diff --git a/0007-update-annotations-and-add-ci-cases.patch b/0007-update-annotations-and-add-ci-cases.patch new file mode 100644 index 0000000000000000000000000000000000000000..65a550e5de250c4cc270a2b4b804505ec19629bf --- /dev/null +++ b/0007-update-annotations-and-add-ci-cases.patch @@ -0,0 +1,174 @@ +From ed4b71b2027a6e9fdf15931fe93aa9e0bb3dc79d Mon Sep 17 00:00:00 2001 +From: leizhongkai +Date: Wed, 31 Jan 2024 18:17:52 +0800 +Subject: [PATCH 07/26] update annotations and add ci cases + +Signed-off-by: leizhongkai +--- + .../container_cases/dev_cgroup_rule.sh | 24 +++++++++++ + src/daemon/modules/api/specs_api.h | 2 + + .../modules/service/service_container.c | 18 +++++++- + src/daemon/modules/spec/specs.c | 41 ++++++++++++++++++- + 4 files changed, 82 insertions(+), 3 deletions(-) + +diff --git a/CI/test_cases/container_cases/dev_cgroup_rule.sh b/CI/test_cases/container_cases/dev_cgroup_rule.sh +index 839a546c..5616d37a 100755 +--- a/CI/test_cases/container_cases/dev_cgroup_rule.sh ++++ b/CI/test_cases/container_cases/dev_cgroup_rule.sh +@@ -29,6 +29,9 @@ function test_cpu_dev_cgoup_rule_spec() + local image="busybox" + local test="container device cgroup rule test with (${runtime}) => (${FUNCNAME[@]})" + local test_dev="/dev/testA" ++ local default_config="/etc/default/isulad/config.json" ++ local default_config_bak="/etc/default/isulad/config.json.bak" ++ local test_cgroup_parent="/testABC" + + msg_info "${test} starting..." + +@@ -54,6 +57,27 @@ function test_cpu_dev_cgoup_rule_spec() + [[ $? -ne 0 ]] && [[ $cnt -le $priv_minor_88_cnt ]] && msg_err "${FUNCNAME[0]}:${LINENO} - check device minor failed" && ((ret++)) + isula rm -f $priv_cid + ++ def_cid=$(isula run -tid --runtime $runtime -m 10m $image /bin/sh) ++ [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - run container failed" && ((ret++)) ++ cp $default_config $default_config_bak ++ sed -i '/"linux": {/a \ \t\t"devices": [\n\t\t{\n\t\t\t"type": "c",\n\t\t\t"path": "\/dev\/testABC",\n\t\t\t"major": 88,\n\t\t\t"minor": 88\n\t\t}\n\t\t],' $default_config ++ stop_isulad_without_valgrind ++ start_isulad_with_valgrind --cgroup-parent $test_cgroup_parent ++ [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - start isulad failed" && ((ret++)) ++ isula restart -t 0 $def_cid ++ [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - restart container failed" && ((ret++)) ++ cat /sys/fs/cgroup/memory/$test_cgroup_parent/$def_cid/memory.limit_in_bytes | grep ^10485760$ ++ [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - --cgroup-parent cannot work" && ((ret++)) ++ cnt=$(cat ${RUNTIME_ROOT_PATH}/${runtime}/$def_cid/config.json | grep "major\": 88" | wc -l) ++ [[ $? -ne 0 ]]&& [[ $cnt -ne 2 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - check device major failed" && ((ret++)) ++ cnt=$(cat ${RUNTIME_ROOT_PATH}/${runtime}/$def_cid/config.json | grep "minor\": 88" | wc -l) ++ [[ $? -ne 0 ]] && [[ $cnt -ne 2 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - check device minor failed" && ((ret++)) ++ isula rm -f $def_cid ++ cp $default_config_bak $default_config ++ stop_isulad_without_valgrind ++ start_isulad_with_valgrind ++ [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - start isulad failed" && ((ret++)) ++ + cid=$(isula run -tid --device "$test_dev:$test_dev" --runtime $runtime $image /bin/sh) + [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - run container failed" && ((ret++)) + cnt=$(cat ${RUNTIME_ROOT_PATH}/${runtime}/$cid/config.json | grep "major\": 88" | wc -l) +diff --git a/src/daemon/modules/api/specs_api.h b/src/daemon/modules/api/specs_api.h +index 7c904614..f5f6ad8b 100644 +--- a/src/daemon/modules/api/specs_api.h ++++ b/src/daemon/modules/api/specs_api.h +@@ -41,6 +41,8 @@ int merge_share_namespace(oci_runtime_spec *oci_spec, const host_config *host_sp + const container_config_v2_common_config *v2_spec, + const container_network_settings *network_settings); + ++int update_spec_annotations(oci_runtime_spec *oci_spec, container_config *container_spec, host_config *host_spec); ++ + oci_runtime_spec *load_oci_config(const char *rootpath, const char *name); + + oci_runtime_spec *default_spec(bool system_container); +diff --git a/src/daemon/modules/service/service_container.c b/src/daemon/modules/service/service_container.c +index 97f73768..239783b8 100644 +--- a/src/daemon/modules/service/service_container.c ++++ b/src/daemon/modules/service/service_container.c +@@ -691,11 +691,18 @@ out: + epoll_loop_close(&descr); + } + +-static int do_oci_spec_update(const char *id, oci_runtime_spec *oci_spec, host_config *hostconfig) ++static int do_oci_spec_update(const char *id, oci_runtime_spec *oci_spec, container_config *container_spec, host_config *hostconfig) + { + __isula_auto_free char *cgroup_parent = NULL; + int ret; + ++ // First renew annotations for oci spec, cgroup path, rootfs.mount, native.mask ++ // for iSulad daemon might get updated ++ ret = update_spec_annotations(oci_spec, container_spec, hostconfig); ++ if (ret < 0) { ++ return -1; ++ } ++ + // If isulad daemon cgroup parent updated, we should update this config into oci spec + cgroup_parent = merge_container_cgroups_path(id, hostconfig); + if (cgroup_parent == NULL) { +@@ -802,13 +809,20 @@ static int do_start_container(container_t *cont, const char *console_fifos[], bo + } + + // Update possible changes +- nret = do_oci_spec_update(id, oci_spec, cont->hostconfig); ++ nret = do_oci_spec_update(id, oci_spec, cont->common_config->config, cont->hostconfig); + if (nret != 0) { + ERROR("Failed to update possible changes for oci spec"); + ret = -1; + goto close_exit_fd; + } + ++ nret = container_to_disk(cont); ++ if (nret != 0) { ++ ERROR("Failed to save container info to disk"); ++ ret = -1; ++ goto close_exit_fd; ++ } ++ + nret = setup_ipc_dirs(cont->hostconfig, cont->common_config); + if (nret != 0) { + ERROR("Failed to setup ipc dirs"); +diff --git a/src/daemon/modules/spec/specs.c b/src/daemon/modules/spec/specs.c +index cc49d85f..62e340b1 100644 +--- a/src/daemon/modules/spec/specs.c ++++ b/src/daemon/modules/spec/specs.c +@@ -385,6 +385,44 @@ out: + return ret; + } + ++int update_spec_annotations(oci_runtime_spec *oci_spec, container_config *container_spec, host_config *host_spec) ++{ ++ int ret = 0; ++ if (oci_spec == NULL || container_spec == NULL || host_spec == NULL) { ++ return -1; ++ } ++ ++ ret = make_sure_container_spec_annotations(container_spec); ++ if (ret < 0) { ++ return -1; ++ } ++ ++ ret = make_annotations_cgroup_dir(container_spec, host_spec); ++ if (ret != 0) { ++ return -1; ++ } ++ ++ /* add rootfs.mount */ ++ ret = add_rootfs_mount(container_spec); ++ if (ret != 0) { ++ ERROR("Failed to add rootfs mount"); ++ return -1; ++ } ++ ++ /* add native.umask */ ++ ret = add_native_umask(container_spec); ++ if (ret != 0) { ++ ERROR("Failed to add native umask"); ++ return -1; ++ } ++ ++ if (merge_annotations(oci_spec, container_spec)) { ++ return -1; ++ } ++ ++ return 0; ++} ++ + static int make_sure_oci_spec_root(oci_runtime_spec *oci_spec) + { + if (oci_spec->root == NULL) { +@@ -2501,4 +2539,5 @@ int spec_module_init(void) + return -1; + } + return 0; +-} +\ No newline at end of file ++} ++ +-- +2.25.1 + diff --git a/0008-bug-fix-for-device-cgroup-ulimt-oci-update.patch b/0008-bug-fix-for-device-cgroup-ulimt-oci-update.patch new file mode 100644 index 0000000000000000000000000000000000000000..76c6fab03670557fe5e63db3198354fd509d1b49 --- /dev/null +++ b/0008-bug-fix-for-device-cgroup-ulimt-oci-update.patch @@ -0,0 +1,184 @@ +From fe3413bb8ebae90f29ce3cc02373f3fc2b5d2fd2 Mon Sep 17 00:00:00 2001 +From: jikai +Date: Mon, 22 Jan 2024 20:19:29 +0800 +Subject: [PATCH 08/26] bug fix for device/cgroup/ulimt oci update + +Signed-off-by: jikai +--- + .../executor/container_cb/execution_create.c | 7 ++- + src/daemon/modules/api/specs_api.h | 4 ++ + .../modules/service/service_container.c | 18 +++--- + src/daemon/modules/spec/specs.c | 60 +++++++++++++++---- + 4 files changed, 63 insertions(+), 26 deletions(-) + +diff --git a/src/daemon/executor/container_cb/execution_create.c b/src/daemon/executor/container_cb/execution_create.c +index ca2a9163..e00afb68 100644 +--- a/src/daemon/executor/container_cb/execution_create.c ++++ b/src/daemon/executor/container_cb/execution_create.c +@@ -533,12 +533,15 @@ static int merge_config_for_syscontainer(const container_create_request *request + value = request->rootfs; + } + +- if (append_json_map_string_string(oci_spec->annotations, "rootfs.mount", value)) { ++ // should also update to container spec ++ if (append_json_map_string_string(container_spec->annotations, "rootfs.mount", value) ++ || append_json_map_string_string(oci_spec->annotations, "rootfs.mount", value)) { + ERROR("Realloc annotations failed"); + ret = -1; + goto out; + } +- if (request->rootfs != NULL && append_json_map_string_string(oci_spec->annotations, "external.rootfs", "true")) { ++ if (request->rootfs != NULL && (append_json_map_string_string(container_spec->annotations, "external.rootfs", "true") ++ || append_json_map_string_string(oci_spec->annotations, "external.rootfs", "true"))) { + ERROR("Realloc annotations failed"); + ret = -1; + goto out; +diff --git a/src/daemon/modules/api/specs_api.h b/src/daemon/modules/api/specs_api.h +index f5f6ad8b..f54c0d31 100644 +--- a/src/daemon/modules/api/specs_api.h ++++ b/src/daemon/modules/api/specs_api.h +@@ -47,6 +47,10 @@ oci_runtime_spec *load_oci_config(const char *rootpath, const char *name); + + oci_runtime_spec *default_spec(bool system_container); + ++int update_oci_container_cgroups_path(const char *id, oci_runtime_spec *oci_spec, const host_config *host_spec); ++ ++int update_oci_ulimit(oci_runtime_spec *oci_spec, const host_config *host_spec); ++ + const oci_runtime_spec *get_readonly_default_oci_spec(bool system_container); + + int spec_module_init(void); +diff --git a/src/daemon/modules/service/service_container.c