/src/daemon/modules/image/image.c
index e7aa81b8..871f5f39 100644
--- a/src/daemon/modules/image/image.c
+++ b/src/daemon/modules/image/image.c
@@ -1535,7 +1535,7 @@ int im_tag_image(const im_tag_request *request, im_tag_response **response)
return -1;
}
- *response = util_common_calloc_s(sizeof(im_remove_response));
+ *response = util_common_calloc_s(sizeof(im_tag_response));
if (*response == NULL) {
ERROR("Out of memory");
return -1;
--
2.25.1

80
0022-add-swap-usage-in-cri.patch Normal file
View File

@ -0,0 +1,80 @@
From ed569ccbf7e5029e83c40521255e0e406f285bae Mon Sep 17 00:00:00 2001
From: jikai <jikai11@huawei.com>
Date: Fri, 12 Jan 2024 11:31:59 +0800
Subject: [PATCH 22/26] add swap usage in cri
Signed-off-by: jikai <jikai11@huawei.com>
---
.../entry/cri/v1/v1_cri_container_manager_service.cc | 11 +++++++++++
src/daemon/executor/container_cb/execution_extend.c | 2 ++
src/daemon/modules/api/runtime_api.h | 3 +++
src/daemon/modules/runtime/isula/isula_rt_ops.c | 4 ++++
4 files changed, 20 insertions(+)
diff --git a/src/daemon/entry/cri/v1/v1_cri_container_manager_service.cc b/src/daemon/entry/cri/v1/v1_cri_container_manager_service.cc
index 2dda1e16..47a33c2c 100644
--- a/src/daemon/entry/cri/v1/v1_cri_container_manager_service.cc
+++ b/src/daemon/entry/cri/v1/v1_cri_container_manager_service.cc
@@ -890,6 +890,17 @@ void ContainerManagerService::ContainerStatsToGRPC(
if (response->container_stats[i]->major_page_faults != 0u) {
container->mutable_memory()->mutable_major_page_faults()->set_value(response->container_stats[i]->major_page_faults);
}
+
+ // Swap
+ container->mutable_swap()->set_timestamp(timestamp);
+ if (response->container_stats[i]->swap_used != 0u) {
+ container->mutable_swap()->mutable_swap_usage_bytes()->set_value(response->container_stats[i]->swap_used);
+ }
+ if (response->container_stats[i]->swap_limit >= response->container_stats[i]->swap_used) {
+ container->mutable_swap()->mutable_swap_available_bytes()->set_value(response->container_stats[i]->swap_limit
+ - response->container_stats[i]->swap_used);
+ }
+
containerstats.push_back(std::move(container));
}
}
diff --git a/src/daemon/executor/container_cb/execution_extend.c b/src/daemon/executor/container_cb/execution_extend.c
index 25ec5d3b..52401633 100644
--- a/src/daemon/executor/container_cb/execution_extend.c
+++ b/src/daemon/executor/container_cb/execution_extend.c
@@ -259,6 +259,8 @@ static container_info *get_container_stats(const container_t *cont,
info->major_page_faults = einfo->major_page_faults;
info->kmem_used = einfo->kmem_used;
info->kmem_limit = einfo->kmem_limit;
+ info->swap_used = einfo->swap_used;
+ info->swap_limit = einfo->swap_limit;
info->timestamp = util_get_now_time_nanos();
// workingset is zero if memory used < total inactive file
diff --git a/src/daemon/modules/api/runtime_api.h b/src/daemon/modules/api/runtime_api.h
index d2679c2d..bd170c30 100644
--- a/src/daemon/modules/api/runtime_api.h
+++ b/src/daemon/modules/api/runtime_api.h
@@ -66,6 +66,9 @@ struct runtime_container_resources_stats_info {
uint64_t cache;
uint64_t cache_total;
uint64_t inactive_file_total;
+ /* Swap usage*/
+ uint64_t swap_used;
+ uint64_t swap_limit;
};
typedef struct _rt_create_params_t {
diff --git a/src/daemon/modules/runtime/isula/isula_rt_ops.c b/src/daemon/modules/runtime/isula/isula_rt_ops.c
index 2c92cc59..745154bb 100644
--- a/src/daemon/modules/runtime/isula/isula_rt_ops.c
+++ b/src/daemon/modules/runtime/isula/isula_rt_ops.c
@@ -647,6 +647,10 @@ static void transform_stats_info_from_runtime(shim_client_runtime_stats *stats,
info->page_faults = memory->raw->pgfault;
info->major_page_faults = memory->raw->pgmajfault;
}
+ if (memory != NULL && memory->swap != NULL) {
+ info->swap_used = memory->swap->usage;
+ info->swap_limit = memory->swap->limit;
+ }
shim_client_runtime_stats_data_blkio *blkio = stats->data->blkio;
if (blkio == NULL) {
return;
--
2.25.1

256
0023-add-benchmark-result-of-perf-test-in-cri.patch Normal file
View File

@ -0,0 +1,256 @@
From 16a0cf7e9c2c059cb5537f48a022e63df457f186 Mon Sep 17 00:00:00 2001
From: jikai <jikai11@huawei.com>
Date: Sat, 2 Mar 2024 11:49:08 +0800
Subject: [PATCH 23/26] add benchmark, result of perf test in cri
Signed-off-by: jikai <jikai11@huawei.com>
---
docs/performance/cri_performance_test.md | 60 ++++++++
tools/benchmark/cri_perf_test.sh | 168 +++++++++++++++++++++++
2 files changed, 228 insertions(+)
create mode 100644 docs/performance/cri_performance_test.md
create mode 100755 tools/benchmark/cri_perf_test.sh
diff --git a/docs/performance/cri_performance_test.md b/docs/performance/cri_performance_test.md
new file mode 100644
index 00000000..594f0da7
--- /dev/null
+++ b/docs/performance/cri_performance_test.md
@@ -0,0 +1,60 @@
+## Machine configuration
+
+ARM machine:
+
+| Configuration | Information |
+| ------------- | -------------------------------------- |
+| OS | openEuler 22.03-LTS |
+| Kernel | linux 5.10.0-136.12.0.86.oe2203.aarch64 |
+| CPU | 96 cores |
+| Memory | 128 GB |
+
+## Version of Softwares
+
+| Name | Version |
+| ------ | ------------------------------------------------------------ |
+| iSulad | Version: 2.1.5 , Git commit: 5ebca976dd591a5676527be1bde950e5ce93eac0 |
+| containerd | Version: v2.0.0-beta.2, Git commit: 290194fe77d48521d3ea78ec02e2e406c4bf91b6 |
+| crio | version: 1.30.0, Git commit: b43e0d63a8af3277dbfc555f62d07bb2305a72c7 |
+
+## Test tool
+
