176 lines
5.4 KiB
Diff
176 lines
5.4 KiB
Diff
From 3b181aba17cbb414249703bcbada4d36170de212 Mon Sep 17 00:00:00 2001
|
|
From: Song Zhang <zhangsong34@huawei.com>
|
|
Date: Wed, 6 Dec 2023 20:21:43 +0800
|
|
Subject: [PATCH] [Huawei]lxcfs-tools: support lxcfs reliability for docker
|
|
containers
|
|
|
|
Signed-off-by: Song Zhang <zhangsong34@huawei.com>
|
|
---
|
|
libmount/container_work.go | 29 ++++++++++++-------------
|
|
remountcmd.go | 43 +++++++++++++++++++++++++++++++++++---
|
|
umountcmd.go | 4 +++-
|
|
3 files changed, 58 insertions(+), 18 deletions(-)
|
|
|
|
diff --git a/libmount/container_work.go b/libmount/container_work.go
|
|
index f10a547..e1cb5ac 100644
|
|
--- a/libmount/container_work.go
|
|
+++ b/libmount/container_work.go
|
|
@@ -26,7 +26,7 @@ import (
|
|
)
|
|
|
|
var (
|
|
- lxcfsPath = "/var/lib/lxc/lxcfs/cgroup"
|
|
+ lxcfsPath = "/var/lib/lxc/lxcfs/cgroup"
|
|
)
|
|
|
|
func init() {
|
|
@@ -99,13 +99,13 @@ func doMount(pipe *os.File) error {
|
|
return err
|
|
}
|
|
|
|
- // remount lxcfs cgroup path readonly
|
|
- if err := syscall.Mount(mount.Rootfs+lxcfsPath, mount.Rootfs+lxcfsPath, "none", syscall.MS_BIND, ""); err != nil {
|
|
- return err
|
|
- }
|
|
- if err := syscall.Mount(mount.Rootfs+lxcfsPath, mount.Rootfs+lxcfsPath, "none", syscall.MS_BIND|syscall.MS_REMOUNT|syscall.MS_RDONLY, ""); err != nil {
|
|
- return err
|
|
- }
|
|
+ // remount lxcfs cgroup path readonly
|
|
+ if err := syscall.Mount(mount.Rootfs+lxcfsPath, mount.Rootfs+lxcfsPath, "none", syscall.MS_BIND, ""); err != nil {
|
|
+ return err
|
|
+ }
|
|
+ if err := syscall.Mount(mount.Rootfs+lxcfsPath, mount.Rootfs+lxcfsPath, "none", syscall.MS_BIND|syscall.MS_REMOUNT|syscall.MS_RDONLY, ""); err != nil {
|
|
+ return err
|
|
+ }
|
|
for i := 0; i < len(mount.SrcPaths) && i < len(mount.DestPaths); i++ {
|
|
if err := syscall.Mount(mount.SrcPaths[i], mount.DestPaths[i], "none", syscall.MS_BIND, ""); err != nil {
|
|
return err
|
|
@@ -121,15 +121,16 @@ func doUmount(pipe *os.File) error {
|
|
}
|
|
for i := 0; i < len(umount.Paths); i++ {
|
|
if err := syscall.Unmount(umount.Paths[i], syscall.MNT_DETACH); err != nil {
|
|
- if !strings.Contains(err.Error(), "invalid argument") {
|
|
+ if !strings.Contains(err.Error(), "invalid argument") &&
|
|
+ !strings.Contains(err.Error(), "no such file or directory") {
|
|
return err
|
|
}
|
|
}
|
|
}
|
|
- if err := syscall.Unmount(lxcfsPath, 0); err != nil {
|
|
- if !strings.Contains(err.Error(), "invalid argument") {
|
|
- return err
|
|
- }
|
|
- }
|
|
+ if err := syscall.Unmount(lxcfsPath, 0); err != nil {
|
|
+ if !strings.Contains(err.Error(), "invalid argument") {
|
|
+ return err
|
|
+ }
|
|
+ }
|
|
return nil
|
|
}
|
|
diff --git a/remountcmd.go b/remountcmd.go
|
|
index 868d423..55a2599 100644
|
|
--- a/remountcmd.go
|
|
+++ b/remountcmd.go
|
|
@@ -22,6 +22,8 @@ import (
|
|
"lxcfs-tools/libmount"
|
|
"os"
|
|
"os/exec"
|
|
+ "encoding/json"
|
|
+ "strconv"
|
|
"strings"
|
|
"sync"
|
|
"syscall"
|
|