b/src/daemon/modules/service/service_container.c +index 239783b8..a3606a82 100644 +--- a/src/daemon/modules/service/service_container.c ++++ b/src/daemon/modules/service/service_container.c +@@ -693,26 +693,21 @@ out: + + static int do_oci_spec_update(const char *id, oci_runtime_spec *oci_spec, container_config *container_spec, host_config *hostconfig) + { +- __isula_auto_free char *cgroup_parent = NULL; + int ret; + +- // First renew annotations for oci spec, cgroup path, rootfs.mount, native.mask +- // for iSulad daemon might get updated ++ // Renew annotations for oci spec, cgroup path only, ++ // since lxc uses the "cgroup.dir" in oci annotations to create cgroup ++ // should ensure that container spec has the same annotations as oci spec + ret = update_spec_annotations(oci_spec, container_spec, hostconfig); + if (ret < 0) { + return -1; + } + + // If isulad daemon cgroup parent updated, we should update this config into oci spec +- cgroup_parent = merge_container_cgroups_path(id, hostconfig); +- if (cgroup_parent == NULL) { ++ ret = update_oci_container_cgroups_path(id, oci_spec, hostconfig); ++ if (ret < 0) { + return -1; + } +- if (oci_spec->linux->cgroups_path != NULL && strcmp(oci_spec->linux->cgroups_path, cgroup_parent) != 0) { +- free(oci_spec->linux->cgroups_path); +- oci_spec->linux->cgroups_path = cgroup_parent; +- cgroup_parent = NULL; +- } + + // For Linux.Resources, isula update will save changes into oci spec; + // so we just skip it; +@@ -725,7 +720,8 @@ static int do_oci_spec_update(const char *id, oci_runtime_spec *oci_spec, contai + } + + // If isulad daemon ulimit updated, we should update this config into oci spec. +- if (merge_global_ulimit(oci_spec) != 0) { ++ ret = update_oci_ulimit(oci_spec, hostconfig); ++ if (ret < 0) { + return -1; + } + +diff --git a/src/daemon/modules/spec/specs.c b/src/daemon/modules/spec/specs.c +index 62e340b1..464b4fb4 100644 +--- a/src/daemon/modules/spec/specs.c ++++ b/src/daemon/modules/spec/specs.c +@@ -402,19 +402,8 @@ int update_spec_annotations(oci_runtime_spec *oci_spec, container_config *contai + return -1; + } + +- /* add rootfs.mount */ +- ret = add_rootfs_mount(container_spec); +- if (ret != 0) { +- ERROR("Failed to add rootfs mount"); +- return -1; +- } +- +- /* add native.umask */ +- ret = add_native_umask(container_spec); +- if (ret != 0) { +- ERROR("Failed to add native umask"); +- return -1; +- } ++ // other annotations will either not be updated after containers created ++ // or for rootfs mnt and umask, we do not support the update operation + + if (merge_annotations(oci_spec, container_spec)) { + return -1; +@@ -2302,6 +2291,27 @@ char *merge_container_cgroups_path(const char *id, const host_config *host_spec) + return util_path_join(path, id); + } + ++int update_oci_container_cgroups_path(const char *id, oci_runtime_spec *oci_spec, const host_config *hostconfig) ++{ ++ if (oci_spec == NULL || oci_spec->linux == NULL) { ++ ERROR("Invalid arguments"); ++ return -1; ++ } ++ ++ __isula_auto_free char *cgroup_parent = merge_container_cgroups_path(id, hostconfig); ++ if (cgroup_parent == NULL) { ++ return -1; ++ } ++ ++ if (oci_spec->linux->cgroups_path != NULL && strcmp(oci_spec->linux->cgroups_path, cgroup_parent) != 0) { ++ free(oci_spec->linux->cgroups_path); ++ oci_spec->linux->cgroups_path = cgroup_parent; ++ cgroup_parent = NULL; ++ } ++ ++ return 0; ++} ++ + static int merge_oci_cgroups_path(const char *id, oci_runtime_spec *oci_spec, const host_config *host_spec) + { + if (id == NULL || oci_spec == NULL || host_spec == NULL) { +@@ -2445,6 +2455,30 @@ out: + return ret; + } + ++int update_oci_ulimit(oci_runtime_spec *oci_spec, const host_config *hostconfig) { ++ if (oci_spec == NULL || hostconfig == NULL) { ++ ERROR("Invalid arguments"); ++ return -1; ++ } ++ ++ size_t i = 0; ++ if (oci_spec->process != NULL) { ++ for (i = 0; i < oci_spec->process->rlimits_len; i++) { ++ free_defs_process_rlimits_element(oci_spec->process->rlimits[i]); ++ oci_spec->process->rlimits[i] = NULL; ++ } ++ free(oci_spec->process->rlimits); ++ oci_spec->process->rlimits = NULL; ++ oci_spec->process->rlimits_len = 0; ++ } ++ ++ if (merge_conf_ulimits(oci_spec, hostconfig) != 0 || merge_global_ulimit(oci_spec) != 0) { ++ return -1; ++ } ++ ++ return 0; ++} ++ + /* read oci config */ + oci_runtime_spec *load_oci_config(const char *rootpath, const char *name) + { +-- +2.25.1 + diff --git a/0009-improve-dt-for-oci-spec-update.patch b/0009-improve-dt-for-oci-spec-update.patch new file mode 100644 index 0000000000000000000000000000000000000000..b383bf9ed15c15ea75915c9e613c374b9985f146 --- /dev/null +++ b/0009-improve-dt-for-oci-spec-update.patch @@ -0,0 +1,281 @@ +From 82dd5a1db70fdb3f4934a3f9c0ee290ce5bee1b2 Mon Sep 17 00:00:00 2001 +From: jikai +Date: Sat, 27 Jan 2024 15:30:05 +0800 +Subject: [PATCH 09/26] improve dt for oci spec update + +Signed-off-by: jikai +--- + .../container_cases/dev_cgroup_rule.sh | 4 +- + CI/test_cases/container_cases/ulimit.sh | 19 ++ + test/specs/specs/CMakeLists.txt | 1 + + test/specs/specs/specs_ut.cc | 168 ++++++++++++++++++ + 4 files changed, 190 insertions(+), 2 deletions(-) + +diff --git a/CI/test_cases/container_cases/dev_cgroup_rule.sh b/CI/test_cases/container_cases/dev_cgroup_rule.sh +index 5616d37a..33a839c5 100755 +--- a/CI/test_cases/container_cases/dev_cgroup_rule.sh ++++ b/CI/test_cases/container_cases/dev_cgroup_rule.sh +@@ -60,13 +60,13 @@ function test_cpu_dev_cgoup_rule_spec() + def_cid=$(isula run -tid --runtime $runtime -m 10m $image /bin/sh) + [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - run container failed" && ((ret++)) + cp $default_config $default_config_bak +- sed -i '/"linux": {/a \ \t\t"devices": [\n\t\t{\n\t\t\t"type": "c",\n\t\t\t"path": "\/dev\/testABC",\n\t\t\t"major": 88,\n\t\t\t"minor": 88\n\t\t}\n\t\t],' $default_config ++ sed -i '/"linux": {/a \ \t\t"devices": [\n\t\t{\n\t\t\t"type": "c",\n\t\t\t"path": "\/dev\/testA",\n\t\t\t"major": 88,\n\t\t\t"minor": 88\n\t\t}\n\t\t],' $default_config + stop_isulad_without_valgrind + start_isulad_with_valgrind --cgroup-parent $test_cgroup_parent + [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - start isulad failed" && ((ret++)) + isula restart -t 0 $def_cid + [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - restart container failed" && ((ret++)) +- cat /sys/fs/cgroup/memory/$test_cgroup_parent/$def_cid/memory.limit_in_bytes | grep ^10485760$ ++ isula exec -it $def_cid sh -c "cat /sys/fs/cgroup/memory/memory.limit_in_bytes | grep ^10485760$" + [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - --cgroup-parent cannot work" && ((ret++)) + cnt=$(cat ${RUNTIME_ROOT_PATH}/${runtime}/$def_cid/config.json | grep "major\": 88" | wc -l) + [[ $? -ne 0 ]]&& [[ $cnt -ne 2 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - check device major failed" && ((ret++)) +diff --git a/CI/test_cases/container_cases/ulimit.sh b/CI/test_cases/container_cases/ulimit.sh +index f823dc1c..41cdcece 100755 +--- a/CI/test_cases/container_cases/ulimit.sh ++++ b/CI/test_cases/container_cases/ulimit.sh +@@ -49,9 +49,28 @@ function test_ulimit() + [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - restart failed" && ((ret++)) + cat ${RUNTIME_ROOT_PATH}/${runtime}/$cid/config.json | grep "RLIMIT_" + [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - check rlimit failed after restart" && ((ret++)) ++ ++ check_valgrind_log ++ [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - stop isulad failed" && ((ret++)) ++ ++ start_isulad_with_valgrind ++ [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - start isulad failed" && ((ret++)) ++ ++ # if default ulimit of isulad changed, isula start should do update ulimit of oci spec ++ isula restart -t 0 $cid ++ [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - restart failed" && ((ret++)) ++ cat ${RUNTIME_ROOT_PATH}/${runtime}/$cid/config.json | grep "RLIMIT_" ++ [[ $? -eq 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - check rlimit failed after restart" && ((ret++)) ++ + isula rm -f $cid + [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - rm container failed" && ((ret++)) + ++ check_valgrind_log ++ [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - stop isulad failed" && ((ret++)) ++ ++ start_isulad_with_valgrind --default-ulimit nproc=2048:4096 --default-ulimit nproc=2048:8192 --default-ulimit nofile=1024:4096 ++ [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - start isulad failed" && ((ret++)) ++ + isula run --ulimit nproc= $image --runtime $runtime /bin/sh > $ulimitlog 2>&1 + cat $ulimitlog | grep "delimiter '=' can't be the first or the last character" + [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - check failed" && ((ret++)) +diff --git a/test/specs/specs/CMakeLists.txt b/test/specs/specs/CMakeLists.txt +index a9dbc52c..508123fa 100644 +--- a/test/specs/specs/CMakeLists.txt ++++ b/test/specs/specs/CMakeLists.txt +@@ -84,6 +84,7 @@ target_include_directories(${EXE} PUBLIC + ${CMAKE_CURRENT_SOURCE_DIR}/../../../test/mocks + ) + ++set_target_properties(${EXE} PROPERTIES LINK_FLAGS "-Wl,--wrap,util_common_calloc_s -Wl,--wrap,util_smart_calloc_s -Wl,--wrap,get_readonly_default_oci_spec") + target_link_libraries(${EXE} ${GTEST_BOTH_LIBRARIES} ${GMOCK_LIBRARY} ${GMOCK_MAIN_LIBRARY} ${CMAKE_THREAD_LIBS_INIT} ${ISULA_LIBUTILS_LIBRARY} -lgrpc++ -lprotobuf -lcrypto -lyajl -lz) + add_test(NAME ${EXE} COMMAND ${EXE} --gtest_output=xml:${EXE}-Results.xml) + set_tests_properties(${EXE} PROPERTIES TIMEOUT 120) +diff --git a/test/specs/specs/specs_ut.cc b/test/specs/specs/specs_ut.cc +index ad903a3f..47e4ca6e 100644 +--- a/test/specs/specs/specs_ut.cc ++++ b/test/specs/specs/specs_ut.cc +@@ -19,6 +19,7 @@ + #include "mock.h" + #include "isula_libutils/oci_runtime_spec.h" + #include "specs_api.h" ++#include "specs_mount.h" + #include "specs_namespace.h" + #include "specs_security.h" + #include "isula_libutils/host_config.h" +@@ -43,6 +44,46 @@ using ::testing::_; + + using namespace std; + ++static int g_malloc_count = 0; ++static int g_malloc_match = 1; ++ ++extern "C" { ++ DECLARE_WRAPPER_V(util_common_calloc_s, void *, (size_t size)); ++ DEFINE_WRAPPER_V(util_common_calloc_s, void *, (size_t size), (size)); ++ ++ DECLARE_WRAPPER_V(util_smart_calloc_s, void *, (size_t size, size_t len)); ++ DEFINE_WRAPPER_V(util_smart_calloc_s, void *, (size_t size, size_t len), (size, len)); ++ ++ DECLARE_WRAPPER(get_readonly_default_oci_spec, const oci_runtime_spec *, (bool system_container)); ++ DEFINE_WRAPPER(get_readonly_default_oci_spec, const oci_runtime_spec *, (bool system_container), (system_container)); ++} ++ ++void *util_common_calloc_s_fail(size_t size) ++{ ++ g_malloc_count++; ++ ++ if (g_malloc_count == g_malloc_match) { ++ g_malloc_match++; ++ g_malloc_count = 0; ++ return nullptr; ++ } else { ++ return __real_util_common_calloc_s(size); ++ } ++} ++ ++void *util_smart_calloc_s_fail(size_t size, size_t len) ++{ ++ g_malloc_count++; ++ ++ if (g_malloc_count == g_malloc_match) { ++ g_malloc_match++; ++ g_malloc_count = 0; ++ return nullptr; ++ } else { ++ return __real_util_smart_calloc_s(size, len); ++ } ++} ++ + class SpecsUnitTest : public testing::Test { + public: + void SetUp() override +@@ -234,6 +275,32 @@ char *invoke_conf_get_isulad_cgroup_parent() + return util_strdup_s("/var/lib/isulad/engines/lcr"); + } + ++int invoke_conf_get_isulad_default_ulimit_empty(host_config_ulimits_element ***ulimit) ++{ ++ if (ulimit == nullptr) { ++ return -1; ++ } ++ return 0; ++} ++ ++int invoke_conf_get_isulad_default_ulimit(host_config_ulimits_element ***ulimit) ++{ ++ if (ulimit == nullptr) { ++ return -1; ++ } ++ host_config_ulimits_element *ele = static_cast(util_common_calloc_s(sizeof(host_config_ulimits_element))); ++ if (ele == nullptr) { ++ return -1; ++ } ++ ele->hard = 8192; ++ ele->soft = 2048; ++ ele->name = util_strdup_s("NPROC"); ++ ++ int ret = ulimit_array_append(ulimit, ele, ulimit_array_len(*ulimit)); ++ free_host_config_ulimits_element(ele); ++ return ret; ++} ++ + TEST_F(SpecsUnitTest, test_merge_container_cgroups_path_1) + { + ASSERT_EQ(merge_container_cgroups_path(nullptr, nullptr), nullptr); +@@ -347,6 +414,107 @@ TEST_F(SpecsUnitTest, test_merge_container_cgroups_path_5) + testing::Mock::VerifyAndClearExpectations(&m_isulad_conf); + } + ++TEST_F(SpecsUnitTest, test_update_oci_container_cgroups_path) ++{ ++ parser_error err = nullptr; ++ host_config *hostspec = static_cast(util_common_calloc_s(sizeof(host_config))); ++ ASSERT_NE(hostspec, nullptr); ++ ++ oci_runtime_spec *ocispec = oci_runtime_spec_parse_data("{\"ociVersion\": \"1.0.1\", \"linux\": \ ++ {} }", nullptr, &err); ++ ASSERT_NE(ocispec, nullptr); ++ ++ ocispec->linux->cgroups_path = util_strdup_s("/isulad"); ++ ASSERT_EQ(update_oci_container_cgroups_path("abcdef", nullptr, nullptr), -1); ++ EXPECT_CALL(m_isulad_conf, GetCgroupParent()).WillRepeatedly(Invoke(invoke_conf_get_isulad_cgroup_parent)); ++ ASSERT_EQ(update_oci_container_cgroups_path("abcdef", ocispec, hostspec), 0); ++ ASSERT_STREQ(ocispec->linux->cgroups_path, "/var/lib/isulad/engines/lcr/abcdef"); ++ ++ free(err); ++ free_host_config(hostspec); ++ free_oci_runtime_spec(ocispec); ++ ++ testing::Mock::VerifyAndClearExpectations(&m_isulad_conf); ++} ++ ++TEST_F(SpecsUnitTest, test_update_oci_ulimit) ++{ ++ parser_error err = nullptr; ++ host_config *hostspec = static_cast(util_common_calloc_s(sizeof(host_config))); ++ ASSERT_NE(hostspec, nullptr); ++ ++ char *oci_config_file = json_path(OCI_RUNTIME_SPEC_FILE); ++ ASSERT_TRUE(oci_config_file != nullptr); ++ oci_runtime_spec *ocispec = oci_runtime_spec_parse_file(oci_config_file, nullptr, &err); ++ ASSERT_NE(ocispec, nullptr); ++ ++ ASSERT_EQ(update_oci_ulimit(nullptr, nullptr), -1); ++ EXPECT_CALL(m_isulad_conf, GetUlimit(_)).WillRepeatedly(Invoke(invoke_conf_get_isulad_default_ulimit)); ++ ASSERT_EQ(update_oci_ulimit(ocispec, hostspec), 0); ++ ASSERT_EQ(ocispec->process->rlimits_len, 1); ++ ASSERT_EQ(ocispec->process->rlimits[0]->hard, 8192); ++ ASSERT_EQ(ocispec->process->rlimits[0]->soft, 2048); ++ ASSERT_STREQ(ocispec->process->rlimits[0]->type, "RLIMIT_NPROC"); ++ EXPECT_CALL(m_isulad_conf, GetUlimit(_)).WillRepeatedly(Invoke(invoke_conf_get_isulad_default_ulimit_empty)); ++ ASSERT_EQ(update_oci_ulimit(ocispec, hostspec), 0); ++ ASSERT_EQ(ocispec->process->rlimits_len, 0); ++ ++ free(err); ++ free(oci_config_file); ++ free_host_config(hostspec); ++ free_oci_runtime_spec(ocispec); ++ testing::Mock::VerifyAndClearExpectations(&m_isulad_conf); ++} ++ ++TEST_F(SpecsUnitTest, test_update_devcies_for_oci_spec) ++{ ++ parser_error err = nullptr; ++ oci_runtime_spec *readonly_spec = oci_runtime_spec_parse_data("{\"ociVersion\": \"1.0.1\", \"linux\": \ ++ { \"devices\": \ ++ [ { \"type\": \"c\", \"path\": \"/dev/testA\", \ ++ \"fileMode\": 8612, \"major\": 99, \"minor\": 99} ], \ ++ \"resources\": { \"devices\": [ { \"allow\": false, \ ++ \"type\": \"a\", \"major\": -1, \ ++ \"minor\": -1, \"access\": \"rwm\" } ] } } }", nullptr, &err); ++ ASSERT_NE(readonly_spec, nullptr); ++ free(err); ++ err = nullptr; ++ host_config *hostspec = static_cast(util_common_calloc_s(sizeof(host_config))); ++ ASSERT_NE(hostspec, nullptr); ++ ++ oci_runtime_spec *ocispec = oci_runtime_spec_parse_data("{\"ociVersion\": \"1.0.1\", \"linux\": \ ++ { \"devices\": [ ], \ ++ \"resources\": { \"devices\": [ ] } } }", nullptr, &err); ++ ASSERT_NE(ocispec, nullptr); ++ ++ MOCK_SET(get_readonly_default_oci_spec, readonly_spec); ++ MOCK_SET_V(util_smart_calloc_s, util_smart_calloc_s_fail); ++ MOCK_SET_V(util_common_calloc_s, util_common_calloc_s_fail); ++ ++ ASSERT_EQ(update_devcies_for_oci_spec(ocispec, hostspec), -1); ++ ASSERT_EQ(update_devcies_for_oci_spec(ocispec, hostspec), -1); ++ ASSERT_EQ(update_devcies_for_oci_spec(ocispec, hostspec), -1); ++ free(ocispec->linux->devices[0]); ++ free(ocispec->linux->devices); ++ ocispec->linux->devices = NULL; ++ ocispec->linux->devices_len = 0; ++ ASSERT_EQ(update_devcies_for_oci_spec(ocispec, hostspec), -1); ++ free(ocispec->linux->devices[0]); ++ free(ocispec->linux->devices); ++ ocispec->linux->devices = NULL; ++ ocispec->linux->devices_len = 0; ++ ASSERT_EQ(update_devcies_for_oci_spec(ocispec, hostspec), 0); ++ ++ MOCK_CLEAR(get_readonly_default_oci_spec); ++ MOCK_CLEAR(util_smart_calloc_s); ++ MOCK_CLEAR(util_common_calloc_s); ++ ++ free_oci_runtime_spec(readonly_spec); ++ free_oci_runtime_spec(ocispec); ++ free_host_config(hostspec); ++ free(err); ++} ++ + /********************************* UT for merge caps *******************************************/ + struct capabilities_lens { + size_t bounding_len; +-- +2.25.1 + diff --git a/0010-open-run-container-with-dev-volume-testcase.patch b/0010-open-run-container-with-dev-volume-testcase.patch new file mode 100644 index 0000000000000000000000000000000000000000..16f53057e1fb2a5ffa4e272893587aab359ffdb1 --- /dev/null +++ b/0010-open-run-container-with-dev-volume-testcase.patch @@ -0,0 +1,30 @@ +From 44d15a7451a922ca7266b756d3f9a83908199cb3 Mon Sep 17 00:00:00 2001 +From: zhangxiaoyu +Date: Tue, 23 Jan 2024 10:35:59 +0800 +Subject: [PATCH 10/26] open run container with dev volume testcase + +Signed-off-by: zhangxiaoyu +--- + CI/test_cases/container_cases/bind_special_dir.sh | 5 ++--- + 1 file changed, 2 insertions(+), 3 deletions(-) + +diff --git a/CI/test_cases/container_cases/bind_special_dir.sh b/CI/test_cases/container_cases/bind_special_dir.sh +index 545d5099..04bf437a 100755 +--- a/CI/test_cases/container_cases/bind_special_dir.sh ++++ b/CI/test_cases/container_cases/bind_special_dir.sh +@@ -40,10 +40,9 @@ function test_bind_special_dir() + # when create container in container, runc not support to mount /dev + # adapt fedora base image, we just remove rshared option of sys dir + if [ $runtime == "runc" ]; then +- c_id=`isula run -itd -v -itd --runtime=$runtime -v /sys/fs:/sys/fs:rw -v /proc:/proc -v /dev/pts:/dev/pts:rw busybox sh` ++ c_id=`isula run -itd --runtime=$runtime -v /sys/fs:/sys/fs:rw -v /proc:/proc -v /dev/pts:/dev/pts:rw busybox sh` + else +- # lxc 5.X cannot support mount /dev directory +- c_id=`isula run --runtime=$runtime -itd -v -itd -v /sys/fs:/sys/fs:rw -v /proc:/proc busybox sh` ++ c_id=`isula run --runtime=$runtime -itd -v /sys/fs:/sys/fs:rw -v /proc:/proc -v /dev:/dev:ro -v /dev/pts:/dev/pts:rw busybox sh` + fi + [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - failed to run container with image: ${image}" && ((ret++)) + +-- +2.25.1 + diff --git a/0011-add-cpu-usage-nano-cores-for-sandbox.patch b/0011-add-cpu-usage-nano-cores-for-sandbox.patch new file mode 100644 index 0000000000000000000000000000000000000000..4c5b2eb1823c5bfa4c8cf41f2eba62042e3c6793 --- /dev/null +++ b/0011-add-cpu-usage-nano-cores-for-sandbox.patch @@ -0,0 +1,81 @@ +From 3dc12d7806fda8d5ceee183595e993079bee4056 Mon Sep 17 00:00:00 2001 +From: jikai +Date: Fri, 12 Jan 2024 17:38:09 +0800 +Subject: [PATCH 11/26] add cpu usage nano cores for sandbox + +Signed-off-by: jikai +--- + .../v1/v1_cri_pod_sandbox_manager_service.cc | 17 ++++++++++++++--- + .../cri/v1/v1_cri_pod_sandbox_manager_service.h | 1 + + 2 files changed, 15 insertions(+), 3 deletions(-) + +diff --git a/src/daemon/entry/cri/v1/v1_cri_pod_sandbox_manager_service.cc b/src/daemon/entry/cri/v1/v1_cri_pod_sandbox_manager_service.cc +index a0c45111..76fa17bc 100644 +--- a/src/daemon/entry/cri/v1/v1_cri_pod_sandbox_manager_service.cc ++++ b/src/daemon/entry/cri/v1/v1_cri_pod_sandbox_manager_service.cc +@@ -1024,6 +1024,7 @@ void PodSandboxManagerService::PodSandboxStatsToGRPC(const std::string &id, cons + const std::vector &netMetrics, + const std::unique_ptr &containerManager, + std::unique_ptr &podStats, ++ sandbox::StatsInfo &oldStatsRec, + Errors &error) + { + std::unique_ptr podStatsPtr( +@@ -1044,8 +1045,13 @@ void