+tools/benchmark/cri_perf_test.sh
+
+## Compare with other container engines
+
+### run operator once
+
+#### ARM
+
+run 1 pod and 1 container
+
+| measure | iSulad | containerd | crio | vs containerd | vs crio |
+| ----------------- | ------ | ------ | ------ | ------ | ------ |
+| time(ms) | 580 | 812 | 567 | -28.5% | 2.3% |
+| engine mem(kb) | 38704 | 66806 | 58760 | -42.0% | -34.2% |
+| shim mem(kb) | 1700 | 13876 | 4648 | -87.7% | -63.4% |
+
+run 10 pods and 10 containers
+
+| measure | iSulad | containerd | crio | vs containerd | vs crio |
+| ----------------- | ------ | ------ | ------ | ------ | ------ |
+| time(ms) | 1141 | 4000 | 1749 | -71.5% | -34.8% |
+| engine mem(kb) | 47688 | 82580 | 86128 | -42.2% | -44.6% |
+| shim mem(kb) | 16764 | 154872 | 46836 | -89.2% | -64.2% |
+
+run 50 pods and 50 containers
+
+| measure | iSulad | containerd | crio | vs containerd | vs crio |
+| ----------------- | ------ | ------ | ------ | ------ | ------ |
+| time(ms) | 4544 | 19963 | 8503 | -77.2% | -46.9% |
+| engine mem(kb) | 88700 | 134384 | 115560 | -34.0% | -23.2% |
+| shim mem(kb) | 83892 | 750924 | 233480 | -88.8% | -64.0% |
+
+run 100 pods and 100 containers
+
+| measure | iSulad | containerd | crio | vs containerd | vs crio |
+| ----------------- | ------ | ------ | ------ | ------ | ------ |
+| time(ms) | 10012 | 39629 | 18278 | -74.7% | -45.5% |
+| engine mem(kb) | 148464 | 185700 | 147836 | -20.0% | 0.4% |
+| shim mem(kb) | 168420 | 1506268| 462000 | -88.8% | -63.3% |
diff --git a/tools/benchmark/cri_perf_test.sh b/tools/benchmark/cri_perf_test.sh
new file mode 100755
index 00000000..54ee24f5
--- /dev/null
+++ b/tools/benchmark/cri_perf_test.sh
@@ -0,0 +1,168 @@
+#!/bin/bash
+#######################################################################
+##- Copyright (c) Huawei Technologies Co., Ltd. 2020. All rights reserved.
+# - iSulad licensed under the Mulan PSL v2.
+# - You can use this software according to the terms and conditions of the Mulan PSL v2.
+# - You may obtain a copy of Mulan PSL v2 at:
+# - http://license.coscl.org.cn/MulanPSL2
+# - THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR
+# - IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR
+# - PURPOSE.
+# - See the Mulan PSL v2 for more details.
+##- @Description: perf test
+##- @Author: jikai
+##- @Create: 2024-02-29
+#######################################################################
+
+# cri_perf_test.sh -e $engine -p $parallel
+
+engine=isulad
+runtime="unix:///var/run/isulad.sock"
+shim="isulad-shim"
+parallel=1
+while getopts ":e:p:" opt
+do
+ case $opt in
+ e)
+ engine=${OPTARG}
+ # compare if OPTARG is in ["isulad", "containerd", "crio"]}
+ if [ $engine == "isulad" ]; then
+ runtime="unix:///var/run/isulad.sock"
+ shim="isulad-shim"
+ elif [ $engine == "containerd" ]; then
+ runtime="unix:///var/run/containerd/containerd.sock"
+ shim="containerd-shim"
+ elif [ $engine == "crio" ]; then
+ runtime="unix:///var/run/crio/crio.sock"
+ shim="conmon"
+ else
+ echo "Unknown engine: ${OPTARG}, only support isulad, containerd, crio."
+ exit 1
+ fi
+ ;;
+ p)
+ parallel=${OPTARG}
+ ;;
+ ?)
+ echo "Unknown parameter"
+ exit 1;;
+ esac
+done
+
+workdir="$(pwd)"
+tmpdir="$workdir/cri_perf_test_tmpdata"
+mkdir -p $tmpdir/container/
+mkdir -p $tmpdir/pod/
+mkdir -p $workdir/cri_perf_test_result/
+result_data=$workdir/cri_perf_test_result/${engine}-${parallel}-result.dat
+rm -f $result_data
+
+# Get the interval time(ms)
+function getTiming(){
+ start=$1
+ end=$2
+
+ start_s=$(echo $start | cut -d '.' -f 1)
+ start_ns=$(echo $start | cut -d '.' -f 2)
+ end_s=$(echo $end | cut -d '.' -f 1)
+ end_ns=$(echo $end | cut -d '.' -f 2)
+
+ time=$(( ( 10#$end_s - 10#$start_s ) * 1000 + ( 10#$end_ns / 1000000 - 10#$start_ns / 1000000 ) ))
+
+ echo "$time"
+}
+
+# Kill all pods and containers running
+crictl --runtime-endpoint $runtime rmp -af
+
+# Create $parallel container.json and pod.json
+for((i=0;i<$parallel;i++))
+do
+ cat > $tmpdir/container/container_$i.json << EOF
+{
+ "metadata": {
+ "name": "testcontainer$i"
+ },
+ "image": {
+ "image": "busybox"
+ },
+ "command": [
+ "/bin/sh", "-c", "sleep 1d"
+ ],
+ "log_path": "console$i.log",
+ "linux": {
+ "security_context": {
+ "capabilities": {}
+ }
+ }
+}
+EOF
+
+ cat > $tmpdir/pod/pod_$i.json <<EOF
+{
+ "metadata": {
+ "name": "testpod$i",
+ "namespace": "testns",
+ "uid": "b49ef5ee-ee30-11ed-a05b-0242ac120003",
+ "attempt": 1
+ },
+ "log_directory": "/tmp",
+ "linux": {
+ "security_context": {
+ "capabilities": {}
+ }
+ }
+}
+EOF
+done
+
+# get start time
+start_time=$(date +%s.%N)
+
+engine_pid=$(pidof $engine)
+
+for((i=0;i<$parallel;i++))
+do
+ crictl --runtime-endpoint $runtime run --no-pull $tmpdir/container/container_$i.json $tmpdir/pod/pod_$i.json &
+done
+
+# wait for all the containers to finish and get end time
+end_time=$(date +%s.%N)
+boot_time=$(getTiming $start_time $end_time)
+a=`crictl --runtime-endpoint $runtime ps | grep testcontainer | wc -l`
+while [ $a -ne $parallel ];
+do
+ a=`crictl --runtime-endpoint $runtime ps | grep testcontainer | wc -l`
+ end_time=$(date +%s.%N)
+ boot_time=$(getTiming $start_time $end_time)
+ if [ $boot_time -gt 2000000 ]; then
+ break
+ fi
+done
+
+if [ ${boot_time} -lt 2000000 ]; then
+ echo "BootTime: ${boot_time}ms"
+ # Output to the corresponding file
+ echo "time: ${boot_time}" >> ${result_data}
+else
+ echo "${boot_time}ms is too long, please check the environment."
