packages/iSulad
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
iSulad/0167-sandbox-del-shim_sandbox-and-change-sandbox-ops.patch
Lu Jingxiao a1efa78546 Sync patches from upstream for refactoring sandbox and bugfixing 
including:
15dd7690 add layer storage ut test
7a3d70db bugfix for parse_http_header
3144357f bugfix: mem leak
02a8be62 image store:fix code style
4f030e07 registry module code improve
0340a824 fix some bad code
7dfa6916 add image storage unit test
1e9031cc UT: del shim_sandbox and change sandbox ops
16da6634 sandbox: del shim_sandbox and change sandbox ops

Signed-off-by: Lu Jingxiao <lujingxiao@huawei.com>
(cherry picked from commit cd18a717e414326116ccbd19bc87e29fa9c4ffc6)
2025-01-06 10:43:52 +08:00

1168 lines
41 KiB
Diff
Raw Blame History

From 16da66344854a75ce7a9d7908e0a75732eb147dc Mon Sep 17 00:00:00 2001
From: liuxu <liuxu156@huawei.com>
Date: Wed, 27 Nov 2024 15:11:57 +0800
Subject: [PATCH 01/11] sandbox: del shim_sandbox and change sandbox ops
Signed-off-by: liuxu <liuxu156@huawei.com>
---
src/daemon/sandbox/sandbox.cc | 28 ++
src/daemon/sandbox/sandbox.h | 15 +-
src/daemon/sandbox/sandbox_manager.cc | 9 +-
src/daemon/sandbox/sandbox_ops.cc | 363 +---------------
.../sandbox/sandboxer/sandboxer_sandbox.cc | 401 ++++++++++++++++++
.../sandbox/sandboxer/sandboxer_sandbox.h | 33 +-
src/daemon/sandbox/shim/shim_sandbox.cc | 65 ---
src/daemon/sandbox/shim/shim_sandbox.h | 49 ---
8 files changed, 469 insertions(+), 494 deletions(-)
delete mode 100644 src/daemon/sandbox/shim/shim_sandbox.cc
delete mode 100644 src/daemon/sandbox/shim/shim_sandbox.h
diff --git a/src/daemon/sandbox/sandbox.cc b/src/daemon/sandbox/sandbox.cc
index 3715e5e0..d105d71a 100644
--- a/src/daemon/sandbox/sandbox.cc
+++ b/src/daemon/sandbox/sandbox.cc
@@ -1118,4 +1118,32 @@ void Sandbox::FillSandboxMetadata(sandbox_metadata* metadata, Errors &error)
metadata->sandbox_config_json = util_strdup_s(jsonStr.c_str());
}
+
+void Sandbox::LoadSandboxTasks()
+{
+}
+
+auto Sandbox::PrepareContainer(const char *containerId, const char *baseFs,
+ const oci_runtime_spec *ociSpec,
+ const char *consoleFifos[]) -> int
+{
+ return 0;
+}
+
+auto Sandbox::PrepareExec(const char *containerId, const char *execId,
+ defs_process *processSpec, const char *consoleFifos[]) -> int
+{
+ return 0;
+}
+
+auto Sandbox::PurgeContainer(const char *containerId) -> int
+{
+ return 0;
+}
+
+auto Sandbox::PurgeExec(const char *containerId, const char *execId) -> int
+{
+ return 0;
+}
+
}
\ No newline at end of file
diff --git a/src/daemon/sandbox/sandbox.h b/src/daemon/sandbox/sandbox.h
index 415406ff..58d60ecb 100644
--- a/src/daemon/sandbox/sandbox.h
+++ b/src/daemon/sandbox/sandbox.h
@@ -141,13 +141,14 @@ public:
void Status(runtime::v1::PodSandboxStatus &status);
// for sandbox api update
- virtual void LoadSandboxTasks() = 0;
- virtual auto SaveSandboxTasks() -> bool = 0;
- virtual auto AddSandboxTasks(sandbox_task *task) -> bool = 0;
- virtual auto GetAnySandboxTasks() -> std::string = 0;
- virtual void DeleteSandboxTasks(const char *containerId) = 0;
- virtual auto AddSandboxTasksProcess(const char *containerId, sandbox_process *processes) -> bool = 0;
- virtual void DeleteSandboxTasksProcess(const char *containerId, const char *execId) = 0;
+ virtual void LoadSandboxTasks();
+ virtual auto PrepareContainer(const char *containerId, const char *baseFs,
+ const oci_runtime_spec *ociSpec,
+ const char *consoleFifos[]) -> int;
+ virtual auto PrepareExec(const char *containerId, const char *execId,
+ defs_process *processSpec, const char *consoleFifos[]) -> int;
+ virtual auto PurgeContainer(const char *containerId) -> int;
+ virtual auto PurgeExec(const char *containerId, const char *execId) -> int;
private:
auto SaveState(Errors &error) -> bool;
diff --git a/src/daemon/sandbox/sandbox_manager.cc b/src/daemon/sandbox/sandbox_manager.cc
index ba003d56..a7908a60 100644
--- a/src/daemon/sandbox/sandbox_manager.cc
+++ b/src/daemon/sandbox/sandbox_manager.cc
@@ -27,7 +27,6 @@
#ifdef ENABLE_SANDBOXER
#include "sandboxer_sandbox.h"
#endif
-#include "shim_sandbox.h"
#include "isulad_config.h"
#include "utils_verify.h"
#include "utils_file.h"
@@ -116,12 +115,12 @@ auto SandboxManager::CreateSandbox(const std::string &name, RuntimeInfo &info, s
#ifdef ENABLE_SANDBOXER
if (info.sandboxer == SHIM_CONTROLLER_NAME) {
- sandbox = std::make_shared<ShimSandbox>(id, m_rootdir, m_statedir, name, info, netMode, netNsPath, sandboxConfig, image);
+ sandbox = std::make_shared<Sandbox>(id, m_rootdir, m_statedir, name, info, netMode, netNsPath, sandboxConfig, image);
} else {
sandbox = std::make_shared<SandboxerSandbox>(id, m_rootdir, m_statedir, name, info, netMode, netNsPath, sandboxConfig, image);
}
#else
- sandbox = std::make_shared<ShimSandbox>(id, m_rootdir, m_statedir, name, info, netMode, netNsPath, sandboxConfig, image);
+ sandbox = std::make_shared<Sandbox>(id, m_rootdir, m_statedir, name, info, netMode, netNsPath, sandboxConfig, image);
#endif