PodSandboxManagerService::PodSandboxStatsToGRPC(const std::string &id, cons + auto cpu = podStatsPtr->mutable_linux()->mutable_cpu(); + cpu->set_timestamp(timestamp); + cpu->mutable_usage_core_nano_seconds()->set_value(cgroupMetrics.cgcpu_metrics.cpu_use_nanos); +- // todo +- // cpu->mutable_usage_nano_cores()->set_value(getNanoCores()); ++ if (oldStatsRec.cpuUseNanos != 0 && timestamp > oldStatsRec.timestamp && ++ cgroupMetrics.cgcpu_metrics.cpu_use_nanos > oldStatsRec.cpuUseNanos) { ++ uint64_t usage = cgroupMetrics.cgcpu_metrics.cpu_use_nanos - oldStatsRec.cpuUseNanos; ++ uint64_t nanoSeconds = timestamp - oldStatsRec.timestamp; ++ uint64_t usage_nano_cores = (uint64_t)(((double)usage / (double)nanoSeconds) * (double)Time_Second); ++ cpu->mutable_usage_nano_cores()->set_value(usage_nano_cores); ++ } + + // Memory + auto memory = podStatsPtr->mutable_linux()->mutable_memory(); +@@ -1114,6 +1120,7 @@ auto PodSandboxManagerService::PodSandboxStats(const std::string &podSandboxID, + return nullptr; + } + auto &config = sandbox->GetSandboxConfig(); ++ auto oldStatsRec = sandbox->GetStatsInfo(); + + auto status = PodSandboxStatus(sandbox->GetId(), tmpErr); + if (error.NotEmpty()) { +@@ -1136,13 +1143,17 @@ auto PodSandboxManagerService::PodSandboxStats(const std::string &podSandboxID, + tmpErr.Clear(); + } + +- PodSandboxStatsToGRPC(sandbox->GetId(), cgroupMetrics, netMetrics, containerManager, podStats, tmpErr); ++ PodSandboxStatsToGRPC(sandbox->GetId(), cgroupMetrics, netMetrics, containerManager, podStats, oldStatsRec, tmpErr); + if (tmpErr.NotEmpty()) { + ERROR("Failed to set PodSandboxStats: %s", tmpErr.GetCMessage()); + error.Errorf("Failed to set PodSandboxStats"); + return nullptr; + } + ++ // update stats info that sandbox recorded ++ sandbox::StatsInfo newStatsRec { podStats->linux().cpu().timestamp(), podStats->linux().cpu().usage_core_nano_seconds().value() }; ++ sandbox->UpdateStatsInfo(newStatsRec); ++ + return podStats; + } + +diff --git a/src/daemon/entry/cri/v1/v1_cri_pod_sandbox_manager_service.h b/src/daemon/entry/cri/v1/v1_cri_pod_sandbox_manager_service.h +index 2bd28007..c3d98b8c 100644 +--- a/src/daemon/entry/cri/v1/v1_cri_pod_sandbox_manager_service.h ++++ b/src/daemon/entry/cri/v1/v1_cri_pod_sandbox_manager_service.h +@@ -123,6 +123,7 @@ private: + const std::vector &netMetrics, + const std::unique_ptr &containerManager, + std::unique_ptr &podStats, ++ sandbox::StatsInfo &statsInfo, + Errors &error); + void GetFilterPodSandbox(const runtime::v1::PodSandboxStatsFilter *filter, + std::vector &podSandboxIDs, Errors &error); +-- +2.25.1 + diff --git a/0012-sleep-some-time-in-ServiceWorkThread-to-prevent-the-.patch b/0012-sleep-some-time-in-ServiceWorkThread-to-prevent-the-.patch new file mode 100644 index 0000000000000000000000000000000000000000..9da56488a5e6c32071a05bf63efc7160293ec1b1 --- /dev/null +++ b/0012-sleep-some-time-in-ServiceWorkThread-to-prevent-the-.patch @@ -0,0 +1,27 @@ +From 384cf7870c155d41f742b1928a4cb1b56aa46c94 Mon Sep 17 00:00:00 2001 +From: zhongtao +Date: Tue, 6 Feb 2024 20:05:05 +0800 +Subject: [PATCH 12/26] sleep some time in ServiceWorkThread to prevent the CPU + from being occupied all the time + +Signed-off-by: zhongtao +--- + src/daemon/entry/cri/streams/websocket/ws_server.cc | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/src/daemon/entry/cri/streams/websocket/ws_server.cc b/src/daemon/entry/cri/streams/websocket/ws_server.cc +index 6319a67f..a8d89b36 100644 +--- a/src/daemon/entry/cri/streams/websocket/ws_server.cc ++++ b/src/daemon/entry/cri/streams/websocket/ws_server.cc +@@ -551,6 +551,8 @@ void WebsocketServer::ServiceWorkThread(int threadid) + + while (n >= 0 && m_forceExit == 0) { + n = lws_service(m_context, 0); ++ // sleep some time to prevent the CPU from being occupied all the time ++ std::this_thread::sleep_for(std::chrono::milliseconds(10)); + } + } + +-- +2.25.1 + diff --git a/0013-restore-name-for-rename-failed.patch b/0013-restore-name-for-rename-failed.patch new file mode 100644 index 0000000000000000000000000000000000000000..b6966ff4c6b9865d8ba53c57e3c65e06ce4d1ec9 --- /dev/null +++ b/0013-restore-name-for-rename-failed.patch @@ -0,0 +1,29 @@ +From 2df7a67ad2cb0249b18ca5eba46f9aab8f72038f Mon Sep 17 00:00:00 2001 +From: zhongtao +Date: Sun, 18 Feb 2024 11:32:55 +0800 +Subject: [PATCH 13/26] restore name for rename failed + +Signed-off-by: zhongtao +--- + src/daemon/executor/container_cb/execution_information.c | 5 +++++ + 1 file changed, 5 insertions(+) + +diff --git a/src/daemon/executor/container_cb/execution_information.c b/src/daemon/executor/container_cb/execution_information.c +index 2a71e82a..c02cc830 100644 +--- a/src/daemon/executor/container_cb/execution_information.c ++++ b/src/daemon/executor/container_cb/execution_information.c +@@ -1116,6 +1116,11 @@ static void restore_names_at_fail(container_t *cont, const char *ori_name, const + if (!container_name_index_rename(ori_name, new_name, id)) { + ERROR("Failed to restore name from \"%s\" to \"%s\" for container %s", new_name, ori_name, id); + } ++ ++ // restore name in id-name manager ++ if (!id_name_manager_rename(ori_name, new_name)) { ++ ERROR("Failed to restore name from \"%s\" to \"%s\" in id-name manager", new_name, ori_name); ++ } + } + + static int container_rename(container_t *cont, const char *new_name) +-- +2.25.1 + diff --git a/0014-2371-Allow-iSulad-to-pull-load-image-with-symlink.patch b/0014-2371-Allow-iSulad-to-pull-load-image-with-symlink.patch new file mode 100644 index 0000000000000000000000000000000000000000..122729dd9505ee40ca12fd5cf4653f8d12a3c257 --- /dev/null +++ b/0014-2371-Allow-iSulad-to-pull-load-image-with-symlink.patch @@ -0,0 +1,45 @@ +From fd4c80b8de768d7132cef0720cd46167173a653b Mon Sep 17 00:00:00 2001 +From: xuxuepeng +Date: Mon, 19 Feb 2024 01:05:18 +0000 +Subject: [PATCH 14/26] !2371 Allow iSulad to pull/load image with symlink * + Allow iSulad to pull/load image with symlink + +--- + src/utils/tar/util_archive.c | 13 ++++++++++--- + 1 file changed, 10 insertions(+), 3 deletions(-) + +diff --git a/src/utils/tar/util_archive.c b/src/utils/tar/util_archive.c +index e4c302bc..52b51162 100644 +--- a/src/utils/tar/util_archive.c ++++ b/src/utils/tar/util_archive.c +@@ -637,6 +637,11 @@ static void try_to_replace_exited_dst(const char *dst_path, struct archive_entry + } + } + ++/** ++ * This function has to be used with chroot to prevent a potential attack from manipulating ++ * the path of the file to be extracted, such as using a symbolic link to extract the file to ++ * a location outside the path. ++ */ + int archive_unpack_handler(const struct io_read_wrapper *content, const struct archive_options *options) + { + int ret = 0; +@@ -671,10 +676,12 @@ int archive_unpack_handler(const struct io_read_wrapper *content, const struct a + flags |= ARCHIVE_EXTRACT_PERM; + flags |= ARCHIVE_EXTRACT_ACL; + flags |= ARCHIVE_EXTRACT_FFLAGS; +- flags |= ARCHIVE_EXTRACT_SECURE_SYMLINKS; +- flags |= ARCHIVE_EXTRACT_SECURE_NODOTDOT; + flags |= ARCHIVE_EXTRACT_XATTR; +- flags |= ARCHIVE_EXTRACT_SECURE_NOABSOLUTEPATHS; ++ /** ++ * ARCHIVE_EXTRACT_SECURE_SYMLINKS, ARCHIVE_EXTRACT_SECURE_NODOTDOT, ++ * ARCHIVE_EXTRACT_SECURE_NOABSOLUTEPATHS flags are not set here, ++ * since this function is called after chroot, the security of the path is guaranteed. ++ */ + + a = archive_read_new(); + if (a == NULL) { +-- +2.25.1 + diff --git a/0015-Replace-http-parser-dependency-with-lcr.patch b/0015-Replace-http-parser-dependency-with-lcr.patch new file mode 100644 index 0000000000000000000000000000000000000000..5d46b1b8ccece9282089235ce27dc4b8151c1090 --- /dev/null +++ b/0015-Replace-http-parser-dependency-with-lcr.patch @@ -0,0 +1,427 @@ +From fb76605985166c4d2172270c8d633ed26d62f698 Mon Sep 17 00:00:00 2001 +From: xuxuepeng +Date: Mon, 19 Feb 2024 23:52:47 +0800 +Subject: [PATCH 15/26] Replace http-parser dependency with lcr + +Signed-off-by: xuxuepeng +--- + CI/dockerfiles/Dockerfile-centos | 13 ------------- + CI/dockerfiles/Dockerfile-fedora | 1 - + CI/dockerfiles/Dockerfile-ubuntu | 1 - + CI/pr-gateway.sh | 2 +- + Dockerfile | 13 ------------- + cmake/checker.cmake | 5 ----- + docs/build_docs/guide/build_guide.md | 13 ------------- + docs/build_docs/guide/build_guide_with_rpm.md | 4 +--- + docs/build_docs/guide/build_guide_with_rpm_zh.md | 4 +--- + docs/build_docs/guide/build_guide_zh.md | 13 ------------- + .../guide/script/install_iSulad_on_Centos_7.sh | 11 ----------- + .../script/install_iSulad_on_Ubuntu_20_04_LTS.sh | 2 +- + .../isulad_build_in_openeuler.Dockerfile | 2 +- + docs/vs_other_engines/vs_docker_command.md | 1 - + iSulad.spec | 3 +-- + src/CMakeLists.txt | 1 - + src/contrib/env_checkconfig | 1 - + .../modules/image/oci/registry/registry_apiv1.c | 2 +- + .../modules/image/oci/registry/registry_apiv2.c | 2 +- + src/utils/http/CMakeLists.txt | 2 +- + src/utils/http/parser.c | 2 +- + src/utils/http/parser.h | 2 +- + src/utils/http/rest_common.c | 2 +- + 23 files changed, 12 insertions(+), 90 deletions(-) + +diff --git a/CI/dockerfiles/Dockerfile-centos b/CI/dockerfiles/Dockerfile-centos +index 1d76b4ec..af3ce035 100644 +--- a/CI/dockerfiles/Dockerfile-centos ++++ b/CI/dockerfiles/Dockerfile-centos +@@ -207,19 +207,6 @@ RUN export PKG_CONFIG_PATH=/usr/local/lib/pkgconfig:$PKG_CONFIG_PATH && \ + make install && \ + ldconfig + +-# install http-parser +-RUN export PKG_CONFIG_PATH=/usr/local/lib/pkgconfig:$PKG_CONFIG_PATH && \ +- set -x && \ +- cd ~ && \ +- git clone https://gitee.com/src-openeuler/http-parser.git && \ +- cd http-parser && \ +- git checkout -b openEuler-20.03-LTS-tag openEuler-20.03-LTS-tag && \ +- tar -xzvf http-parser-2.9.2.tar.gz && \ +- cd http-parser-2.9.2 && \ +- make -j CFLAGS="-Wno-error" && \ +- make CFLAGS="-Wno-error" install && \ +- ldconfig +- + # install libwebsockets + RUN export PKG_CONFIG_PATH=/usr/local/lib/pkgconfig:$PKG_CONFIG_PATH && \ + set -x && \ +diff --git