+fi
+
+# get pids
+shim_pids=$(ps -ef | grep -v grep | grep -i $shim | awk '{print$2}')
+
+# calc memory of pids
+engine_mem=$(cat /proc/$engine_pid/status | grep VmRSS | awk '{print $2}')
+shim_mem=0
+for pid in $shim_pids
+do
+ let shim_mem+=$(cat /proc/$pid/status | grep VmRSS | awk '{print $2}')
+done
+echo "Engine Mem: ${engine_mem}KB"
+echo "engine-mem: ${engine_mem}" >> ${result_data}
+echo "Shim Mem Total: ${shim_mem}KB"
+echo "shim-mem: ${shim_mem}" >> ${result_data}
+
+# clean resources
+crictl --runtime-endpoint $runtime rmp -af
+rm -rf $tmpdir
--
2.25.1

523
0024-add-support-for-systemd-cgroup-driver.patch Normal file
View File

@ -0,0 +1,523 @@
From 167af3ce0cff3906c9976b249432d41167b15eb2 Mon Sep 17 00:00:00 2001
From: jikai <jikai11@huawei.com>
Date: Thu, 11 Jan 2024 17:06:57 +0800
Subject: [PATCH 24/26] add support for systemd cgroup driver
Signed-off-by: jikai <jikai11@huawei.com>
---
src/cmd/isulad-shim/process.c | 6 +
src/cmd/isulad/isulad_commands.h | 2 +
src/contrib/config/daemon.json | 3 +-
src/daemon/common/cgroup.h | 4 +
src/daemon/common/cgroup_v1.c | 116 ++++++++++++++++++
src/daemon/config/isulad_config.c | 23 ++++
src/daemon/config/isulad_config.h | 2 +
.../cri/v1/cri_v1_runtime_runtime_service.cc | 25 ++++
.../cri/v1/cri_v1_runtime_runtime_service.h | 4 +
.../cri/v1/v1_cri_runtime_manager_service.cc | 12 ++
.../cri/v1/v1_cri_runtime_manager_service.h | 2 +
.../entry/cri/v1/v1_cri_runtime_service.h | 2 +
.../cri/v1/v1_cri_runtime_service_impl.cc | 5 +
.../cri/v1/v1_cri_runtime_service_impl.h | 2 +
src/daemon/executor/container_cb/execution.c | 26 ++++
.../modules/runtime/engines/lcr/lcr_rt_ops.c | 7 ++
.../modules/runtime/isula/isula_rt_ops.c | 1 +
src/daemon/modules/runtime/shim/shim_rt_ops.c | 6 +
src/daemon/modules/spec/specs.c | 22 +++-
19 files changed, 268 insertions(+), 2 deletions(-)
diff --git a/src/cmd/isulad-shim/process.c b/src/cmd/isulad-shim/process.c
index bf67c414..8a4ca175 100644
--- a/src/cmd/isulad-shim/process.c
+++ b/src/cmd/isulad-shim/process.c
@@ -1287,6 +1287,12 @@ static void get_runtime_cmd(process_t *p, const char *log_path, const char *pid_
params[i++] = p->state->cwd;
}
} else {
+ // the --systemd-cgroup argument is not in oci spec, but up to now,
+ // the latest version of runc, crun, youki, runsc, kata-runtime all support this argument
+ // should ensure that this is supported for oci runtime
+ if (p->state->systemd_cgroup) {
+ params[i++] = "--systemd-cgroup";
+ }
params[i++] = "create";
params[i++] = "--bundle";
params[i++] = p->bundle;
diff --git a/src/cmd/isulad/isulad_commands.h b/src/cmd/isulad/isulad_commands.h
index ba4b838d..cf5f65f5 100644
--- a/src/cmd/isulad/isulad_commands.h
+++ b/src/cmd/isulad/isulad_commands.h
@@ -226,6 +226,8 @@ int command_default_ulimit_append(command_option_t *option, const char *arg);
&(cmdargs)->json_confs->storage_opts, \
"Storage driver options", \
command_append_array }, \
+ { CMD_OPT_TYPE_BOOL, false, "systemd-cgroup", 0, &(cmdargs)->json_confs->systemd_cgroup, \
+ "Use systemd cgroup driver(default false)", NULL }, \
SUP_GROUPS_OPT(cmdargs) \
{ CMD_OPT_TYPE_CALLBACK, \
false, \
diff --git a/src/contrib/config/daemon.json b/src/contrib/config/daemon.json
index 966e016a..69362c26 100644
--- a/src/contrib/config/daemon.json
+++ b/src/contrib/config/daemon.json
@@ -36,5 +36,6 @@
"cri-runtimes": {
"kata": "io.containerd.kata.v2"
},
- "enable-cri-v1": false
+ "enable-cri-v1": false,
+ "systemd-cgroup": false
}
diff --git a/src/daemon/common/cgroup.h b/src/daemon/common/cgroup.h
index 6664fb15..fa20f42c 100644
--- a/src/daemon/common/cgroup.h
+++ b/src/daemon/common/cgroup.h
@@ -141,6 +141,10 @@ typedef struct {
int common_get_cgroup_v1_metrics(const char *cgroup_path, cgroup_metrics_t *cgroup_metrics);
+char *common_get_init_cgroup(const char *subsystem);
+
+char *common_get_own_cgroup(const char *subsystem);
+
#ifdef __cplusplus
}
#endif
diff --git a/src/daemon/common/cgroup_v1.c b/src/daemon/common/cgroup_v1.c
index 9004becc..e38fc03e 100644
--- a/src/daemon/common/cgroup_v1.c
+++ b/src/daemon/common/cgroup_v1.c
@@ -554,3 +554,119 @@ int common_get_cgroup_v1_metrics(const char *cgroup_path, cgroup_metrics_t *cgro
return 0;
}
+/* parse cgroup files, such as /proc/self/cgroup or /proc/1/cgroup */
+static int parse_cgroup_file(const char *path, char ***nlist, char ***plist)
+{
+ int ret = 0;
+ size_t length = 0;
+ __isula_auto_file FILE *fp = NULL;
+ __isula_auto_free char *pline = NULL;
+
+ fp = util_fopen(path, "r");
+ if (fp == NULL) {
+ return -1;
+ }
+
+ while (getline(&pline, &length, fp) != -1) {
+ char *pos = NULL;
+ char *pos2 = NULL;
+ char *pos3 = NULL;
+ char *ptoken = NULL;
+ char *psave = NULL;
+ pos = strchr(pline, ':');
+ if (pos == NULL) {
+ ERROR("Invalid cgroup entry: must contain at least two colons: %s", pline);