if (sandbox == nullptr) {
ERROR("Failed to malloc for sandbox: %s", name.c_str());
@@ -485,12 +484,12 @@ auto SandboxManager::LoadSandbox(std::string &id) -> std::shared_ptr<Sandbox>
#ifdef ENABLE_SANDBOXER
if (IsShimSandbox(id, m_rootdir)) {
- sandbox = std::make_shared<ShimSandbox>(id, m_rootdir, m_statedir);
+ sandbox = std::make_shared<Sandbox>(id, m_rootdir, m_statedir);
} else {
sandbox = std::make_shared<SandboxerSandbox>(id, m_rootdir, m_statedir);
}
#else
- sandbox = std::make_shared<ShimSandbox>(id, m_rootdir, m_statedir);
+ sandbox = std::make_shared<Sandbox>(id, m_rootdir, m_statedir);
#endif
if (sandbox == nullptr) {
ERROR("Failed to malloc for sandboxes: %s", id.c_str());
diff --git a/src/daemon/sandbox/sandbox_ops.cc b/src/daemon/sandbox/sandbox_ops.cc
index f50a1033..ae881933 100644
--- a/src/daemon/sandbox/sandbox_ops.cc
+++ b/src/daemon/sandbox/sandbox_ops.cc
@@ -24,12 +24,6 @@
#include "sandbox.h"
#include "namespace.h"
#include "utils.h"
-#include "utils_timestamp.h"
-#include "utils_array.h"
-
-const std::string SANDBOX_EXTENSIONS_TASKS = "extensions.tasks";
-const std::string SANDBOX_TASKS_KEY = "tasks";
-const std::string SANDBOX_TASKS_TYPEURL = "github.com/containerd/containerd/Tasks";
static inline bool validate_sandbox_info(const container_sandbox_info *sandbox)
{
@@ -37,99 +31,6 @@ static inline bool validate_sandbox_info(const container_sandbox_info *sandbox)
sandbox->id != NULL);
}
-static int generate_ctrl_rootfs(sandbox_task *task,
- const container_config_v2_common_config *config)
-{
- size_t len = 1;
- if (nullptr == config->base_fs) {
- ERROR("Container %s has no base fs", config->id);
- return -1;
- }
-
- // TODO: rootfs's options left to be configured
- task->rootfs = (sandbox_mount **)util_smart_calloc_s(sizeof(sandbox_mount *), len);
- if (task->rootfs == nullptr) {
- ERROR("Out of memory.");
- return -1;
- }
- task->rootfs[0] = (sandbox_mount *)util_common_calloc_s(sizeof(sandbox_mount));
- if (task->rootfs[0] == nullptr) {
- ERROR("Out of memory.");
- return -1;
- }
- task->rootfs_len = len;
- task->rootfs[0]->type = util_strdup_s(MOUNT_TYPE_BIND);
- task->rootfs[0]->source = util_strdup_s(config->base_fs);
-
- return 0;
-}
-
-static int do_sandbox_update(std::shared_ptr<sandbox::Sandbox> &sandbox, sandbox_sandbox *apiSandbox)
-{
- Errors err;
- size_t fields_len = 1;
- __isula_auto_string_array_t string_array *fields = nullptr;
-
- fields = util_string_array_new(fields_len);
- if (fields == nullptr) {
- ERROR("Out of memory.");
- return -1;
- }
- if (util_append_string_array(fields, SANDBOX_EXTENSIONS_TASKS.c_str())) {
- ERROR("Out of memory.");
- return -1;
- }
-
- auto controller = sandbox::ControllerManager::GetInstance()->GetController(sandbox->GetSandboxer());
- if (nullptr == controller) {
- ERROR("Invalid sandboxer name: %s", sandbox->GetSandboxer().c_str());
- return -1;
- }
-
- if (!controller->Update(apiSandbox, fields, err)) {
- ERROR("Failed to update in container controller update: %s", err.GetCMessage());
- return -1;
- }
-
- return 0;
-}
-
-static oci_runtime_spec *clone_oci_runtime_spec(const oci_runtime_spec *oci_spec)
-{
- __isula_auto_free char *json_str = nullptr;
- __isula_auto_free parser_error err = nullptr;
- oci_runtime_spec *ret = nullptr;
-
- json_str = oci_runtime_spec_generate_json(oci_spec, nullptr, &err);
- if (json_str == nullptr) {
- ERROR("Failed to generate spec json: %s", err);
- return nullptr;
- }
- ret = oci_runtime_spec_parse_data(json_str, nullptr, &err);
- if (ret == nullptr) {
- ERROR("Failed to generate spec: %s", err);
- }
- return ret;
-}
-
-static defs_process *clone_defs_process(defs_process *process_spec)
-{
- __isula_auto_free char *json_str = nullptr;
- __isula_auto_free parser_error err = nullptr;
- defs_process *ret = nullptr;
-
- json_str = defs_process_generate_json(process_spec, nullptr, &err);
- if (json_str == nullptr) {
- ERROR("Failed to generate process spec json: %s", err);
- return nullptr;
- }
- ret = defs_process_parse_data(json_str, nullptr, &err);
- if (ret == nullptr) {
- ERROR("Failed to generate process spec: %s", err);
- }
- return ret;
-}
-
static std::shared_ptr<sandbox::Sandbox> get_prepare_sandbox(const container_config_v2_common_config *config)
{
if (nullptr == config || nullptr == config->id) {
@@ -151,126 +52,11 @@ static std::shared_ptr<sandbox::Sandbox> get_prepare_sandbox(const container_con
return sandbox;
}
-static sandbox_sandbox_runtime *init_sandbox_runtime(std::shared_ptr<sandbox::Sandbox> sandbox)
-{
- sandbox_sandbox_runtime *runtime = nullptr;
-
- auto runtime_wrapper = makeUniquePtrCStructWrapper<sandbox_sandbox_runtime>(free_sandbox_sandbox_runtime);
- if (runtime_wrapper == nullptr) {
- ERROR("Out of memory");
- return nullptr;
- }
- runtime = runtime_wrapper->get();
- runtime->name = util_strdup_s(sandbox->GetRuntime().c_str());
- // Just ignore options for now
-
- return runtime_wrapper->move();
-}
-
-static json_map_string_string *init_sandbox_labels(std::shared_ptr<sandbox::Sandbox> sandbox)