a/CI/dockerfiles/Dockerfile-fedora b/CI/dockerfiles/Dockerfile-fedora +index a105cbb4..be2bf412 100644 +--- a/CI/dockerfiles/Dockerfile-fedora ++++ b/CI/dockerfiles/Dockerfile-fedora +@@ -42,7 +42,6 @@ RUN dnf update -y && dnf install -y automake \ + grpc-plugins \ + libevent-devel \ + libwebsockets-devel \ +- http-parser-devel \ + gtest-devel \ + gmock-devel \ + libarchive-devel \ +diff --git a/CI/dockerfiles/Dockerfile-ubuntu b/CI/dockerfiles/Dockerfile-ubuntu +index 2441a7ce..09a20eb5 100644 +--- a/CI/dockerfiles/Dockerfile-ubuntu ++++ b/CI/dockerfiles/Dockerfile-ubuntu +@@ -71,7 +71,6 @@ RUN apt update -y && apt upgrade -y && \ + language-pack-en \ + curl \ + cmake \ +- libhttp-parser-dev \ + libprotobuf-dev \ + libgrpc-dev \ + libgrpc++-dev \ +diff --git a/CI/pr-gateway.sh b/CI/pr-gateway.sh +index e5bf627e..e3613e8e 100755 +--- a/CI/pr-gateway.sh ++++ b/CI/pr-gateway.sh +@@ -22,7 +22,7 @@ sed -i "s#http://repo.openeuler.org#https://repo.huaweicloud.com/openeuler#g" /e + + dnf update -y + +-dnf install -y docbook2X doxygen gtest-devel gmock-devel diffutils cmake gcc-c++ yajl-devel patch make libtool libevent-devel libevhtp-devel grpc grpc-plugins grpc-devel protobuf-devel libcurl libcurl-devel sqlite-devel libarchive-devel device-mapper-devel http-parser-devel libseccomp-devel libcap-devel libselinux-devel libwebsockets libwebsockets-devel systemd-devel git chrpath ncurses-devel ++dnf install -y docbook2X doxygen gtest-devel gmock-devel diffutils cmake gcc-c++ yajl-devel patch make libtool libevent-devel libevhtp-devel grpc grpc-plugins grpc-devel protobuf-devel libcurl libcurl-devel sqlite-devel libarchive-devel device-mapper-devel libseccomp-devel libcap-devel libselinux-devel libwebsockets libwebsockets-devel systemd-devel git chrpath ncurses-devel + if [ $? -ne 0 ]; then + echo "install dependences failed" + exit 1 +diff --git a/Dockerfile b/Dockerfile +index 3b284630..a30ed12a 100644 +--- a/Dockerfile ++++ b/Dockerfile +@@ -197,19 +197,6 @@ RUN export PKG_CONFIG_PATH=/usr/local/lib/pkgconfig:$PKG_CONFIG_PATH && \ + make install && \ + ldconfig + +-# install http-parser +-RUN export PKG_CONFIG_PATH=/usr/local/lib/pkgconfig:$PKG_CONFIG_PATH && \ +- set -x && \ +- cd ~ && \ +- git clone https://gitee.com/src-openeuler/http-parser.git && \ +- cd http-parser && \ +- git checkout -b openEuler-20.03-LTS-tag openEuler-20.03-LTS-tag && \ +- tar -xzvf http-parser-2.9.2.tar.gz && \ +- cd http-parser-2.9.2 && \ +- make -j CFLAGS="-Wno-error" && \ +- make CFLAGS="-Wno-error" install && \ +- ldconfig +- + # install libwebsockets + RUN export PKG_CONFIG_PATH=/usr/local/lib/pkgconfig:$PKG_CONFIG_PATH && \ + set -x && \ +diff --git a/cmake/checker.cmake b/cmake/checker.cmake +index b0c395ef..13f0fd62 100644 +--- a/cmake/checker.cmake ++++ b/cmake/checker.cmake +@@ -66,11 +66,6 @@ if (ANDROID OR MUSL) + _CHECK(CRYPTO_LIBRARY "LIBSSL_LIBRARY-NOTFOUND" "libssl.so") + endif() + +-find_path(HTTP_PARSER_INCLUDE_DIR http_parser.h) +-_CHECK(HTTP_PARSER_INCLUDE_DIR "HTTP_PARSER_INCLUDE_DIR-NOTFOUND" "http_parser.h") +-find_library(HTTP_PARSER_LIBRARY http_parser) +-_CHECK(HTTP_PARSER_LIBRARY "HTTP_PARSER_LIBRARY-NOTFOUND" "libhttp_parser.so") +- + pkg_check_modules(PC_CURL "libcurl>=7.4.0") + find_path(CURL_INCLUDE_DIR "curl/curl.h" + HINTS ${PC_CURL_INCLUDEDIR} ${PC_CURL_INCLUDE_DIRS}) +diff --git a/docs/build_docs/guide/build_guide.md b/docs/build_docs/guide/build_guide.md +index 741abddd..73a0d9d8 100644 +--- a/docs/build_docs/guide/build_guide.md ++++ b/docs/build_docs/guide/build_guide.md +@@ -150,19 +150,6 @@ $ sudo -E make install + $ sudo -E ldconfig + ``` + +-#### build and install http-parser +- +-```bash +-$ git clone https://gitee.com/src-openeuler/http-parser.git +-$ cd http-parser +-$ git checkout openEuler-20.03-LTS-tag +-$ tar -xzvf http-parser-2.9.2.tar.gz +-$ cd http-parser-2.9.2 +-$ sudo -E make -j CFLAGS="-Wno-error" +-$ sudo -E make CFLAGS="-Wno-error" install +-$ sudo -E ldconfig +-``` +- + #### build and install libwebsockets + + ```bash +diff --git a/docs/build_docs/guide/build_guide_with_rpm.md b/docs/build_docs/guide/build_guide_with_rpm.md +index 181b2ef5..acf8e7c0 100644 +--- a/docs/build_docs/guide/build_guide_with_rpm.md ++++ b/docs/build_docs/guide/build_guide_with_rpm.md +@@ -29,7 +29,7 @@ BUILD BUILDROOT RPMS SOURCES SPECS SRPMS + + ```shell + dnf install -y patch automake autoconf libtool cmake make libcap libcap-devel libselinux libselinux-devel libseccomp libseccomp-devel git libcgroup tar python3 python3-pip libcurl-devel zlib-devel glibc-headers openssl-devel gcc gcc-c++ systemd-devel systemd-libs golang libtar && \ +-dnf --enablerepo=powertools install -y yajl-devel device-mapper-devel http-parser-devel && \ ++dnf --enablerepo=powertools install -y yajl-devel device-mapper-devel && \ + dnf install -y epel-release && \ + dnf --enablerepo=powertools install libuv-devel &&\ + dnf install libwebsockets-devel +@@ -281,7 +281,6 @@ rpm -Uvh libarchive-devel-3.4.3-4.x86_64.rpm + ### 9.1 install iSulad dependencies + + ```shell +-dnf --enablerepo=powertools install http-parser-devel + dnf install -y sqlite-devel + ``` + +@@ -317,7 +316,6 @@ dnf install libwebsockets-devel + then, you can install iSulad + + ```shell +-dnf --enablerepo=powertools install http-parser-devel + dnf install -y sqlite-devel.x86_64 + rpm -Uvh iSulad-2.1.0-1.x86_64.rpm + ``` +\ No newline at end of file +diff --git a/docs/build_docs/guide/build_guide_with_rpm_zh.md b/docs/build_docs/guide/build_guide_with_rpm_zh.md +index edb565e3..b9574b4e 100644 +--- a/docs/build_docs/guide/build_guide_with_rpm_zh.md ++++ b/docs/build_docs/guide/build_guide_with_rpm_zh.md +@@ -25,7 +25,7 @@ BUILD BUILDROOT RPMS SOURCES SPECS SRPMS + + ```shell + dnf install -y patch automake autoconf libtool cmake make libcap libcap-devel libselinux libselinux-devel libseccomp libseccomp-devel git libcgroup tar python3 python3-pip libcurl-devel zlib-devel glibc-headers openssl-devel gcc gcc-c++ systemd-devel systemd-libs golang libtar && \ +-dnf --enablerepo=powertools install -y yajl-devel device-mapper-devel http-parser-devel && \ ++dnf --enablerepo=powertools install -y yajl-devel device-mapper-devel && \ + dnf install -y epel-release && \ + dnf --enablerepo=powertools install libuv-devel &&\ + dnf install libwebsockets-devel +@@ -272,7 +272,6 @@ rpm -Uvh libarchive-devel-3.4.3-4.x86_64.rpm + ### 9.1 安装iSulad的依赖 + + ```shell +-dnf --enablerepo=powertools install http-parser-devel + dnf install -y sqlite-devel + ``` + +@@ -310,7 +309,6 @@ dnf install libwebsockets-devel + 再安装isulad: + + ```shell +-dnf --enablerepo=powertools install http-parser-devel + dnf install -y sqlite-devel.x86_64 + rpm -Uvh iSulad-2.1.0-1.x86_64.rpm + ``` +\ No newline at end of file +diff --git a/docs/build_docs/guide/build_guide_zh.md b/docs/build_docs/guide/build_guide_zh.md +index bfdc69dc..2d853d9c 100644 +--- a/docs/build_docs/guide/build_guide_zh.md ++++ b/docs/build_docs/guide/build_guide_zh.md +@@ -150,19 +150,6 @@ $ sudo -E make install + $ sudo -E ldconfig + ``` + +-#### 编译安装http-parser +- +-```bash +-$ git clone https://gitee.com/src-openeuler/http-parser.git +-$ cd http-parser +-$ git checkout openEuler-20.03-LTS-tag +-$ tar -xzvf http-parser-2.9.2.tar.gz +-$ cd http-parser-2.9.2 +-$ sudo -E make -j CFLAGS="-Wno-error" +-$ sudo -E make CFLAGS="-Wno-error" install +-$ sudo -E ldconfig +-``` +- + #### 编译安装libwebsockets + + ```bash +diff --git a/docs/build_docs/guide/script/install_iSulad_on_Centos_7.sh b/docs/build_docs/guide/script/install_iSulad_on_Centos_7.sh +index 3834d333..b268d777 100755 +--- a/docs/build_docs/guide/script/install_iSulad_on_Centos_7.sh ++++ b/docs/build_docs/guide/script/install_iSulad_on_Centos_7.sh +@@ -68,17 +68,6 @@ make -j $(nproc) + make install + ldconfig + +-# build http_parser +-cd $BUILD_DIR +-git clone https://gitee.com/src-openeuler/http-parser.git +-cd http-parser +-git checkout openEuler-20.03-LTS-tag +-tar -xzvf http-parser-2.9.2.tar.gz +-cd http-parser-2.9.2 +-make -j CFLAGS="-Wno-error" +-make CFLAGS="-Wno-error" install +-ldconfig +- + # build libwebsockets + cd $BUILD_DIR + git clone https://gitee.com/src-openeuler/libwebsockets.git +diff --git a/docs/build_docs/guide/script/install_iSulad_on_Ubuntu_20_04_LTS.sh b/docs/build_docs/guide/script/install_iSulad_on_Ubuntu_20_04_LTS.sh +index 4f27244e..f44bddb4 100755 +--- a/docs/build_docs/guide/script/install_iSulad_on_Ubuntu_20_04_LTS.sh ++++ b/docs/build_docs/guide/script/install_iSulad_on_Ubuntu_20_04_LTS.sh +@@ -7,7 +7,7 @@ set -e + export PKG_CONFIG_PATH=/usr/local/lib/pkgconfig:$PKG_CONFIG_PATH + export LD_LIBRARY_PATH=/usr/local/lib:/usr/lib:/lib/x86_64-linux-gnu/:$LD_LIBRARY_PATH + echo "/usr/local/lib" >> /etc/ld.so.conf +-apt install -y g++ libprotobuf-dev protobuf-compiler protobuf-compiler-grpc libgrpc++-dev libgrpc-dev libtool automake autoconf cmake make pkg-config libyajl-dev zlib1g-dev libselinux1-dev libseccomp-dev libcap-dev libsystemd-dev git libarchive-dev libcurl4-gnutls-dev openssl libdevmapper-dev python3 libtar0 libtar-dev libhttp-parser-dev libwebsockets-dev ++apt install -y g++ libprotobuf-dev protobuf-compiler protobuf-compiler-grpc libgrpc++-dev libgrpc-dev libtool automake autoconf cmake make pkg-config libyajl-dev zlib1g-dev libselinux1-dev libseccomp-dev libcap-dev libsystemd-dev git libarchive-dev libcurl4-gnutls-dev openssl libdevmapper-dev python3 libtar0 libtar-dev libwebsockets-dev + + BUILD_DIR=/tmp/build_isulad + +diff --git a/docs/dockerfiles/isulad_build_in_openeuler.Dockerfile b/docs/dockerfiles/isulad_build_in_openeuler.Dockerfile +index 5049f783..a081b009 100644 +--- a/docs/dockerfiles/isulad_build_in_openeuler.Dockerfile ++++ b/docs/dockerfiles/isulad_build_in_openeuler.Dockerfile +@@ -26,7 +26,7 @@ RUN dnf install -y rust rust-packaging cargo + RUN dnf install -y grpc grpc-plugins grpc-devel protobuf-devel libwebsockets libwebsockets-devel + + # depends for image module