+ ret = -1;
+ goto out;
+ }
+ pos++;
+ pos2 = strchr(pos, ':');
+ if (pos2 == NULL) {
+ ERROR("Invalid cgroup entry: must contain at least two colons: %s", pline);
+ ret = -1;
+ goto out;
+ }
+ pos3 = strchr(pos2, '\n');
+ if (pos3 != NULL) {
+ *pos3 = '\0';
+ }
+ *pos2 = '\0';
+
+ if ((pos2 - pos) == 0) {
+ INFO("Cgroup entry: %s not supported by cgroup v1", pline);
+ continue;
+ }
+
+ for (ptoken = strtok_r(pos, ",", &psave); ptoken; ptoken = strtok_r(NULL, ",", &psave)) {
+ ret = util_array_append(nlist, ptoken);
+ if (ret != 0) {
+ ERROR("Failed to append string");
+ goto out;
+ }
+
+ ret = util_array_append(plist, pos2 + 1);
+ if (ret != 0) {
+ ERROR("Failed to append string");
+ goto out;
+ }
+ }
+ }
+
+out:
+ if (ret != 0) {
+ util_free_array(*nlist);
+ *nlist = NULL;
+ util_free_array(*plist);
+ *plist = NULL;
+ }
+ return ret;
+}
+
+static char *common_get_cgroup_path(const char *path, const char *subsystem)
+{
+ char **nlist = NULL, **plist = NULL;
+ size_t i = 0;
+ char *res = NULL;
+ if (path == NULL) {
+ ERROR("Invalid NULL param");
+ return NULL;
+ }
+
+ if (parse_cgroup_file(path, &nlist, &plist) < 0) {
+ return NULL;
+ }
+
+ for (i = 0; i < util_array_len((const char **)nlist); i++) {
+ const char *prefix = "name=";
+ bool find_sub = (strcmp(nlist[i], subsystem) == 0 || (strncmp(nlist[i], prefix, strlen(prefix)) == 0
+ && strcmp(nlist[i]+strlen(prefix), subsystem) == 0));
+ if (find_sub) {
+ res = util_strdup_s(plist[i]);
+ break;
+ }
+ }
+
+ util_free_array(nlist);
+ util_free_array(plist);
+ return res;
+}
+
+char *common_get_init_cgroup(const char *subsystem)
+{
+ if (common_get_cgroup_version() != CGROUP_VERSION_1) {
+ ERROR("Not implemented for cgroup v2 hierarchy");
+ return NULL;
+ }
+
+ return common_get_cgroup_path("/proc/1/cgroup", subsystem);
+}
+
+char *common_get_own_cgroup(const char *subsystem)
+{
+ if (common_get_cgroup_version() != CGROUP_VERSION_1) {
+ ERROR("Not implemented for cgroup v2 hierarchy");
+ return NULL;
+ }
+
+ return common_get_cgroup_path("/proc/self/cgroup", subsystem);
+}
diff --git a/src/daemon/config/isulad_config.c b/src/daemon/config/isulad_config.c
index 51758adb..8179558e 100644
--- a/src/daemon/config/isulad_config.c
+++ b/src/daemon/config/isulad_config.c
@@ -1762,6 +1762,8 @@ int merge_json_confs_into_global(struct service_arguments *args)
args->json_confs->enable_cri_v1 = tmp_json_confs->enable_cri_v1;
#endif
+ args->json_confs->systemd_cgroup = tmp_json_confs->systemd_cgroup;
+
if (merge_cri_runtimes_into_global(args, tmp_json_confs)) {
ret = -1;
goto out;
@@ -1895,3 +1897,24 @@ isulad_daemon_constants *get_isulad_daemon_constants(void)
{
return g_isulad_daemon_constants;
}
+
+bool conf_get_systemd_cgroup()
+{
+ bool systemd_cgroup = false;
+ struct service_arguments *conf = NULL;
+
+ if (isulad_server_conf_rdlock() != 0) {
+ return false;
+ }
+
+ conf = conf_get_server_conf();
+ if (conf == NULL || conf->json_confs == NULL) {
+ goto out;
+ }
+
+ systemd_cgroup = conf->json_confs->systemd_cgroup;
+
+out:
+ (void)isulad_server_conf_unlock();
+ return systemd_cgroup;
+}
diff --git a/src/daemon/config/isulad_config.h b/src/daemon/config/isulad_config.h
index 459ea331..f29cd564 100644
--- a/src/daemon/config/isulad_config.h
+++ b/src/daemon/config/isulad_config.h
@@ -114,6 +114,8 @@ char *conf_get_isulad_monitor_fifo_path(void);
int init_isulad_daemon_constants(void);
isulad_daemon_constants *get_isulad_daemon_constants(void);
+bool conf_get_systemd_cgroup(void);
+
#ifdef __cplusplus
}
#endif
diff --git a/src/daemon/entry/connect/grpc/cri/v1/cri_v1_runtime_runtime_service.cc b/src/daemon/entry/connect/grpc/cri/v1/cri_v1_runtime_runtime_service.cc
index ba9459f6..76e393f3 100644
--- a/src/daemon/entry/connect/grpc/cri/v1/cri_v1_runtime_runtime_service.cc
+++ b/src/daemon/entry/connect/grpc/cri/v1/cri_v1_runtime_runtime_service.cc
@@ -632,3 +632,28 @@ grpc::Status RuntimeV1RuntimeServiceImpl::Status(grpc::ServerContext *context,
return grpc::Status::OK;
}
+
+grpc::Status
+RuntimeV1RuntimeServiceImpl::RuntimeConfig(grpc::ServerContext *context,
+ const runtime::v1::RuntimeConfigRequest *request,
+ runtime::v1::RuntimeConfigResponse *reply)
+{
+ Errors error;
+
+ if (request == nullptr) {
+ ERROR("Invalid input arguments");
+ return grpc::Status(grpc::StatusCode::INVALID_ARGUMENT, "Invalid input arguments");
+ }
+
+ EVENT("Event: {Object: CRI, Type: Runtime Config}");
+
+ m_rService->RuntimeConfig(reply, error);
+ if (!error.Empty()) {
+ ERROR("Object: CRI, Type: Failed to get runtime config:%s", error.GetMessage().c_str());
+ return grpc::Status(grpc::StatusCode::UNKNOWN, error.GetMessage());
+ }
+
+ EVENT("Event: {Object: CRI, Type: Runtime Config}");
+
+ return grpc::Status::OK;
+}