-{
- json_map_string_string *labels = nullptr;
-
- auto labels_wrapper = makeUniquePtrCStructWrapper<json_map_string_string>(free_json_map_string_string);
- if (labels_wrapper == nullptr) {
- ERROR("Out of memory");
- return nullptr;
- }
- labels = labels_wrapper->get();
- if (append_json_map_string_string(labels, "name", sandbox->GetName().c_str()) != 0) {
- ERROR("Out of memory");
- return nullptr;
- }
-
- return labels_wrapper->move();
-}
-
-static defs_map_string_object_any *init_sandbox_extensions(std::shared_ptr<sandbox::Sandbox> sandbox)
-{
- defs_map_string_object_any *extensions = nullptr;
- size_t len = 1;
- std::string task_json;
-
- auto extensions_wrapper = makeUniquePtrCStructWrapper<defs_map_string_object_any>(free_defs_map_string_object_any);
- if (extensions_wrapper == nullptr) {
- ERROR("Out of memory");
- return nullptr;
- }
- extensions = extensions_wrapper->get();
- extensions->keys = (char **)util_smart_calloc_s(sizeof(char *), len);
- if (extensions->keys == nullptr) {
- ERROR("Out of memory.");
- return nullptr;
- }
- extensions->len = len;
- extensions->values = (defs_map_string_object_any_element **)
- util_smart_calloc_s(sizeof(defs_map_string_object_any_element *), len);
- if (extensions->values == nullptr) {
- ERROR("Out of memory.");
- return nullptr;
- }
- extensions->values[0] = (defs_map_string_object_any_element *)
- util_common_calloc_s(sizeof(defs_map_string_object_any_element));
- if (extensions->values[0] == nullptr) {
- ERROR("Out of memory.");
- return nullptr;
- }
- extensions->values[0]->element = (defs_any *)util_common_calloc_s(sizeof(defs_any));
- if (extensions->values[0]->element == nullptr) {
- ERROR("Out of memory.");
- return nullptr;
- }
-
- extensions->keys[0] = util_strdup_s(SANDBOX_TASKS_KEY.c_str());
- task_json = sandbox->GetAnySandboxTasks();
- if (task_json.empty()) {
- ERROR("Failed to get any sandbox tasks");
- return nullptr;
- }
- DEBUG("Get any sandbox tasks %s", task_json.c_str());
- extensions->values[0]->element->type_url = util_strdup_s(SANDBOX_TASKS_TYPEURL.c_str());
- extensions->values[0]->element->value = reinterpret_cast<uint8_t *>(util_strdup_s(task_json.c_str()));
- extensions->values[0]->element->value_len = strlen(task_json.c_str());
-
- return extensions_wrapper->move();
-}
-
-static int init_api_sandbox(std::shared_ptr<sandbox::Sandbox> sandbox, sandbox_sandbox *apiSandbox)
-{
- apiSandbox->sandbox_id = util_strdup_s(sandbox->GetId().c_str());
- apiSandbox->runtime = init_sandbox_runtime(sandbox);
- if (apiSandbox->runtime == nullptr) {
- ERROR("Failed to init sandbox runtime");
- return -1;
- }
- // Just ignore spec
- apiSandbox->labels = init_sandbox_labels(sandbox);
- if (apiSandbox->labels == nullptr) {
- ERROR("Failed to init sandbox runtime");
- return -1;
- }
- apiSandbox->created_at = sandbox->GetCreatedAt();
- apiSandbox->updated_at = util_get_now_time_nanos();
- apiSandbox->extensions = init_sandbox_extensions(sandbox);
- if (apiSandbox->extensions == nullptr) {
- ERROR("Failed to init sandbox runtime");
- return -1;
- }
- apiSandbox->sandboxer = util_strdup_s(sandbox->GetSandboxer().c_str());
-
- return 0;
-}
int sandbox_prepare_container(const container_config_v2_common_config *config,
const oci_runtime_spec *oci_spec,
const char * console_fifos[], bool tty)
{
- sandbox_task *task = nullptr;
- sandbox_sandbox *apiSandbox = nullptr;
- int ret = -1;
-
- INFO("Prepare container for sandbox");
-
if (nullptr == console_fifos) {
ERROR("Invlaid parameter: console_fifos");
return -1;
@@ -282,67 +68,13 @@ int sandbox_prepare_container(const container_config_v2_common_config *config,
return -1;
}
- auto apiSandbox_wrapper = makeUniquePtrCStructWrapper<sandbox_sandbox>(free_sandbox_sandbox);
- if (apiSandbox_wrapper == nullptr) {
- ERROR("Out of memory");
- return -1;
- }
- apiSandbox = apiSandbox_wrapper->get();
- auto task_wrapper = makeUniquePtrCStructWrapper<sandbox_task>(free_sandbox_task);
- if (task_wrapper == nullptr) {
- ERROR("Out of memory");
- return -1;
- }
- task = task_wrapper->get();
-
- task->task_id = util_strdup_s(config->id);
- task->spec = clone_oci_runtime_spec(oci_spec);
- if (task->spec == nullptr) {
- ERROR("Out of memory.");
- return -1;
- }
- if (generate_ctrl_rootfs(task, config) != 0) {
- ERROR("Invalid rootfs");
- return -1;
- }
- task->stdin = util_strdup_s((nullptr == console_fifos[0]) ? "" : console_fifos[0]);
- task->stdout = util_strdup_s((nullptr == console_fifos[1]) ? "" : console_fifos[1]);
- task->stderr = util_strdup_s((nullptr == console_fifos[2]) ? "" : console_fifos[2]);
-
- if (!sandbox->AddSandboxTasks(task)) {
- ERROR("Failed to add sandbox %s task.", config->id);
- return -1;
- }
- task = task_wrapper->move();
- ret = init_api_sandbox(sandbox, apiSandbox);
- if (ret != 0) {
- ERROR("Failed to init %s api sandbox.", config->id);
- goto del_out;
- }
- ret = do_sandbox_update(sandbox, apiSandbox);
-
-del_out:
- if (ret != 0) {
- sandbox->DeleteSandboxTasks(config->id);