and restful client of iSulad +-RUN dnf install -y libcurl libcurl-devel libarchive-devel http-parser-devel ++RUN dnf install -y libcurl libcurl-devel libarchive-devel + + # depends for embedded image of iSulad: -DENABLE_EMBEDDED=ON + RUN dnf install -y sqlite-devel +diff --git a/docs/vs_other_engines/vs_docker_command.md b/docs/vs_other_engines/vs_docker_command.md +index 5c38d31b..d7b587ea 100644 +--- a/docs/vs_other_engines/vs_docker_command.md ++++ b/docs/vs_other_engines/vs_docker_command.md +@@ -114,7 +114,6 @@ Installing dependencies: + abseil-cpp + clibcni + grpc +- http-parser + lcr + lib-shim-v2 + libwebsockets +diff --git a/iSulad.spec b/iSulad.spec +index eda87f7a..eafa82a0 100644 +--- a/iSulad.spec ++++ b/iSulad.spec +@@ -48,7 +48,6 @@ BuildRequires: libisula-devel > %{lcrver_lower} libisula-devel < %{lcrver_upper} + BuildRequires: cmake gcc-c++ yajl-devel + BuildRequires: grpc grpc-plugins grpc-devel protobuf-devel + BuildRequires: libcurl libcurl-devel libarchive-devel device-mapper-devel +-BuildRequires: http-parser-devel + BuildRequires: libseccomp-devel libcap-devel libselinux-devel libwebsockets libwebsockets-devel + BuildRequires: systemd-devel git + BuildRequires: libevhtp-devel libevent-devel +@@ -60,7 +59,7 @@ BuildRequires: lib-shim-v2 lib-shim-v2-devel + Requires: libisula > %{lcrver_lower} libisula < %{lcrver_upper} + Requires: grpc protobuf + Requires: libcurl +-Requires: http-parser libseccomp ++Requires: libseccomp + Requires: libcap libselinux libwebsockets libarchive device-mapper + Requires: systemd + Requires: (docker-runc or runc) +diff --git a/src/CMakeLists.txt b/src/CMakeLists.txt +index d1bc65f9..48c1bad0 100644 +--- a/src/CMakeLists.txt ++++ b/src/CMakeLists.txt +@@ -3,7 +3,6 @@ set(CHECKED_INCLUDE_DIRS + ${STD_HEADER_SYS_PARAM} + ${LIBYAJL_INCLUDE_DIR} + ${LIBARCHIVE_INCLUDE_DIR} +- ${HTTP_PARSER_INCLUDE_DIR} + ${OPENSSL_INCLUDE_DIR} + ${CURL_INCLUDE_DIR} + ${SYSTEMD_INCLUDE_DIR} +diff --git a/src/contrib/env_checkconfig b/src/contrib/env_checkconfig +index 62a91354..9080e01a 100755 +--- a/src/contrib/env_checkconfig ++++ b/src/contrib/env_checkconfig +@@ -164,7 +164,6 @@ config_set CONFIG_SMP && echo -n "Cpuset Cgroup Result: " && config_enable CONFI + echo "" + echo "--- Third-party Packages ---" + echo -n "libyajl: " && has_lib libyajl +-echo -n "libhttp_parser: " && has_lib libhttp_parser + echo -n "libevhtp.so.1.2.16: " && has_lib libevhtp.so.1.2.16 + echo -n "libseccomp: " && has_lib libseccomp + echo -n "libcap.so: " && has_lib libcap.so +diff --git a/src/daemon/modules/image/oci/registry/registry_apiv1.c b/src/daemon/modules/image/oci/registry/registry_apiv1.c +index 414eb65c..6da24c1d 100644 +--- a/src/daemon/modules/image/oci/registry/registry_apiv1.c ++++ b/src/daemon/modules/image/oci/registry/registry_apiv1.c +@@ -18,7 +18,7 @@ + #include + #include + #include +-#include ++#include + #include + #include + #include +diff --git a/src/daemon/modules/image/oci/registry/registry_apiv2.c b/src/daemon/modules/image/oci/registry/registry_apiv2.c +index 3b3bbd93..dd49fab7 100644 +--- a/src/daemon/modules/image/oci/registry/registry_apiv2.c ++++ b/src/daemon/modules/image/oci/registry/registry_apiv2.c +@@ -18,7 +18,7 @@ + #include + #include + #include +-#include ++#include + #include + #include + #include +diff --git a/src/utils/http/CMakeLists.txt b/src/utils/http/CMakeLists.txt +index ad7d0747..23d92cdc 100644 +--- a/src/utils/http/CMakeLists.txt ++++ b/src/utils/http/CMakeLists.txt +@@ -20,7 +20,7 @@ target_include_directories(libhttpclient PUBLIC + + # set libhttpclient FLAGS + set_target_properties(libhttpclient PROPERTIES PREFIX "") +-target_link_libraries(libhttpclient ${HTTP_PARSER_LIBRARY} ${CURL_LIBRARY}) ++target_link_libraries(libhttpclient ${CURL_LIBRARY}) + + set_target_properties(libhttpclient PROPERTIES LINKER_LANGUAGE "C") + +diff --git a/src/utils/http/parser.c b/src/utils/http/parser.c +index cf8425e4..3e910efc 100644 +--- a/src/utils/http/parser.c ++++ b/src/utils/http/parser.c +@@ -38,7 +38,7 @@ + */ + + #include "parser.h" +-#include ++#include + #include + #include + #include +diff --git a/src/utils/http/parser.h b/src/utils/http/parser.h +index ce5fe5e7..fd8f150d 100644 +--- a/src/utils/http/parser.h ++++ b/src/utils/http/parser.h +@@ -42,7 +42,7 @@ + + #include + +-#include "http_parser.h" ++#include + + #undef TRUE + #define TRUE 1 +diff --git a/src/utils/http/rest_common.c b/src/utils/http/rest_common.c +index 885375f2..d851ba96 100644 +--- a/src/utils/http/rest_common.c ++++ b/src/utils/http/rest_common.c +@@ -16,7 +16,7 @@ + + #include + #include +-#include ++#include + #include + + #include "isula_libutils/log.h" +-- +2.25.1 + diff --git a/0016-add-more-detailed-log-information-for-load-sandbox.patch b/0016-add-more-detailed-log-information-for-load-sandbox.patch new file mode 100644 index 0000000000000000000000000000000000000000..6d6b985be0a72c063ea7b71819982d2c28c51dea --- /dev/null +++ b/0016-add-more-detailed-log-information-for-load-sandbox.patch @@ -0,0 +1,26 @@ +From e4facfcd2947b5277789d58a452090b61ca2d383 Mon Sep 17 00:00:00 2001 +From: zhongtao +Date: Wed, 21 Feb 2024 15:04:27 +0800 +Subject: [PATCH 16/26] add more detailed log information for load sandbox + +Signed-off-by: zhongtao +--- + src/daemon/sandbox/sandbox_manager.cc | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/daemon/sandbox/sandbox_manager.cc b/src/daemon/sandbox/sandbox_manager.cc +index d3db4fb4..cee444f4 100644 +--- a/src/daemon/sandbox/sandbox_manager.cc ++++ b/src/daemon/sandbox/sandbox_manager.cc +@@ -461,7 +461,7 @@ auto SandboxManager::LoadSandbox(std::string &id) -> std::shared_ptr + Errors tmpError; + + if (!sandbox->Load(tmpError)) { +- ERROR("Failed to load subdir:%s", id.c_str()); ++ ERROR("Failed to load subdir:%s: %s", id.c_str(), tmpError.GetMessage().c_str()); + return nullptr; + } + +-- +2.25.1 + diff --git a/0017-bugfix-for-the-concurrency-competition-between-the-r.patch b/0017-bugfix-for-the-concurrency-competition-between-the-r.patch new file mode 100644 index 0000000000000000000000000000000000000000..42e04357b3fecd8e254a0b80d415fafb71a90c01 --- /dev/null +++ b/0017-bugfix-for-the-concurrency-competition-between-the-r.patch @@ -0,0 +1,83 @@ +From 0099190e7f18e890185e36c5a657e9ce95179bc8 Mon Sep 17 00:00:00 2001 +From: zhongtao +Date: Fri, 1 Mar 2024 15:04:09 +0800 +Subject: [PATCH 17/26] bugfix for the concurrency competition between the + reuse layer and the creation layer + +Signed-off-by: zhongtao +--- + src/daemon/modules/image/oci/oci_load.c | 9 ++++++++- + src/daemon/modules/image/oci/registry/registry.c | 9 ++++++++- + 2 files changed, 16 insertions(+), 2 deletions(-) + +diff --git a/src/daemon/modules/image/oci/oci_load.c b/src/daemon/modules/image/oci/oci_load.c +index 534e2647..85127f35 100644 +--- a/src/daemon/modules/image/oci/oci_load.c ++++ b/src/daemon/modules/image/oci/oci_load.c +@@ -680,6 +680,12 @@ static int oci_load_set_layers_info(load_image_t *im, const image_manifest_items + char *parent_chain_id_sha256 = ""; + char *id = NULL; + char *parent_chain_id = NULL; ++ // exist_flag is used to mark whether a non-existent layer has been encountered during this layer reuse process. ++ // 1.exist_flag is true if the layers are currently reusable; ++ // 2.exist_flag is false if encounter an uncreated layer that cannot be reused ++ // Prevent concurrent competition between the creation layer function ++ // and the reuse layer function on the im -> layer_of_hold_refs variable ++ bool exist_flag = true; + + if (im == NULL || manifest == NULL || dstdir == NULL) { + ERROR("Invalid input params image or manifest is null"); +@@ -761,7 +767,7 @@ static int oci_load_set_layers_info(load_image_t *im, const image_manifest_items + goto out; + } + +- if (storage_inc_hold_refs(id) == 0) { ++ if (exist_flag && storage_inc_hold_refs(id) == 0) { + free(im->layer_of_hold_refs); + im->layer_of_hold_refs = util_strdup_s(id); + if (parent_chain_id != NULL && storage_dec_hold_refs(parent_chain_id) != 0) { +@@ -781,6 +787,7 @@ static int oci_load_set_layers_info(load_image_t *im, const image_manifest_items + continue; + } + ++ exist_flag = false; + if (check_and_set_digest_from_tarball(im->layers[i], conf->rootfs->diff_ids[i]) != 0) { + ERROR("Check layer digest failed"); + ret = -1; +diff --git a/src/daemon/modules/image/oci/registry/registry.c b/src/daemon/modules/image/oci/registry/registry.c +index aed3057a..66fa0076 100644 +--- a/src/daemon/modules/image/oci/registry/registry.c ++++ b/src/daemon/modules/image/oci/registry/registry.c +@@ -1516,6 +1516,12 @@ static int fetch_all(pull_descriptor *desc) + struct layer_list *list = NULL; + pthread_t tid = 0; + struct timespec ts = { 0 }; ++ // exist_flag is used to mark whether a non-existent layer has been encountered during this layer reuse process. ++ // 1.exist_flag is true if the layers are currently reusable; ++ // 2.exist_flag is false if encounter an uncreated layer that cannot be reused ++ // Prevent concurrent competition between the creation layer function ++ // and the reuse layer function on the im -> layer_of_hold_refs variable ++ bool exist_flag = true; + + if (desc == NULL) { + ERROR("Invalid NULL param"); +@@ -1547,7 +1553,7 @@ static int fetch_all(pull_descriptor *desc) + + // Skip layer that already exist in local store + list = storage_layers_get_by_compress_digest(desc->layers[i].digest); +- if (list != NULL) { ++ if (exist_flag && list != NULL) { + for (j = 0; j < list->layers_len; j++) { + if ((list->layers[j]->parent == NULL && i == 0) || + (parent_chain_id != NULL && list->layers[j]->parent != NULL && +@@ -1579,6 +1585,7 @@ static int fetch_all(pull_descriptor *desc) + continue; + } + } ++ exist_flag = false; + + // parent_chain_id = NULL means no parent chain match from now on, so no longer need + // to get layers by compressed digest to reuse layer. +-- +2.25.1 + diff --git a/0018-add-concurrent-load-test.patch