diff --git a/src/daemon/entry/connect/grpc/cri/v1/cri_v1_runtime_runtime_service.h b/src/daemon/entry/connect/grpc/cri/v1/cri_v1_runtime_runtime_service.h
index 09ebe68b..52cc6b99 100644
--- a/src/daemon/entry/connect/grpc/cri/v1/cri_v1_runtime_runtime_service.h
+++ b/src/daemon/entry/connect/grpc/cri/v1/cri_v1_runtime_runtime_service.h
@@ -101,6 +101,10 @@ public:
grpc::Status Status(grpc::ServerContext *context, const runtime::v1::StatusRequest *request,
runtime::v1::StatusResponse *reply) override;
+ grpc::Status RuntimeConfig(grpc::ServerContext *context,
+ const runtime::v1::RuntimeConfigRequest *request,
+ runtime::v1::RuntimeConfigResponse *reply) override;
+
private:
std::unique_ptr<CRIV1::CRIRuntimeService> m_rService;
};
diff --git a/src/daemon/entry/cri/v1/v1_cri_runtime_manager_service.cc b/src/daemon/entry/cri/v1/v1_cri_runtime_manager_service.cc
index 1afac3e2..de489aae 100644
--- a/src/daemon/entry/cri/v1/v1_cri_runtime_manager_service.cc
+++ b/src/daemon/entry/cri/v1/v1_cri_runtime_manager_service.cc
@@ -16,6 +16,7 @@
#include "isula_libutils/log.h"
#include "v1_cri_helpers.h"
#include "cri_helpers.h"
+#include "isulad_config.h"
namespace CRIV1 {
void RuntimeManagerService::UpdateRuntimeConfig(const runtime::v1::RuntimeConfig &config, Errors & /*error*/)
@@ -69,4 +70,15 @@ auto RuntimeManagerService::Status(Errors &error) -> std::unique_ptr<runtime::v1
return status;
}
+void RuntimeManagerService::RuntimeConfig(runtime::v1::RuntimeConfigResponse *reply, Errors &error)
+{
+ if (reply == nullptr) {
+ ERROR("Invaliad params");
+ error.SetError("Invalid params");
+ return;
+ }
+
+ reply->mutable_linux()->set_cgroup_driver(conf_get_systemd_cgroup() ? runtime::v1::SYSTEMD : runtime::v1::CGROUPFS);
+}
+
} // namespace CRI
diff --git a/src/daemon/entry/cri/v1/v1_cri_runtime_manager_service.h b/src/daemon/entry/cri/v1/v1_cri_runtime_manager_service.h
index 3800ec30..2160064e 100644
--- a/src/daemon/entry/cri/v1/v1_cri_runtime_manager_service.h
+++ b/src/daemon/entry/cri/v1/v1_cri_runtime_manager_service.h
@@ -39,6 +39,8 @@ public:
auto Status(Errors &error) -> std::unique_ptr<runtime::v1::RuntimeStatus>;
+ void RuntimeConfig(runtime::v1::RuntimeConfigResponse *reply, Errors &error);
+
private:
service_executor_t *m_cb;
std::shared_ptr<Network::PluginManager> m_pluginManager;
diff --git a/src/daemon/entry/cri/v1/v1_cri_runtime_service.h b/src/daemon/entry/cri/v1/v1_cri_runtime_service.h
index 87394173..839f6724 100644
--- a/src/daemon/entry/cri/v1/v1_cri_runtime_service.h
+++ b/src/daemon/entry/cri/v1/v1_cri_runtime_service.h
@@ -89,6 +89,8 @@ public:
virtual void UpdateRuntimeConfig(const runtime::v1::RuntimeConfig &config, Errors &error) = 0;
virtual auto Status(Errors &error) -> std::unique_ptr<runtime::v1::RuntimeStatus> = 0;
+
+ virtual void RuntimeConfig(runtime::v1::RuntimeConfigResponse *reply, Errors &error) = 0;
};
} // namespace CRIV1
#endif // DAEMON_ENTRY_CRI_V1_CRI_RUNTIME_SERVICE_INTERFACE_H
diff --git a/src/daemon/entry/cri/v1/v1_cri_runtime_service_impl.cc b/src/daemon/entry/cri/v1/v1_cri_runtime_service_impl.cc
index 67cda5ed..aa5ae516 100644
--- a/src/daemon/entry/cri/v1/v1_cri_runtime_service_impl.cc
+++ b/src/daemon/entry/cri/v1/v1_cri_runtime_service_impl.cc
@@ -161,4 +161,9 @@ auto CRIRuntimeServiceImpl::Status(Errors &error) -> std::unique_ptr<runtime::v1
return m_runtimeManager->Status(error);
}
+void CRIRuntimeServiceImpl::RuntimeConfig(runtime::v1::RuntimeConfigResponse *reply, Errors &error)
+{
+ m_runtimeManager->RuntimeConfig(reply, error);
+}
+
} // namespace CRIV1
diff --git a/src/daemon/entry/cri/v1/v1_cri_runtime_service_impl.h b/src/daemon/entry/cri/v1/v1_cri_runtime_service_impl.h
index 23866648..0a25749f 100644
--- a/src/daemon/entry/cri/v1/v1_cri_runtime_service_impl.h
+++ b/src/daemon/entry/cri/v1/v1_cri_runtime_service_impl.h
@@ -92,6 +92,8 @@ public:
auto Status(Errors &error) -> std::unique_ptr<runtime::v1::RuntimeStatus> override;
+ void RuntimeConfig(runtime::v1::RuntimeConfigResponse *reply, Errors &error) override;
+
protected:
std::unique_ptr<RuntimeVersionerService> m_runtimeVersioner;
std::unique_ptr<ContainerManagerService> m_containerManager;
diff --git a/src/daemon/executor/container_cb/execution.c b/src/daemon/executor/container_cb/execution.c
index 63d8143c..7ed8e837 100644
--- a/src/daemon/executor/container_cb/execution.c
+++ b/src/daemon/executor/container_cb/execution.c
@@ -427,6 +427,32 @@ static int cpurt_controller_init(const char *id, const host_config *host_spec)
return 0;
}
+ if (conf_get_systemd_cgroup()) {
+ // currently it is the same as docker, yet it is unclear that
+ // if systemd cgroup is used and cgroup parent is set to a slice rather than system.slice
+ // should iSulad set cpu.rt_runtime_us and cpu.rt_period_us for the parent path?