- }
- if (!sandbox->SaveSandboxTasks()) {
- ERROR("Failed to Save %s sandbox tasks.", config->id);
- ret = -1;
- }
-
- return ret;
+ return sandbox->PrepareContainer(config->id, config->base_fs, oci_spec, console_fifos);
}
int sandbox_prepare_exec(const container_config_v2_common_config *config,
const char *exec_id, defs_process *process_spec,
const char * console_fifos[], bool tty)
{
- sandbox_process *process = nullptr;
- sandbox_sandbox *apiSandbox = nullptr;
- int ret = -1;
-
- INFO("Prepare exec for container in sandbox");
-
if (nullptr == console_fifos) {
ERROR("Invlaid parameter: console_fifos");
return -1;
@@ -354,116 +86,29 @@ int sandbox_prepare_exec(const container_config_v2_common_config *config,
return -1;
}
- auto apiSandbox_wrapper = makeUniquePtrCStructWrapper<sandbox_sandbox>(free_sandbox_sandbox);
- if (apiSandbox_wrapper == nullptr) {
- ERROR("Out of memory");
- return -1;
- }
- apiSandbox = apiSandbox_wrapper->get();
- auto process_wrapper = makeUniquePtrCStructWrapper<sandbox_process>(free_sandbox_process);
- if (process_wrapper == nullptr) {
- ERROR("Out of memory");
- return -1;
- }
- process = process_wrapper->get();
-
- process->exec_id = util_strdup_s(exec_id);
- process->spec = clone_defs_process(process_spec);
- if (process->spec == nullptr) {
- ERROR("Out of memory.");
- return -1;
- }
- process->stdin = util_strdup_s((nullptr == console_fifos[0]) ? "" : console_fifos[0]);
- process->stdout = util_strdup_s((nullptr == console_fifos[1]) ? "" : console_fifos[1]);
- process->stderr = util_strdup_s((nullptr == console_fifos[2]) ? "" : console_fifos[2]);
-
- if (!sandbox->AddSandboxTasksProcess(config->id, process)) {
- ERROR("Failed to add sandbox %s process.", config->id);
- return -1;
- }
- process = process_wrapper->move();
- ret = init_api_sandbox(sandbox, apiSandbox);
- if (ret != 0) {
- ERROR("Failed to init %s api sandbox.", config->id);
- goto del_out;
- }
- ret = do_sandbox_update(sandbox, apiSandbox);
-
-del_out:
- if (ret != 0) {
- sandbox->DeleteSandboxTasksProcess(config->id, exec_id);
- }
- if (!sandbox->SaveSandboxTasks()) {
- ERROR("Failed to Save %s sandbox tasks.", config->id);
- ret = -1;
- }
-
- return ret;
+ return sandbox->PrepareExec(config->id, exec_id, process_spec, console_fifos);
}
int sandbox_purge_container(const container_config_v2_common_config *config)
{
- sandbox_sandbox *apiSandbox = nullptr;
-
- INFO("Purge container for sandbox");
-
auto sandbox = get_prepare_sandbox(config);
if (sandbox == nullptr) {
ERROR("Sandbox not found");
return -1;
}
- auto apiSandbox_wrapper = makeUniquePtrCStructWrapper<sandbox_sandbox>(free_sandbox_sandbox);
- if (apiSandbox_wrapper == nullptr) {
- ERROR("Out of memory");
- return -1;
- }
- apiSandbox = apiSandbox_wrapper->get();
-
- sandbox->DeleteSandboxTasks(config->id);
- if (!sandbox->SaveSandboxTasks()) {
- ERROR("Failed to Save %s sandbox tasks.", config->id);
- return -1;
- }
-
- if (init_api_sandbox(sandbox, apiSandbox) != 0) {
- ERROR("Failed to init %s api sandbox.", config->id);
- return -1;
- }
- return do_sandbox_update(sandbox, apiSandbox);
+ return sandbox->PurgeContainer(config->id);
}
int sandbox_purge_exec(const container_config_v2_common_config *config, const char *exec_id)
{
- sandbox_sandbox *apiSandbox = nullptr;
-
- INFO("Purge exec for container in sandbox");
-
auto sandbox = get_prepare_sandbox(config);
if (sandbox == nullptr) {
ERROR("Sandbox not found");
return -1;
}
- auto apiSandbox_wrapper = makeUniquePtrCStructWrapper<sandbox_sandbox>(free_sandbox_sandbox);
- if (apiSandbox_wrapper == nullptr) {
- ERROR("Out of memory");
- return -1;
- }
- apiSandbox = apiSandbox_wrapper->get();
-
- sandbox->DeleteSandboxTasksProcess(config->id, exec_id);
- if (!sandbox->SaveSandboxTasks()) {
- ERROR("Failed to Save %s sandbox tasks.", config->id);
- return -1;
- }
-
- if (init_api_sandbox(sandbox, apiSandbox) != 0) {
- ERROR("Failed to init %s api sandbox.", exec_id);
- return -1;
- }
-
- return do_sandbox_update(sandbox, apiSandbox);
+ return sandbox->PurgeExec(config->id, exec_id);
}
int sandbox_on_sandbox_exit(const char *sandbox_id, int exit_code)
diff --git a/src/daemon/sandbox/sandboxer/sandboxer_sandbox.cc b/src/daemon/sandbox/sandboxer/sandboxer_sandbox.cc
index 726b7b3a..b2e2fb32 100644
--- a/src/daemon/sandbox/sandboxer/sandboxer_sandbox.cc
+++ b/src/daemon/sandbox/sandboxer/sandboxer_sandbox.cc
@@ -23,13 +23,21 @@
#include <isula_libutils/log.h>
#include <isula_libutils/auto_cleanup.h>
+#include <isula_libutils/sandbox_sandbox.h>
+#include <isula_libutils/defs_process.h>
#include "utils_file.h"
#include "utils.h"
#include "cxxutils.h"
+#include "utils_timestamp.h"
+#include "utils_array.h"
namespace sandbox {
+const std::string SANDBOX_EXTENSIONS_TASKS = "extensions.tasks";
+const std::string SANDBOX_TASKS_KEY = "tasks";
+const std::string SANDBOX_TASKS_TYPEURL = "github.com/containerd/containerd/Tasks";
+
SandboxerSandbox::SandboxerSandbox(const std::string id, const std::string &rootdir, const std::string &statedir, const std::string name,