@@ -213,11 +215,45 @@ func remountAll(initMountns, initUserns string) error {
|
|
return nil
|
|
}
|
|
|
|
+var (
|
|
+ runcStateDir = "/run/docker/runtime-runc/moby"
|
|
+)
|
|
+
|
|
+type runcState struct {
|
|
+ Id string `json:"id"`
|
|
+ Pid int `json:"pid"`
|
|
+}
|
|
+
|
|
+func getRuncContainerIDAndPid() ([]string, error) {
|
|
+ out, err := execCommond("runc", []string{"--root", runcStateDir, "list", "--format", "json"})
|
|
+ if err != nil {
|
|
+ return nil ,err
|
|
+ }
|
|
+ if out[0] == "" {
|
|
+ return out, nil
|
|
+ }
|
|
+ // get runc states
|
|
+ var states []runcState
|
|
+ var res []string
|
|
+ if err = json.Unmarshal([]byte(out[0]), &states); err != nil {
|
|
+ return nil, err
|
|
+ }
|
|
+ for _, st := range states {
|
|
+ res = append(res, st.Id+" "+strconv.Itoa(st.Pid))
|
|
+ }
|
|
+ return res, nil
|
|
+}
|
|
+
|
|
func getContainerIDAndPid() ([]string, error) {
|
|
var (
|
|
out []string
|
|
err error
|
|
)
|
|
+
|
|
+ if _, err := exec.LookPath("isula"); err != nil {
|
|
+ return getRuncContainerIDAndPid()
|
|
+ }
|
|
+
|
|
for i := 0; i < 10; i++ {
|
|
out, err = execCommond("isula", []string{"ps", "--format", "{{.ID}} {{.Pid}}"})
|
|
if err == nil {
|
|
@@ -262,6 +298,9 @@ func remountToContainer(initMountns, initUserns, containerid string, pid string,
|
|
valueMountPaths = append(valueMountPaths, fmt.Sprintf("/var/lib/lxc/lxcfs/proc/%s", value.Name()))
|
|
}
|
|
|
|
+ valuePaths = append(valuePaths, "/sys/devices/system/cpu")
|
|
+ valueMountPaths = append(valueMountPaths, "/var/lib/lxc/lxcfs/sys/devices/system/cpu")
|
|
+
|
|
if err := libmount.NsExecUmount(pid, valuePaths); err != nil {
|
|
lxcfs_log.Errorf("unmount %v for container error: %v", valuePaths, err)
|
|
}
|
|
@@ -298,9 +337,7 @@ func isContainerExsit(containerid string) (string, error) {
|
|
|
|
func execCommond(command string, params []string) ([]string, error) {
|
|
cmd := exec.Command(command, params...)
|
|
- res := []string{
|
|
- " ",
|
|
- }
|
|
+ res := []string{}
|
|
lxcfs_log.Info("exec cmd :", cmd.Args)
|
|
|
|
stdout, err := cmd.StdoutPipe()
|
|
diff --git a/umountcmd.go b/umountcmd.go
|
|
index 8fd08ea..b988e21 100644
|
|
--- a/umountcmd.go
|
|
+++ b/umountcmd.go
|
|
@@ -85,7 +85,7 @@ var umountContainer = cli.Command{
|
|
|
|
func umountAll(initMountns, initUserns string) error {
|
|
lxcfs_log.Info("begin umount All runing container...")
|
|
- out, err := execCommond("isula", []string{"ps", "--format", "{{.ID}} {{.Pid}}"})
|
|
+ out, err := getContainerIDAndPid()
|
|
if err != nil {
|
|
return err
|
|
}
|
|
@@ -148,6 +148,8 @@ func umountForContainer(initMountns, initUserns, containerid string, pid string,
|
|
valuePaths = append(valuePaths, fmt.Sprintf("/proc/%s", value.Name()))
|
|
}
|
|
|
|
+ valuePaths = append(valuePaths, "/sys/devices/system/cpu")
|
|
+
|
|
if err := libmount.NsExecUmount(pid, valuePaths); err != nil {
|
|
lxcfs_log.Errorf("unmount %v for container %s error: %v", valuePaths, containerid, err)
|
|
return err
|
|
--
|
|
2.33.0
|
|
|