+ // in fact, even if system.slice is used,
+ // cpu.rt_runtime_us and cpu.rt_period_us might still needed to be set manually
+ __isula_auto_free char *init_cgroup = common_get_init_cgroup("cpu");
+ if (init_cgroup == NULL) {
+ ERROR("Failed to get init cgroup");
+ return -1;
+ }
+ // make sure that the own cgroup path for cpu existed
+ __isula_auto_free char *own_cgroup = common_get_own_cgroup("cpu");
+ if (own_cgroup == NULL) {
+ ERROR("Failed to get own cgroup");
+ return -1;
+ }
+ char *new_cgroups_path = util_path_join(init_cgroup, cgroups_path);
+ if (new_cgroups_path == NULL) {
+ ERROR("Failed to join path");
+ return -1;
+ }
+ free(cgroups_path);
+ cgroups_path = new_cgroups_path;
+ }
+
mnt_root = sysinfo_cgroup_controller_cpurt_mnt_path();
if (mnt_root == NULL) {
ERROR("Failed to get cpu rt controller mnt root path");
diff --git a/src/daemon/modules/runtime/engines/lcr/lcr_rt_ops.c b/src/daemon/modules/runtime/engines/lcr/lcr_rt_ops.c
index 8c3c5f1a..6b862958 100644
--- a/src/daemon/modules/runtime/engines/lcr/lcr_rt_ops.c
+++ b/src/daemon/modules/runtime/engines/lcr/lcr_rt_ops.c
@@ -53,6 +53,13 @@ int rt_lcr_create(const char *name, const char *runtime, const rt_create_params_
char *runtime_root = NULL;
struct engine_operation *engine_ops = NULL;
+ if (conf_get_systemd_cgroup()) {
+ ERROR("Systemd cgroup not supported for lcr runtime");
+ isulad_set_error_message("Systemd cgroup not supported for lcr runtime");
+ ret = -1;
+ goto out;
+ }
+
runtime_root = conf_get_routine_rootdir(runtime);
if (runtime_root == NULL) {
ERROR("Root path is NULL");
diff --git a/src/daemon/modules/runtime/isula/isula_rt_ops.c b/src/daemon/modules/runtime/isula/isula_rt_ops.c
index 745154bb..b9aba3e3 100644
--- a/src/daemon/modules/runtime/isula/isula_rt_ops.c
+++ b/src/daemon/modules/runtime/isula/isula_rt_ops.c
@@ -1157,6 +1157,7 @@ int rt_isula_create(const char *id, const char *runtime, const rt_create_params_
p.runtime_args = (char **)runtime_args;
p.runtime_args_len = runtime_args_len;
p.attach_socket = attach_socket;
+ p.systemd_cgroup = conf_get_systemd_cgroup();
copy_process(&p, config->process);
copy_annotations(&p, config->annotations);
diff --git a/src/daemon/modules/runtime/shim/shim_rt_ops.c b/src/daemon/modules/runtime/shim/shim_rt_ops.c
index 81daf224..fc4d8e3a 100644
--- a/src/daemon/modules/runtime/shim/shim_rt_ops.c
+++ b/src/daemon/modules/runtime/shim/shim_rt_ops.c
@@ -35,6 +35,7 @@
#include "engine.h"
#include "shim_rt_monitor.h"
#include "supervisor.h"
+#include "isulad_config.h"
#define EXIT_SIGNAL_OFFSET_X 128
@@ -370,6 +371,11 @@ int rt_shim_create(const char *id, const char *runtime, const rt_create_params_t
return -1;
}
+ if (conf_get_systemd_cgroup()) {
+ ERROR("ShimV2 does not support systemd cgroup yet");
+ return -1;
+ }
+
exit_fifo_path = util_path_dir(params->exit_fifo);
if (exit_fifo_path == NULL) {
ERROR("%s: failed to get exit fifo dir from %s", id, params->exit_fifo);
diff --git a/src/daemon/modules/spec/specs.c b/src/daemon/modules/spec/specs.c
index 464b4fb4..b4d2b0f6 100644
--- a/src/daemon/modules/spec/specs.c
+++ b/src/daemon/modules/spec/specs.c
@@ -188,7 +188,10 @@ static char *do_get_container_cgroup_path(const host_config *host_spec)
}
if (path == NULL) {
- // third, all faild, just use default '/isulad'
+ // third, all faild, just use default '/isulad' for cgroupfs or "system.slice" for systemd
+ if (conf_get_systemd_cgroup()) {
+ return util_strdup_s("system.slice");
+ }
path = util_strdup_s("/isulad");
}
@@ -2288,6 +2291,23 @@ char *merge_container_cgroups_path(const char *id, const host_config *host_spec)
path = do_get_container_cgroup_path(host_spec);
+ if (conf_get_systemd_cgroup()) {
+ // systemd cgroup path has the form of [slice]:[prefix]:[name]
+#define SYSTEMD_CGROUP_PATH_LEN 3
+ if (!util_has_suffix(path, ".slice")) {
+ ERROR("Invalid cgroup path %s for systemd", path);
+ isulad_set_error_message("Invalid cgroup path %s for systemd", path);
+ return NULL;
+ }
+
+ // slice must not contain slashes
+ // convert test.slice/test-a.slice/test-a-b.slice to become test-a-b.slice
+ __isula_auto_free char *base = util_path_base(path);
+ const char *isulad_prefix = "isulad";
+ const char *parts[SYSTEMD_CGROUP_PATH_LEN] = {base, isulad_prefix, id};
+ return util_string_join(":", parts, SYSTEMD_CGROUP_PATH_LEN);
+ }
+
return util_path_join(path, id);
}
--
2.25.1

219
0025-add-ci-cases-for-systemd-cgroup-driver.patch Normal file
View File

@ -0,0 +1,219 @@
From f5f100f5b244be2debebe815aaed3afad8950daf Mon Sep 17 00:00:00 2001
From: jikai <jikai11@huawei.com>
Date: Tue, 6 Feb 2024 17:33:17 +0800
Subject: [PATCH 25/26] add ci cases for systemd cgroup driver
Signed-off-by: jikai <jikai11@huawei.com>
---
.../container_cases/systemd_cgroup.sh | 80 +++++++++++++++++++
test/mocks/isulad_config_mock.cc | 8 ++
test/mocks/isulad_config_mock.h | 1 +
test/specs/specs/specs_ut.cc | 49 ++++++++++++
4 files changed, 138 insertions(+)
create mode 100755 CI/test_cases/container_cases/systemd_cgroup.sh
diff --git a/CI/test_cases/container_cases/systemd_cgroup.sh b/CI/test_cases/container_cases/systemd_cgroup.sh
new file mode 100755
index 00000000..ac1288e1
--- /dev/null
+++ b/CI/test_cases/container_cases/systemd_cgroup.sh
@@ -0,0 +1,80 @@
+#!/bin/bash
+#
+# attributes: isulad systemd cgroup run
+# concurrent: NO
+# spend time: 18
+
+#######################################################################
+##- Copyright (c) Huawei Technologies Co., Ltd. 2020. All rights reserved.
+# - iSulad licensed under the Mulan PSL v2.
+# - You can use this software according to the terms and conditions of the Mulan PSL v2.
+# - You may obtain a copy of Mulan PSL v2 at:
+# - http://license.coscl.org.cn/MulanPSL2
+# - THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR
+# - IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR
+# - PURPOSE.
+# - See the Mulan PSL v2 for more details.