const RuntimeInfo info, std::string netMode, std::string netNsPath, const runtime::v1::PodSandboxConfig sandboxConfig,
const std::string image):Sandbox(id, rootdir, statedir, name, info, netMode,
@@ -251,4 +259,397 @@ void SandboxerSandbox::DeleteSandboxTasksProcess(const char *containerId, const
iter->second->DeleteSandboxTasksProcess(execId);
}
+static oci_runtime_spec *clone_oci_runtime_spec(const oci_runtime_spec *oci_spec)
+{
+ __isula_auto_free char *json_str = nullptr;
+ __isula_auto_free parser_error err = nullptr;
+ oci_runtime_spec *ret = nullptr;
+
+ json_str = oci_runtime_spec_generate_json(oci_spec, nullptr, &err);
+ if (json_str == nullptr) {
+ ERROR("Failed to generate spec json: %s", err);
+ return nullptr;
+ }
+ ret = oci_runtime_spec_parse_data(json_str, nullptr, &err);
+ if (ret == nullptr) {
+ ERROR("Failed to generate spec: %s", err);
+ }
+ return ret;
+}
+
+static defs_process *clone_defs_process(defs_process *process_spec)
+{
+ __isula_auto_free char *json_str = nullptr;
+ __isula_auto_free parser_error err = nullptr;
+ defs_process *ret = nullptr;
+
+ json_str = defs_process_generate_json(process_spec, nullptr, &err);
+ if (json_str == nullptr) {
+ ERROR("Failed to generate process spec json: %s", err);
+ return nullptr;
+ }
+ ret = defs_process_parse_data(json_str, nullptr, &err);
+ if (ret == nullptr) {
+ ERROR("Failed to generate process spec: %s", err);
+ }
+ return ret;
+}
+
+auto SandboxerSandbox::GenerateCtrlRootfs(sandbox_task *task, const char *baseFs) -> int
+{
+ size_t len = 1;
+ if (nullptr == baseFs) {
+ ERROR("Container %s has no base fs", task->task_id);
+ return -1;
+ }
+
+ // TODO: rootfs's options left to be configured
+ task->rootfs = (sandbox_mount **)util_smart_calloc_s(sizeof(sandbox_mount *), len);
+ if (task->rootfs == nullptr) {
+ ERROR("Out of memory.");
+ return -1;
+ }
+ task->rootfs[0] = (sandbox_mount *)util_common_calloc_s(sizeof(sandbox_mount));
+ if (task->rootfs[0] == nullptr) {
+ ERROR("Out of memory.");
+ return -1;
+ }
+ task->rootfs_len = len;
+ task->rootfs[0]->type = util_strdup_s(MOUNT_TYPE_BIND);
+ task->rootfs[0]->source = util_strdup_s(baseFs);
+
+ return 0;
+}
+
+auto SandboxerSandbox::InitSandboxRuntime() -> sandbox_sandbox_runtime *
+{
+ sandbox_sandbox_runtime *runtime = nullptr;
+
+ auto runtime_wrapper = makeUniquePtrCStructWrapper<sandbox_sandbox_runtime>(free_sandbox_sandbox_runtime);
+ if (runtime_wrapper == nullptr) {
+ ERROR("Out of memory");
+ return nullptr;
+ }
+ runtime = runtime_wrapper->get();
+ runtime->name = util_strdup_s(GetRuntime().c_str());
+ // Just ignore options for now
+
+ return runtime_wrapper->move();
+}
+
+auto SandboxerSandbox::InitSandboxLabels() -> json_map_string_string *
+{
+ json_map_string_string *labels = nullptr;
+
+ auto labels_wrapper = makeUniquePtrCStructWrapper<json_map_string_string>(free_json_map_string_string);
+ if (labels_wrapper == nullptr) {
+ ERROR("Out of memory");
+ return nullptr;
+ }
+ labels = labels_wrapper->get();
+ if (append_json_map_string_string(labels, "name", GetName().c_str()) != 0) {
+ ERROR("Out of memory");
+ return nullptr;
+ }
+
+ return labels_wrapper->move();
+}
+
+auto SandboxerSandbox::InitSandboxExtensions() -> defs_map_string_object_any *
+{
+ defs_map_string_object_any *extensions = nullptr;
+ size_t len = 1;
+ std::string task_json;
+
+ auto extensions_wrapper = makeUniquePtrCStructWrapper<defs_map_string_object_any>(free_defs_map_string_object_any);
+ if (extensions_wrapper == nullptr) {
+ ERROR("Out of memory");
+ return nullptr;
+ }
+ extensions = extensions_wrapper->get();
+
+ extensions->keys = (char **)util_smart_calloc_s(sizeof(char *), len);
+ if (extensions->keys == nullptr) {
+ ERROR("Out of memory.");
+ return nullptr;
+ }
+ extensions->values = (defs_map_string_object_any_element **)
+ util_smart_calloc_s(sizeof(defs_map_string_object_any_element *), len);
+ if (extensions->values == nullptr) {
+ ERROR("Out of memory.");
+ free(extensions->keys);
+ extensions->keys = nullptr;
+ return nullptr;
+ }
+ extensions->len = len;
+
+ extensions->values[0] = (defs_map_string_object_any_element *)
+ util_common_calloc_s(sizeof(defs_map_string_object_any_element));
+ if (extensions->values[0] == nullptr) {
+ ERROR("Out of memory.");
+ return nullptr;
+ }
+ extensions->values[0]->element = (defs_any *)util_common_calloc_s(sizeof(defs_any));
+ if (extensions->values[0]->element == nullptr) {
+ ERROR("Out of memory.");
+ return nullptr;
+ }
+
+ extensions->keys[0] = util_strdup_s(SANDBOX_TASKS_KEY.c_str());
+ task_json = GetAnySandboxTasks();
+ if (task_json.empty()) {
+ ERROR("Failed to get any sandbox tasks");
+ return nullptr;
+ }
+ DEBUG("Get any sandbox tasks %s", task_json.c_str());
+ extensions->values[0]->element->type_url = util_strdup_s(SANDBOX_TASKS_TYPEURL.c_str());
+ extensions->values[0]->element->value = reinterpret_cast<uint8_t *>(util_strdup_s(task_json.c_str()));
+ extensions->values[0]->element->value_len = strlen(task_json.c_str());
+
+ return extensions_wrapper->move();
+}
+
+auto SandboxerSandbox::InitApiSandbox(sandbox_sandbox *apiSandbox) -> int
+{
+ apiSandbox->sandbox_id = util_strdup_s(GetId().c_str());
+ apiSandbox->runtime = InitSandboxRuntime();
+ if (apiSandbox->runtime == nullptr) {
+ ERROR("Failed to init sandbox runtime");
+ return -1;
+ }
+ // Just ignore spec
+ apiSandbox->labels = InitSandboxLabels();
+ if (apiSandbox->labels == nullptr) {
+ ERROR("Failed to init sandbox runtime");
+ return -1;
+ }
+ apiSandbox->created_at = GetCreatedAt();
+ apiSandbox->updated_at = util_get_now_time_nanos();
+ apiSandbox->extensions = InitSandboxExtensions();
+ if (apiSandbox->extensions == nullptr) {
+ ERROR("Failed to init sandbox runtime");
+ return -1;
+ }
+ apiSandbox->sandboxer = util_strdup_s(GetSandboxer().c_str());
+
+ return 0;
+}
+
+auto SandboxerSandbox::DoSandboxUpdate(sandbox_sandbox *apiSandbox) -> int
+{
+ Errors err;
+ size_t fields_len = 1;
+ __isula_auto_string_array_t string_array *fields = nullptr;
+
+ fields = util_string_array_new(fields_len);
+ if (fields == nullptr) {
+ ERROR("Out of memory.");
+ return -1;
+ }
+ if (util_append_string_array(fields, SANDBOX_EXTENSIONS_TASKS.c_str())) {
+ ERROR("Out of memory.");
+ return -1;
+ }
+
+ auto controller = sandbox::ControllerManager::GetInstance()->GetController(GetSandboxer());
+ if (nullptr == controller) {
+ ERROR("Invalid sandboxer name: %s", GetSandboxer().c_str());
+ return -1;
+ }
+
+ if (!controller->Update(apiSandbox, fields, err)) {
+ ERROR("Failed to update in container controller update: %s", err.GetCMessage());
+ return -1;
+ }
+
+ return 0;
+}
+
+auto SandboxerSandbox::PrepareContainer(const char *containerId, const char *baseFs,
+ const oci_runtime_spec *ociSpec,
+ const char *consoleFifos[]) -> int
+{
+ sandbox_task *task = nullptr;
+ sandbox_sandbox *apiSandbox = nullptr;
+
+ INFO("Prepare container for sandbox");
+
+ if (nullptr == consoleFifos) {
+ ERROR("Invlaid parameter: consoleFifos");
+ return -1;
+ }
+
+ auto apiSandbox_wrapper = makeUniquePtrCStructWrapper<sandbox_sandbox>(free_sandbox_sandbox);
+ if (apiSandbox_wrapper == nullptr) {
+ ERROR("Out of memory");
+ return -1;
+ }
+ apiSandbox = apiSandbox_wrapper->get();
+ auto task_wrapper = makeUniquePtrCStructWrapper<sandbox_task>(free_sandbox_task);
+ if (task_wrapper == nullptr) {
+ ERROR("Out of memory");
+ return -1;
+ }
+ task = task_wrapper->get();
+
+ task->task_id = util_strdup_s(containerId);
+ task->spec = clone_oci_runtime_spec(ociSpec);
+ if (task->spec == nullptr) {
+ ERROR("Out of memory.");
+ return -1;
+ }
+ if (GenerateCtrlRootfs(task, baseFs) != 0) {
+ ERROR("Invalid rootfs");
+ return -1;
+ }
+ task->stdin = util_strdup_s((nullptr == consoleFifos[0]) ? "" : consoleFifos[0]);
+ task->stdout = util_strdup_s((nullptr == consoleFifos[1]) ? "" : consoleFifos[1]);
+ task->stderr = util_strdup_s((nullptr == consoleFifos[2]) ? "" : consoleFifos[2]);
+
+ if (!AddSandboxTasks(task)) {
+ ERROR("Failed to add sandbox %s task.", containerId);
+ return -1;
+ }
+ task = task_wrapper->move();
+ if (InitApiSandbox(apiSandbox) != 0) {
+ ERROR("Failed to init %s api sandbox.", containerId);
+ goto del_out;
+ }
+ if (DoSandboxUpdate(apiSandbox) != 0) {
+ ERROR("Failed to update %s api sandbox.", containerId);
+ goto del_out;
+ }
+ if (!SaveSandboxTasks()) {
+ ERROR("Failed to Save %s sandbox tasks.", containerId);
+ (void)PurgeContainer(containerId);
+ return -1;
+ }
+ return 0;
+
+del_out:
+ DeleteSandboxTasks(containerId);
+ return -1;
+}
+
+auto SandboxerSandbox::PrepareExec(const char *containerId, const char *execId,
+ defs_process *processSpec, const char *consoleFifos[]) -> int
+{
+ sandbox_process *process = nullptr;
+ sandbox_sandbox *apiSandbox = nullptr;
+
+ INFO("Prepare exec for container in sandbox");
+
+ if (nullptr == consoleFifos) {
+ ERROR("Invlaid parameter: consoleFifos");
+ return -1;
+ }
+
+ auto apiSandbox_wrapper = makeUniquePtrCStructWrapper<sandbox_sandbox>(free_sandbox_sandbox);
+ if (apiSandbox_wrapper == nullptr) {
+ ERROR("Out of memory");
+ return -1;
+ }
+ apiSandbox = apiSandbox_wrapper->get();
+ auto process_wrapper = makeUniquePtrCStructWrapper<sandbox_process>(free_sandbox_process);
+ if (process_wrapper == nullptr) {
+ ERROR("Out of memory");
+ return -1;
+ }
+ process = process_wrapper->get();
+
+ process->exec_id = util_strdup_s(execId);
+ process->spec = clone_defs_process(processSpec);
+ if (process->spec == nullptr) {
+ ERROR("Out of memory.");
+ return -1;
+ }
+ process->stdin = util_strdup_s((nullptr == consoleFifos[0]) ? "" : consoleFifos[0]);
+ process->stdout = util_strdup_s((nullptr == consoleFifos[1]) ? "" : consoleFifos[1]);
+ process->stderr = util_strdup_s((nullptr == consoleFifos[2]) ? "" : consoleFifos[2]);
+
+ if (!AddSandboxTasksProcess(containerId, process)) {
+ ERROR("Failed to add sandbox %s process.", containerId);
+ return -1;
+ }
+ process = process_wrapper->move();