+##- @Description:CI
+##- @Author: jikai
+##- @Create: 2024-02-05
+#######################################################################
+
+curr_path=$(dirname $(readlink -f "$0"))
+data_path=$(realpath $curr_path/../data)
+source ../helpers.sh
+
+function test_systemd_cgroup()
+{
+ local ret=0
+ local runtime=$1
+ local image="busybox"
+
+ local test="systemd cgroup driver test with (${runtime})=> (${FUNCNAME[@]})"
+ msg_info "${test} starting..."
+
+ check_valgrind_log
+ [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - stop isulad failed" && ((ret++))
+
+ start_isulad_with_valgrind --systemd-cgroup
+ [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - start isulad failed" && ((ret++))
+
+ cid1=$(isula run -tid --runtime $runtime -m 10M $image /bin/sh)
+ [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - start container failed" && ((ret++))
+ cat /sys/fs/cgroup/memory/system.slice/isulad-$cid1.scope/memory.limit_in_bytes | grep ^10485760$
+ [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - check memory limit failed" && ((ret++))
+
+ cid2=$(isula run -tid --runtime $runtime --cgroup-parent /test $image /bin/sh)
+ [[ $? -eq 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - start container failed" && ((ret++))
+
+ cid3=$(isula run -tid --runtime $runtime -m 10M --cgroup-parent test-a-b.slice $image /bin/sh)
+ [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - start container failed" && ((ret++))
+ cat /sys/fs/cgroup/memory/test.slice/test-a.slice/test-a-b.slice/isulad-$cid3.scope/memory.limit_in_bytes | grep ^10485760$
+ [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - check memory limit failed" && ((ret++))
+
+ isula rm -f $cid1 $cid2 $cid3
+ [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - rm container failed" && ((ret++))
+
+ check_valgrind_log
+ [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - stop isulad failed" && ((ret++))
+
+ start_isulad_with_valgrind
+ [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - start isulad failed" && ((ret++))
+
+ rm -rf $ulimitlog
+
+ msg_info "${test} finished with return ${ret}..."
+ return ${ret}
+}
+
+declare -i ans=0
+
+for element in ${RUNTIME_LIST[@]};
+do
+ # lcr does not support systemd cgroup driver
+ if [ "$element" == "lcr" ];then
+ continue
+ fi
+ test_systemd_cgroup $element || ((ans++))
+done
+
+show_result ${ans} "${curr_path}/${0}"
diff --git a/test/mocks/isulad_config_mock.cc b/test/mocks/isulad_config_mock.cc
index 7ba4fa57..65b00563 100644
--- a/test/mocks/isulad_config_mock.cc
+++ b/test/mocks/isulad_config_mock.cc
@@ -210,3 +210,11 @@ char *conf_get_isulad_loglevel(void)
}
return nullptr;
}
+
+bool conf_get_systemd_cgroup(void)
+{
+ if (g_isulad_conf_mock != nullptr) {
+ return g_isulad_conf_mock->ConfGetSystemdCgroup();
+ }
+ return false;
+}
diff --git a/test/mocks/isulad_config_mock.h b/test/mocks/isulad_config_mock.h
index 6793fa51..d59c5938 100644
--- a/test/mocks/isulad_config_mock.h
+++ b/test/mocks/isulad_config_mock.h
@@ -45,6 +45,7 @@ public:
MOCK_METHOD0(ConfGetSandboxStatePath, char *(void));
MOCK_METHOD0(ConfGetEngineLogFile, char *(void));
MOCK_METHOD0(ConfGetIsuladLogLevel, char *(void));
+ MOCK_METHOD0(ConfGetSystemdCgroup, bool(void));
};
void MockIsuladConf_SetMock(MockIsuladConf *mock);
diff --git a/test/specs/specs/specs_ut.cc b/test/specs/specs/specs_ut.cc
index 47e4ca6e..6c42216d 100644
--- a/test/specs/specs/specs_ut.cc
+++ b/test/specs/specs/specs_ut.cc
@@ -319,6 +319,7 @@ TEST_F(SpecsUnitTest, test_merge_container_cgroups_path_2)
ASSERT_TRUE(host_spec != nullptr);
EXPECT_CALL(m_isulad_conf, GetCgroupParent()).WillRepeatedly(Invoke(invoke_conf_get_isulad_cgroup_parent_null));
+ EXPECT_CALL(m_isulad_conf, ConfGetSystemdCgroup()).WillRepeatedly(Return(false));
merged_cp = merge_container_cgroups_path("123", host_spec);
ASSERT_NE(merged_cp, nullptr);
@@ -347,6 +348,7 @@ TEST_F(SpecsUnitTest, test_merge_container_cgroups_path_3)
host_spec->cgroup_parent = util_strdup_s("/test");
EXPECT_CALL(m_isulad_conf, GetCgroupParent()).WillRepeatedly(Invoke(invoke_conf_get_isulad_cgroup_parent_null));
+ EXPECT_CALL(m_isulad_conf, ConfGetSystemdCgroup()).WillRepeatedly(Return(false));
merged_cp = merge_container_cgroups_path("123", host_spec);
ASSERT_NE(merged_cp, nullptr);
@@ -373,6 +375,7 @@ TEST_F(SpecsUnitTest, test_merge_container_cgroups_path_4)
ASSERT_TRUE(host_spec != nullptr);
EXPECT_CALL(m_isulad_conf, GetCgroupParent()).WillRepeatedly(Invoke(invoke_conf_get_isulad_cgroup_parent));
+ EXPECT_CALL(m_isulad_conf, ConfGetSystemdCgroup()).WillRepeatedly(Return(false));
merged_cp = merge_container_cgroups_path("123", host_spec);
ASSERT_NE(merged_cp, nullptr);
@@ -401,6 +404,7 @@ TEST_F(SpecsUnitTest, test_merge_container_cgroups_path_5)
host_spec->cgroup_parent = util_strdup_s("/test");
EXPECT_CALL(m_isulad_conf, GetCgroupParent()).WillRepeatedly(Invoke(invoke_conf_get_isulad_cgroup_parent));
+ EXPECT_CALL(m_isulad_conf, ConfGetSystemdCgroup()).WillRepeatedly(Return(false));
merged_cp = merge_container_cgroups_path("123", host_spec);
ASSERT_NE(merged_cp, nullptr);
@@ -414,6 +418,51 @@ TEST_F(SpecsUnitTest, test_merge_container_cgroups_path_5)
testing::Mock::VerifyAndClearExpectations(&m_isulad_conf);
}
+// systemd cgroup test
+TEST_F(SpecsUnitTest, test_merge_container_cgroups_path_6)