+ if (InitApiSandbox(apiSandbox) != 0) {
+ ERROR("Failed to init %s api sandbox.", containerId);
+ goto del_out;
+ }
+ if (DoSandboxUpdate(apiSandbox) != 0) {
+ ERROR("Failed to init %s api sandbox.", containerId);
+ goto del_out;
+ }
+ if (!SaveSandboxTasks()) {
+ ERROR("Failed to Save %s sandbox tasks.", containerId);
+ (void)PurgeExec(containerId, execId);
+ return -1;
+ }
+ return 0;
+
+del_out:
+ DeleteSandboxTasksProcess(containerId, execId);
+ return -1;
+}
+
+auto SandboxerSandbox::PurgeContainer(const char *containerId) -> int
+{
+ sandbox_sandbox *apiSandbox = nullptr;
+
+ INFO("Purge container for sandbox");
+
+ auto apiSandbox_wrapper = makeUniquePtrCStructWrapper<sandbox_sandbox>(free_sandbox_sandbox);
+ if (apiSandbox_wrapper == nullptr) {
+ ERROR("Out of memory");
+ return -1;
+ }
+ apiSandbox = apiSandbox_wrapper->get();
+
+ DeleteSandboxTasks(containerId);
+
+ if (InitApiSandbox(apiSandbox) != 0) {
+ ERROR("Failed to init %s api sandbox.", containerId);
+ return -1;
+ }
+ if (DoSandboxUpdate(apiSandbox) != 0) {
+ ERROR("Failed to update %s api sandbox.", containerId);
+ return -1;
+ }
+ if (!SaveSandboxTasks()) {
+ ERROR("Failed to Save %s sandbox tasks.", containerId);
+ return -1;
+ }
+ return 0;
+}
+
+auto SandboxerSandbox::PurgeExec(const char *containerId, const char *execId) -> int
+{
+ sandbox_sandbox *apiSandbox = nullptr;
+
+ INFO("Purge exec for container in sandbox");
+
+ auto apiSandbox_wrapper = makeUniquePtrCStructWrapper<sandbox_sandbox>(free_sandbox_sandbox);
+ if (apiSandbox_wrapper == nullptr) {
+ ERROR("Out of memory");
+ return -1;
+ }
+ apiSandbox = apiSandbox_wrapper->get();
+
+ DeleteSandboxTasksProcess(containerId, execId);
+
+ if (InitApiSandbox(apiSandbox) != 0) {
+ ERROR("Failed to init %s api sandbox.", execId);
+ return -1;
+ }
+ if (DoSandboxUpdate(apiSandbox) != 0) {
+ ERROR("Failed to update %s api sandbox.", execId);
+ return -1;
+ }
+ if (!SaveSandboxTasks()) {
+ ERROR("Failed to Save %s sandbox tasks.", containerId);
+ return -1;
+ }
+ return 0;
+}
+
}
\ No newline at end of file
diff --git a/src/daemon/sandbox/sandboxer/sandboxer_sandbox.h b/src/daemon/sandbox/sandboxer/sandboxer_sandbox.h
index 552eb328..37a96cd6 100644
--- a/src/daemon/sandbox/sandboxer/sandboxer_sandbox.h
+++ b/src/daemon/sandbox/sandboxer/sandboxer_sandbox.h
@@ -33,24 +33,39 @@ public:
const runtime::v1::PodSandboxConfig sandboxConfig = runtime::v1::PodSandboxConfig::default_instance(),
const std::string image = "");
virtual ~SandboxerSandbox() = default;
-
- // for sandbox api update
- auto GetTasksJsonPath() -> std::string;
+
void LoadSandboxTasks() override;
- auto SaveSandboxTasks() -> bool override;
- auto AddSandboxTasks(sandbox_task *task) -> bool override;
- auto GetAnySandboxTasks() -> std::string override;
- void DeleteSandboxTasks(const char *containerId) override;
- auto AddSandboxTasksProcess(const char *containerId, sandbox_process *processes) -> bool override;
- void DeleteSandboxTasksProcess(const char *containerId, const char *execId) override;
+
+ auto PrepareContainer(const char *containerId, const char *baseFs,
+ const oci_runtime_spec *ociSpec,
+ const char *consoleFifos[]) -> int override;
+ auto PrepareExec(const char *containerId, const char *execId,
+ defs_process *processSpec, const char *consoleFifos[]) -> int override;
+ auto PurgeContainer(const char *containerId) -> int override;
+ auto PurgeExec(const char *containerId, const char *execId) -> int override;
private:
+ auto GetTasksJsonPath() -> std::string;
+ auto SaveSandboxTasks() -> bool;
+ auto AddSandboxTasks(sandbox_task *task) -> bool;
+ auto GetAnySandboxTasks() -> std::string;
+ void DeleteSandboxTasks(const char *containerId);
+ auto AddSandboxTasksProcess(const char *containerId, sandbox_process *processes) -> bool;
+ void DeleteSandboxTasksProcess(const char *containerId, const char *execId);
+
auto AddTaskById(const char *task_id, sandbox_task *task) -> bool;
auto ReadSandboxTasksJson() -> sandbox_tasks *;
auto WriteSandboxTasksJson(std::string &tasks_json) -> bool;
auto DeleteSandboxTasksJson() -> bool;
void AddSandboxTasksByArray(sandbox_tasks *tasksArray);
+ auto GenerateCtrlRootfs(sandbox_task *task, const char *baseFs) -> int;
+ auto InitSandboxRuntime() -> sandbox_sandbox_runtime *;
+ auto InitSandboxLabels() -> json_map_string_string *;
+ auto InitSandboxExtensions() -> defs_map_string_object_any *;
+ auto InitApiSandbox(sandbox_sandbox *apiSandbox) -> int;
+ auto DoSandboxUpdate(sandbox_sandbox *apiSandbox) -> int;
+
private:
// use m_tasksMutex to ensure the correctness of the tasks
RWMutex m_tasksMutex;
diff --git a/src/daemon/sandbox/shim/shim_sandbox.cc b/src/daemon/sandbox/shim/shim_sandbox.cc
deleted file mode 100644
index 2efb8d7c..00000000
--- a/src/daemon/sandbox/shim/shim_sandbox.cc
+++ /dev/null
@@ -1,65 +0,0 @@
-/******************************************************************************
- * Copyright (c) Huawei Technologies Co., Ltd. 2024. All rights reserved.