+{
+ oci_runtime_spec *oci_spec = nullptr;
+ host_config *host_spec = nullptr;
+ char *merged_cp = nullptr;
+
+ oci_spec = (oci_runtime_spec *)util_common_calloc_s(sizeof(oci_runtime_spec));
+ ASSERT_TRUE(oci_spec != nullptr);
+
+ host_spec = (host_config *)util_common_calloc_s(sizeof(host_config));
+ ASSERT_TRUE(host_spec != nullptr);
+
+ EXPECT_CALL(m_isulad_conf, GetCgroupParent()).WillRepeatedly(Invoke(invoke_conf_get_isulad_cgroup_parent_null));
+ EXPECT_CALL(m_isulad_conf, ConfGetSystemdCgroup()).WillRepeatedly(Return(true));
+
+ merged_cp = merge_container_cgroups_path("123", host_spec);
+ ASSERT_NE(merged_cp, nullptr);
+ ASSERT_STREQ(merged_cp, "system.slice:isulad:123");
+ free(merged_cp);
+
+ host_spec->cgroup_parent = util_strdup_s("/test");
+ merged_cp = merge_container_cgroups_path("123", host_spec);
+ ASSERT_EQ(merged_cp, nullptr);
+ free(host_spec->cgroup_parent);
+
+ host_spec->cgroup_parent = util_strdup_s("test.slice");
+ merged_cp = merge_container_cgroups_path("123", host_spec);
+ ASSERT_NE(merged_cp, nullptr);
+ ASSERT_STREQ(merged_cp, "test.slice:isulad:123");
+ free(merged_cp);
+ free(host_spec->cgroup_parent);
+
+ host_spec->cgroup_parent = util_strdup_s("test/test-a/test-a-b.slice");
+ merged_cp = merge_container_cgroups_path("123", host_spec);
+ ASSERT_NE(merged_cp, nullptr);
+ ASSERT_STREQ(merged_cp, "test-a-b.slice:isulad:123");
+
+ free_oci_runtime_spec(oci_spec);
+ free_host_config(host_spec);
+ free(merged_cp);
+
+ testing::Mock::VerifyAndClearExpectations(&m_isulad_conf);
+}
+
TEST_F(SpecsUnitTest, test_update_oci_container_cgroups_path)
{
parser_error err = nullptr;
--
2.25.1

18
0026-move-systemd_cgroup-CI-test-to-manual-cases.patch Normal file
View File

@ -0,0 +1,18 @@
From b93647205db5c4a5d74fb245c9b1e15ca1ffd3fe Mon Sep 17 00:00:00 2001
From: jikai <jikai11@huawei.com>
Date: Sat, 16 Mar 2024 09:35:22 +0800
Subject: [PATCH 26/26] move systemd_cgroup CI test to manual cases
Signed-off-by: jikai <jikai11@huawei.com>
---
CI/test_cases/{container_cases => manual_cases}/systemd_cgroup.sh | 0
1 file changed, 0 insertions(+), 0 deletions(-)
rename CI/test_cases/{container_cases => manual_cases}/systemd_cgroup.sh (100%)
diff --git a/CI/test_cases/container_cases/systemd_cgroup.sh b/CI/test_cases/manual_cases/systemd_cgroup.sh
similarity index 100%
rename from CI/test_cases/container_cases/systemd_cgroup.sh
rename to CI/test_cases/manual_cases/systemd_cgroup.sh
--
2.25.1

31
iSulad.spec
View File

@ -1,5 +1,5 @@
%global _version 2.1.5
%global _release 1
%global _release 2
%global is_systemd 1
%global enable_criv1 1
%global enable_shimv2 1
@ -21,6 +21,26 @@ Patch0003: 0003-bugfix-for-mount-point-remains-under-special-circums.patch
Patch0004: 0004-do-not-cleanup-if-the-directory-does-not-exist.patch
Patch0005: 0005-module-only-deletes-the-temporary-files-it-creates.patch
Patch0006: 0006-skip-devmapper-ut.patch
Patch0007: 0007-update-annotations-and-add-ci-cases.patch
Patch0008: 0008-bug-fix-for-device-cgroup-ulimt-oci-update.patch
Patch0009: 0009-improve-dt-for-oci-spec-update.patch
Patch0010: 0010-open-run-container-with-dev-volume-testcase.patch
Patch0011: 0011-add-cpu-usage-nano-cores-for-sandbox.patch
Patch0012: 0012-sleep-some-time-in-ServiceWorkThread-to-prevent-the-.patch
Patch0013: 0013-restore-name-for-rename-failed.patch
Patch0014: 0014-2371-Allow-iSulad-to-pull-load-image-with-symlink.patch
Patch0015: 0015-Replace-http-parser-dependency-with-lcr.patch
Patch0016: 0016-add-more-detailed-log-information-for-load-sandbox.patch
Patch0017: 0017-bugfix-for-the-concurrency-competition-between-the-r.patch
Patch0018: 0018-add-concurrent-load-test.patch
Patch0019: 0019-get-the-realpath-of-the-host-path-for-archive-when-c.patch
Patch0020: 0020-bugfix-for-wrong-goto-branch.patch
Patch0021: 0021-bugfix-for-wrong-dynamic-allocation-object-type.patch
Patch0022: 0022-add-swap-usage-in-cri.patch
Patch0023: 0023-add-benchmark-result-of-perf-test-in-cri.patch
Patch0024: 0024-add-support-for-systemd-cgroup-driver.patch
Patch0025: 0025-add-ci-cases-for-systemd-cgroup-driver.patch
Patch0026: 0026-move-systemd_cgroup-CI-test-to-manual-cases.patch
%ifarch x86_64 aarch64
Provides: libhttpclient.so()(64bit)
@ -55,7 +75,6 @@ BuildRequires: libisula-devel > %{lcrver_lower} libisula-devel < %{lcrver_upper}
BuildRequires: cmake gcc-c++ yajl-devel
BuildRequires: grpc grpc-plugins grpc-devel protobuf-devel ncurses-devel
BuildRequires: libcurl libcurl-devel libarchive-devel device-mapper-devel
BuildRequires: http-parser-devel
BuildRequires: libseccomp-devel libcap-devel libselinux-devel libwebsockets libwebsockets-devel
BuildRequires: systemd-devel git
BuildRequires: libevhtp-devel libevent-devel
@ -67,7 +86,7 @@ BuildRequires: lib-shim-v2 lib-shim-v2-devel
Requires: libisula > %{lcrver_lower} libisula < %{lcrver_upper}
Requires: grpc protobuf
Requires: libcurl
Requires: http-parser libseccomp
Requires: libseccomp
Requires: libcap libselinux libwebsockets libarchive device-mapper
Requires: systemd
Requires: (docker-runc or runc)
@ -276,6 +295,12 @@ fi
%endif
%changelog
* Tue Mar 19 2024 zhongtao <zhongtao17@huawei.com> - 2.1.5-2
- Type: update
- ID: NA
- SUG: NA
- DESC: upgrade from upstream
* Tue Jan 30 2024 zhongtao <zhongtao17@huawei.com> - 2.1.5-1
- Type: update
- ID: NA