- * iSulad licensed under the Mulan PSL v2.
- * You can use this software according to the terms and conditions of the Mulan PSL v2.
- * You may obtain a copy of Mulan PSL v2 at:
- * http://license.coscl.org.cn/MulanPSL2
- * THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR
- * IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR
- * PURPOSE.
- * See the Mulan PSL v2 for more details.
- * Author: liuxu
- * Create: 2024-11-20
- * Description: provide sandboxer sandbox class definition
- *********************************************************************************/
-#include "shim_sandbox.h"
-
-#include <unistd.h>
-#include <string>
-
-#include <isula_libutils/log.h>
-#include <isula_libutils/auto_cleanup.h>
-
-
-namespace sandbox {
-
-ShimSandbox::ShimSandbox(const std::string id, const std::string &rootdir, const std::string &statedir, const std::string name,
- const RuntimeInfo info, std::string netMode, std::string netNsPath, const runtime::v1::PodSandboxConfig sandboxConfig,
- const std::string image):Sandbox(id, rootdir, statedir, name, info, netMode,
- netNsPath, sandboxConfig, image)
-{
-}
-
-void ShimSandbox::LoadSandboxTasks()
-{
-}
-
-auto ShimSandbox::SaveSandboxTasks() -> bool
-{
- return true;
-}
-
-auto ShimSandbox::AddSandboxTasks(sandbox_task *task) -> bool
-{
- return true;
-}
-
-auto ShimSandbox::GetAnySandboxTasks() -> std::string
-{
- return std::string("Nothing for shim.");
-}
-
-void ShimSandbox::DeleteSandboxTasks(const char *containerId)
-{
-}
-
-auto ShimSandbox::AddSandboxTasksProcess(const char *containerId, sandbox_process *processes) -> bool
-{
- return true;
-}
-
-void ShimSandbox::DeleteSandboxTasksProcess(const char *containerId, const char *execId)
-{
-}
-
-}
\ No newline at end of file
diff --git a/src/daemon/sandbox/shim/shim_sandbox.h b/src/daemon/sandbox/shim/shim_sandbox.h
deleted file mode 100644
index 82da0573..00000000
--- a/src/daemon/sandbox/shim/shim_sandbox.h
+++ /dev/null
@@ -1,49 +0,0 @@
-/******************************************************************************
- * Copyright (c) Huawei Technologies Co., Ltd. 2024. All rights reserved.
- * iSulad licensed under the Mulan PSL v2.
- * You can use this software according to the terms and conditions of the Mulan PSL v2.
- * You may obtain a copy of Mulan PSL v2 at:
- * http://license.coscl.org.cn/MulanPSL2
- * THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR
- * IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR
- * PURPOSE.
- * See the Mulan PSL v2 for more details.
- * Author: liuxu
- * Create: 2024-11-20
- * Description: provide shim sandbox class definition
- *********************************************************************************/
-
-#ifndef DAEMON_SANDBOX_SHIM_SANDBOX_H
-#define DAEMON_SANDBOX_SHIM_SANDBOX_H
-
-#include <string>
-#include <mutex>
-#include <google/protobuf/map.h>
-
-#include "read_write_lock.h"
-#include "sandbox_task.h"
-#include "sandbox.h"
-
-namespace sandbox {
-
-class ShimSandbox : public Sandbox {
-public:
- ShimSandbox(const std::string id, const std::string &rootdir, const std::string &statedir, const std::string name = "",
- const RuntimeInfo info = {"", "", ""}, std::string netMode = DEFAULT_NETMODE, std::string netNsPath = "",
- const runtime::v1::PodSandboxConfig sandboxConfig = runtime::v1::PodSandboxConfig::default_instance(),
- const std::string image = "");
- virtual ~ShimSandbox() = default;
-
- // for sandbox api update
- void LoadSandboxTasks() override;
- auto SaveSandboxTasks() -> bool override;
- auto AddSandboxTasks(sandbox_task *task) -> bool override;
- auto GetAnySandboxTasks() -> std::string override;
- void DeleteSandboxTasks(const char *containerId) override;
- auto AddSandboxTasksProcess(const char *containerId, sandbox_process *processes) -> bool override;
- void DeleteSandboxTasksProcess(const char *containerId, const char *execId) override;
-};
-
-} // namespace sandbox
-
-#endif // DAEMON_SANDBOX_SHIM_SANDBOX_H
\ No newline at end of file
--
2.23.0
Reference in New Issue View Git Blame Copy Permalink