b/0018-add-concurrent-load-test.patch new file mode 100644 index 0000000000000000000000000000000000000000..012fc8dfc3dedd2ef57b75b0031538cbed21f18a --- /dev/null +++ b/0018-add-concurrent-load-test.patch @@ -0,0 +1,73 @@ +From 2af906d42a155a7b779dce017a2779b96dba2b61 Mon Sep 17 00:00:00 2001 +From: zhongtao +Date: Fri, 1 Mar 2024 15:04:35 +0800 +Subject: [PATCH 18/26] add concurrent load test + +Signed-off-by: zhongtao +--- + CI/test_cases/image_cases/image_load.sh | 47 +++++++++++++++++++++++++ + 1 file changed, 47 insertions(+) + +diff --git a/CI/test_cases/image_cases/image_load.sh b/CI/test_cases/image_cases/image_load.sh +index 52b713d4..a2cada5f 100755 +--- a/CI/test_cases/image_cases/image_load.sh ++++ b/CI/test_cases/image_cases/image_load.sh +@@ -79,8 +79,55 @@ function test_image_load() + return ${ret} + } + ++function test_concurrent_load() ++{ ++ local ret=0 ++ local test="isula load image test => (${FUNCNAME[@]})" ++ ++ msg_info "${test} starting..." ++ ++ # clean exist image ++ ubuntu_id=`isula inspect -f '{{.image.id}}' ubuntu` ++ busybox_id=`isula inspect -f '{{.image.id}}' busybox` ++ isula rmi $ubuntu_id $busybox_id ++ ++ concurrent_time=10 ++ for i in `seq 1 $concurrent_time` ++ do ++ isula load -i $mult_image & ++ pids[$i]=$! ++ done ++ ++ for i in `seq 1 $concurrent_time`;do ++ wait ${pids[$i]} ++ [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - fail to do isulad load $i" && ((ret++)) ++ done ++ ++ ubuntu_id=`isula inspect -f '{{.image.id}}' ubuntu` ++ [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - fail to inspect image: ubuntu" && ((ret++)) ++ ++ top_layer_id=$(isula inspect -f '{{.image.top_layer}}' ${ubuntu_id}) ++ ++ busybox_id=`isula inspect -f '{{.image.id}}' busybox` ++ [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - fail to inspect image: busybox" && ((ret++)) ++ ++ # delete image after concurrent load ++ isula rmi $ubuntu_id $busybox_id ++ [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - failed to remove image ${ubuntu_id} and ${busybox_id}" && ((ret++)) ++ ++ ls -l /var/lib/isulad/storage/overlay-layers ++ local top_layer_dir=/var/lib/isulad/storage/overlay-layers/${top_layer_id} ++ test -e ${top_layer_dir} ++ [[ $? -eq 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - top layer dir ${top_layer_id} exist after delete image" && ((ret++)) ++ ++ msg_info "${test} finished with return ${ret}..." ++ return ${ret} ++} ++ + declare -i ans=0 + ++test_concurrent_load || ((ans++)) ++ + test_image_load || ((ans++)) + + show_result ${ans} "${curr_path}/${0}" +-- +2.25.1 + diff --git a/0019-get-the-realpath-of-the-host-path-for-archive-when-c.patch b/0019-get-the-realpath-of-the-host-path-for-archive-when-c.patch new file mode 100644 index 0000000000000000000000000000000000000000..4ec6b4a556836e8f08dc2f3aa941ce0aa50439c2 --- /dev/null +++ b/0019-get-the-realpath-of-the-host-path-for-archive-when-c.patch @@ -0,0 +1,63 @@ +From 96dfd32ee5d9a133ad63af13723402f10cd7cf7b Mon Sep 17 00:00:00 2001 +From: zhongtao +Date: Mon, 11 Mar 2024 15:50:45 +0800 +Subject: [PATCH 19/26] get the realpath of the host path for archive when cp + +Signed-off-by: zhongtao +--- + src/utils/tar/isulad_tar.c | 16 ++++++++++++++-- + 1 file changed, 14 insertions(+), 2 deletions(-) + +diff --git a/src/utils/tar/isulad_tar.c b/src/utils/tar/isulad_tar.c +index bbe4c3b2..fe514acc 100644 +--- a/src/utils/tar/isulad_tar.c ++++ b/src/utils/tar/isulad_tar.c +@@ -390,6 +390,7 @@ int archive_copy_to(const struct io_read_wrapper *content, const struct archive_ + { + int ret = -1; + struct archive_copy_info *dstinfo = NULL; ++ char cleanpath[PATH_MAX] = { 0 }; + char *dstdir = NULL; + char *src_base = NULL; + char *dst_base = NULL; +@@ -410,7 +411,12 @@ int archive_copy_to(const struct io_read_wrapper *content, const struct archive_ + goto cleanup; + } + +- ret = archive_chroot_untar_stream(content, dstdir, ".", src_base, dst_base, root_dir, err); ++ if (realpath(dstdir, cleanpath) == NULL) { ++ ERROR("Failed to get real path for %s", dstdir); ++ return -1; ++ } ++ ++ ret = archive_chroot_untar_stream(content, cleanpath, ".", src_base, dst_base, root_dir, err); + + cleanup: + free_archive_copy_info(dstinfo); +@@ -428,6 +434,7 @@ static int tar_resource_rebase(const char *path, const char *rebase, const char + struct stat st; + char *srcdir = NULL; + char *srcbase = NULL; ++ char cleanpath[PATH_MAX] = { 0 }; + + if (lstat(path, &st) < 0) { + SYSERROR("lstat %s failed", path); +@@ -438,9 +445,14 @@ static int tar_resource_rebase(const char *path, const char *rebase, const char + ERROR("Can not split path: %s", path); + goto cleanup; + } ++ ++ if (realpath(srcdir, cleanpath) == NULL) { ++ ERROR("Failed to get real path for %s", srcdir); ++ return -1; ++ } + + DEBUG("chroot tar stream srcdir(%s) srcbase(%s) rebase(%s)", srcdir, srcbase, rebase); +- nret = archive_chroot_tar_stream(srcdir, srcbase, srcbase, rebase, root_dir, archive_reader); ++ nret = archive_chroot_tar_stream(cleanpath, srcbase, srcbase, rebase, root_dir, archive_reader); + if (nret < 0) { + ERROR("Can not archive path: %s", path); + goto cleanup; +-- +2.25.1 + diff --git a/0020-bugfix-for-wrong-goto-branch.patch b/0020-bugfix-for-wrong-goto-branch.patch new file mode 100644 index 0000000000000000000000000000000000000000..6cf7505dad029fce5563003294aa1bcef524134b --- /dev/null +++ b/0020-bugfix-for-wrong-goto-branch.patch @@ -0,0 +1,35 @@ +From c67760ce928f67d9a8beeaf2e2d51c8f2239f69e Mon Sep 17 00:00:00 2001 +From: zhongtao +Date: Tue, 12 Mar 2024 11:15:26 +0800 +Subject: [PATCH 20/26] bugfix for wrong goto branch + +Signed-off-by: zhongtao +--- + src/utils/tar/isulad_tar.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/src/utils/tar/isulad_tar.c b/src/utils/tar/isulad_tar.c +index fe514acc..13343922 100644 +--- a/src/utils/tar/isulad_tar.c ++++ b/src/utils/tar/isulad_tar.c +@@ -413,7 +413,7 @@ int archive_copy_to(const struct io_read_wrapper *content, const struct archive_ + + if (realpath(dstdir, cleanpath) == NULL) { + ERROR("Failed to get real path for %s", dstdir); +- return -1; ++ goto cleanup; + } + + ret = archive_chroot_untar_stream(content, cleanpath, ".", src_base, dst_base, root_dir, err); +@@ -448,7 +448,7 @@ static int tar_resource_rebase(const char *path, const char *rebase, const char + + if (realpath(srcdir, cleanpath) == NULL) { + ERROR("Failed to get real path for %s", srcdir); +- return -1; ++ goto cleanup; + } + + DEBUG("chroot tar stream srcdir(%s) srcbase(%s) rebase(%s)", srcdir, srcbase, rebase); +-- +2.25.1 + diff --git a/0021-bugfix-for-wrong-dynamic-allocation-object-type.patch b/0021-bugfix-for-wrong-dynamic-allocation-object-type.patch new file mode 100644 index 0000000000000000000000000000000000000000..aa9476cc586d98cbc0851a10c726dfec1ee46e50 --- /dev/null +++ b/0021-bugfix-for-wrong-dynamic-allocation-object-type.patch @@ -0,0 +1,29 @@ +From 0ef23c6caae4a97228705574b0c8f3445c6e65dc Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?=E8=AE=B8=E7=BA=A2=E5=BC=BA?= <277922995@qq.com> +Date: Wed, 13 Mar 2024 17:00:16 +0800 +Subject: [PATCH 21/26] bugfix for wrong dynamic allocation object type +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Signed-off-by: 许红强 <277922995@qq.com> +--- + src/daemon/modules/image/image.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/daemon/modules/image/image.c b/src/daemon/modules/image/image.c +index e7aa81b8..871f5f39 100644 +--- a/src/daemon/modules/image/image.c ++++ b/src/daemon/modules/image/image.c +@@ -1535,7 +1535,7 @@ int im_tag_image(const im_tag_request *request, im_tag_response **response) + return -1; + } + +- *response = util_common_calloc_s(sizeof(im_remove_response)); ++ *response = util_common_calloc_s(sizeof(im_tag_response)); + if (*response == NULL) { + ERROR("Out of memory"); + return -1; +-- +2.25.1 + diff --git a/0022-add-swap-usage-in-cri.patch b/0022-add-swap-usage-in-cri.patch new file mode 100644 index 0000000000000000000000000000000000000000..f6218e71e5211cf99016bfc8ff2043f0f27b7fa1 --- /dev/null +++ b/0022-add-swap-usage-in-cri.patch @@ -0,0 +1,80 @@ +From ed569ccbf7e5029e83c40521255e0e406f285bae Mon Sep 17 00:00:00 2001 +From: jikai +Date: Fri, 12 Jan 2024 11:31:59 +0800 +Subject: [PATCH 22/26] add swap usage in cri + +Signed-off-by: jikai +--- + .../entry/cri/v1/v1_cri_container_manager_service.cc | 11 +++++++++++ + src/daemon/executor/container_cb/execution_extend.c | 2 ++ + src/daemon/modules/api/runtime_api.h | 3 +++ + src/daemon/modules/runtime/isula/isula_rt_ops.c | 4 ++++ + 4 files changed, 20 insertions(+) + +diff --git a/src/daemon/entry/cri/v1/v1_cri_container_manager_service.cc b/src/daemon/entry/cri/v1/v1_cri_container_manager_service.cc +index 2dda1e16..47a33c2c 100644 +--- a/src/daemon/entry/cri/v1/v1_cri_container_manager_service.cc ++++ b/src/daemon/entry/cri/v1/v1_cri_container_manager_service.cc +@@ -890,6 +890,17 @@ void ContainerManagerService::ContainerStatsToGRPC( + if (response->container_stats[i]->major_page_faults != 0u) { + container->mutable_memory()->mutable_major_page_faults()->set_value(response->container_stats[i]->major_page_faults); + } ++ ++ // Swap ++ container->mutable_swap()->set_timestamp(timestamp); ++ if (response->container_stats[i]->swap_used != 0u) { ++ container->mutable_swap()->mutable_swap_usage_bytes()->set_value(response->container_stats[i]->swap_used); ++ } ++ if (response->container_stats[i]->swap_limit >= response->container_stats[i]->swap_used) { ++ container->mutable_swap()->mutable_swap_available_bytes()->set_value(response->container_stats[i]->swap_limit ++ - response->container_stats[i]->swap_used); ++ } ++ + containerstats.push_back(std::move(container)); + } + } +diff --git a/src/daemon/executor/container_cb/execution_extend.c b/src/daemon/executor/container_cb/execution_extend.c +index 25ec5d3b..52401633 100644 +--- a/src/daemon/executor/container_cb/execution_extend.c ++++ b/src/daemon/executor/container_cb/execution_extend.c +@@ -259,6 +259,8 @@ static container_info *get_container_stats(const container_t *cont, + info->major_page_faults = einfo->major_page_faults; + info->kmem_used = einfo->kmem_used; + info->kmem_limit = einfo->kmem_limit; ++ info->swap_used = einfo->swap_used; ++ info->swap_limit = einfo->swap_limit; + info->timestamp = util_get_now_time_nanos(); + + // workingset is zero if memory used < total inactive file +diff --git a/src/daemon/modules/api/runtime_api.h b/src/daemon/modules/api/runtime_api.h +index d2679c2d..bd170c30 100644 +--- a/src/daemon/modules/api/runtime_api.h ++++ b/src/daemon/modules/api/runtime_api.h +@@ -66,6 +66,9 @@ struct runtime_container_resources_stats_info { + uint64_t cache; + uint64_t cache_total; + uint64_t inactive_file_total; ++ /* Swap usage*/ ++ uint64_t swap_used; ++ uint64_t swap_limit; + }; + + typedef struct _rt_create_params_t { +diff --git a/src/daemon/modules/runtime/isula/isula_rt_ops.c b/src/daemon/modules/runtime/isula/isula_rt_ops.c +index 2c92cc59..745154bb 100644 +--- a/src/daemon/modules/runtime/isula/isula_rt_ops.c ++++ b/src/daemon/modules/runtime/isula/isula_rt_ops.c +@@ -647,6 +647,10 @@ static void transform_stats_info_from_runtime(shim_client_runtime_stats *stats, + info->page_faults = memory->raw->pgfault; + info->major_page_faults = memory->raw->pgmajfault; + } ++ if (memory != NULL && memory->swap != NULL) { ++ info->swap_used = memory->swap->usage; ++ info->swap_limit = memory->swap->limit; ++ } + shim_client_runtime_stats_data_blkio *blkio = stats->data->blkio; + if (blkio == NULL) { + return; +-- +2.25.1 + diff --git a/0023-add-benchmark-result-of-perf-test-in-cri.patch b/0023-add-benchmark-result-of-perf-test-in-cri.patch new file mode 100644 index 0000000000000000000000000000000000000000..00a2f0a521c40274134fbc002a46e83bde172c4b --- /dev/null +++ b/0023-add-benchmark-result-of-perf-test-in-cri.patch @@ -0,0 +1,256 @@ +From 16a0cf7e9c2c059cb5537f48a022e63df457f186 Mon Sep 17 00:00:00 2001 +From: jikai +Date: Sat, 2 Mar 2024 11:49:08 +0800 +Subject: [PATCH 23/26] add benchmark, result of perf test in cri + +Signed-off-by: jikai +--- + docs/performance/cri_performance_test.md | 60 ++++++++ + tools/benchmark/cri_perf_test.sh | 168 +++++++++++++++++++++++ + 2 files changed, 228 insertions(+) + create mode 100644 docs/performance/cri_performance_test.md + create mode 100755 tools/benchmark/cri_perf_test.sh + +diff --git a/docs/performance/cri_performance_test.md b/docs/performance/cri_performance_test.md +new file mode 100644 +index 00000000..594f0da7 +--- /dev/null ++++ b/docs/performance/cri_performance_test.md +@@ -0,0 +1,60 @@ ++## Machine configuration ++ ++ARM machine: ++ ++| Configuration | Information | ++| ------------- | -------------------------------------- | ++| OS | openEuler 22.03-LTS | ++| Kernel | linux 5.10.0-136.12.0.86.oe2203.aarch64 | ++| CPU | 96 cores | ++| Memory | 128 GB | ++ ++## Version of Softwares ++ ++| Name | Version | ++| ------ | ------------------------------------------------------------ | ++| iSulad | Version: 2.1.5 , Git commit: 5ebca976dd591a5676527be1bde950e5ce93eac0 | ++| containerd | Version: v2.0.0-beta.2, Git commit: 290194fe77d48521d3ea78ec02e2e406c4bf91b6 | ++| crio | version: 1.30.0, Git commit: b43e0d63a8af3277dbfc555f62d07bb2305a72c7 | ++ ++## Test tool ++ ++tools/benchmark/cri_perf_test.sh ++ ++## Compare with other container engines ++ ++### run operator once ++ ++#### ARM ++ ++run 1 pod and 1 container ++ ++| measure | iSulad | containerd | crio | vs containerd | vs crio | ++| ----------------- | ------ | ------ | ------ | ------ | ------ | ++| time(ms) | 580 | 812 | 567 | -28.5% | 2.3% | ++| engine mem(kb) | 38704 | 66806 | 58760 | -42.0% | -34.2% | ++| shim mem(kb) | 1700 | 13876 | 4648 | -87.7% | -63.4% | ++ ++run 10 pods and 10 containers ++ ++| measure | iSulad | containerd | crio | vs containerd | vs crio | ++| ----------------- | ------ | ------ | ------ | ------ | ------ | ++| time(ms) | 1141 | 4000 | 1749 | -71.5% | -34.8% | ++| engine mem(kb) | 47688 | 82580 | 86128 | -42.2% | -44.6% | ++| shim mem(kb) | 16764 | 154872 | 46836 | -89.2% | -64.2% | ++ ++run 50 pods and 50 containers ++ ++| measure | iSulad | containerd | crio | vs containerd | vs crio | ++| ----------------- | ------ | ------ | ------ | ------ | ------ | ++| time(ms) | 4544 | 19963 | 8503 | -77.2% | -46.9% | ++| engine mem(kb) | 88700 | 134384 | 115560 | -34.0% | -23.2% | ++| shim mem(kb) | 83892 | 750924 | 233480 | -88.8% | -64.0% | ++ ++run 100 pods and 100 containers ++ ++| measure | iSulad | containerd | crio | vs containerd | vs crio | ++| ----------------- | ------ | ------ | ------ | ------ | ------ | ++| time(ms) | 10012 | 39629 | 18278 | -74.7% | -45.5% | ++| engine mem(kb) | 148464 | 185700 | 147836 | -20.0% | 0.4% | ++| shim mem(kb) | 168420 | 1506268| 462000 | -88.8% | -63.3% | +diff --git a/tools/benchmark/cri_perf_test.sh b/tools/benchmark/cri_perf_test.sh +new file mode 100755 +index 00000000..54ee24f5 +--- /dev/null ++++ b/tools/benchmark/cri_perf_test.sh +@@ -0,0 +1,168 @@ ++#!/bin/bash ++####################################################################### ++##- Copyright (c) Huawei Technologies Co., Ltd. 2020. All rights reserved. ++# - iSulad licensed under the Mulan PSL v2. ++# - You can use this software according to the terms and conditions of the Mulan PSL v2. ++# - You may obtain a copy of Mulan PSL v2 at: ++# - http://license.coscl.org.cn/MulanPSL2 ++# - THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR ++# - IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR ++# - PURPOSE. ++# - See the Mulan PSL v2 for more details. ++##- @Description: perf test ++##- @Author: jikai ++##- @Create: 2024-02-29 ++####################################################################### ++ ++# cri_perf_test.sh -e $engine -p $parallel ++ ++engine=isulad ++runtime="unix:///var/run/isulad.sock" ++shim="isulad-shim" ++parallel=1 ++while getopts ":e:p:" opt ++do ++ case $opt in ++ e) ++ engine=${OPTARG} ++ # compare if OPTARG is in ["isulad", "containerd", "crio"]} ++ if [ $engine == "isulad" ]; then ++ runtime="unix:///var/run/isulad.sock" ++ shim="isulad-shim" ++ elif [ $engine == "containerd" ]; then ++ runtime="unix:///var/run/containerd/containerd.sock" ++ shim="containerd-shim" ++ elif [ $engine == "crio" ]; then ++ runtime="unix:///var/run/crio/crio.sock" ++ shim="conmon" ++ else ++ echo "Unknown engine: ${OPTARG}, only support isulad, containerd, crio." ++ exit 1 ++ fi ++ ;; ++ p) ++ parallel=${OPTARG} ++ ;; ++ ?) ++ echo "Unknown parameter" ++ exit 1;; ++ esac ++done ++ ++workdir="$(pwd)" ++tmpdir="$workdir/cri_perf_test_tmpdata" ++mkdir -p $tmpdir/container/ ++mkdir -p $tmpdir/pod/ ++mkdir -p $workdir/cri_perf_test_result/ ++result_data=$workdir/cri_perf_test_result/${engine}-${parallel}-result.dat ++rm -f $result_data ++ ++# Get the interval time(ms) ++function getTiming(){ ++ start=$1 ++ end=$2 ++ ++ start_s=$(echo $start | cut -d '.' -f 1) ++ start_ns=$(echo $start | cut -d '.' -f 2) ++ end_s=$(echo $end | cut -d '.' -f 1) ++ end_ns=$(echo $end | cut -d '.' -f 2) ++ ++ time=$(( ( 10#$end_s - 10#$start_s ) * 1000 + ( 10#$end_ns / 1000000 - 10#$start_ns / 1000000 ) )) ++ ++ echo "$time" ++} ++ ++# Kill all pods and containers running ++crictl --runtime-endpoint $runtime rmp -af ++ ++# Create $parallel container.json and pod.json ++for((i=0;i<$parallel;i++)) ++do ++ cat > $tmpdir/container/container_$i.json << EOF ++{ ++ "metadata": { ++ "name": "testcontainer$i" ++ }, ++ "image": { ++ "image": "busybox" ++ }, ++ "command": [ ++ "/bin/sh", "-c", "sleep 1d" ++ ], ++ "log_path": "console$i.log", ++ "linux": { ++ "security_context": { ++ "capabilities": {} ++ } ++ } ++} ++EOF ++ ++ cat > $tmpdir/pod/pod_$i.json <> ${result_data} ++else ++ echo "${boot_time}ms is too long, please check the environment." ++fi ++ ++# get pids ++shim_pids=$(ps -ef | grep -v grep | grep -i $shim | awk '{print$2}') ++ ++# calc memory of pids ++engine_mem=$(cat /proc/$engine_pid/status | grep VmRSS | awk '{print $2}') ++shim_mem=0 ++for pid in $shim_pids ++do ++ let shim_mem+=$(cat /proc/$pid/status | grep VmRSS | awk '{print $2}') ++done ++echo "Engine Mem: ${engine_mem}KB" ++echo "engine-mem: ${engine_mem}" >> ${result_data} ++echo "Shim Mem Total: ${shim_mem}KB" ++echo "shim-mem: ${shim_mem}" >> ${result_data} ++ ++# clean resources ++crictl --runtime-endpoint $runtime rmp -af ++rm -rf $tmpdir +-- +2.25.1 + diff --git a/0024-add-support-for-systemd-cgroup-driver.patch b/0024-add-support-for-systemd-cgroup-driver.patch new file mode 100644 index 0000000000000000000000000000000000000000..5ef3187c8f97c69be0cad8413bc6f2bb588597cb --- /dev/null +++ b/0024-add-support-for-systemd-cgroup-driver.patch @@ -0,0 +1,523 @@ +From 167af3ce0cff3906c9976b249432d41167b15eb2 Mon Sep 17 00:00:00 2001 +From: jikai +Date: Thu, 11 Jan 2024 17:06:57 +0800 +Subject: [PATCH 24/26] add support for systemd cgroup driver + +Signed-off-by: jikai +--- + src/cmd/isulad-shim/process.c | 6 + + src/cmd/isulad/isulad_commands.h | 2 + + src/contrib/config/daemon.json | 3 +- + src/daemon/common/cgroup.h | 4 + + src/daemon/common/cgroup_v1.c | 116 ++++++++++++++++++ + src/daemon/config/isulad_config.c | 23 ++++ + src/daemon/config/isulad_config.h | 2 + + .../cri/v1/cri_v1_runtime_runtime_service.cc | 25 ++++ + .../cri/v1/cri_v1_runtime_runtime_service.h | 4 + + .../cri/v1/v1_cri_runtime_manager_service.cc | 12 ++ + .../cri/v1/v1_cri_runtime_manager_service.h | 2 + + .../entry/cri/v1/v1_cri_runtime_service.h | 2 + + .../cri/v1/v1_cri_runtime_service_impl.cc | 5 + + .../cri/v1/v1_cri_runtime_service_impl.h | 2 + + src/daemon/executor/container_cb/execution.c | 26 ++++ + .../modules/runtime/engines/lcr/lcr_rt_ops.c | 7 ++ + .../modules/runtime/isula/isula_rt_ops.c | 1 + + src/daemon/modules/runtime/shim/shim_rt_ops.c | 6 + + src/daemon/modules/spec/specs.c | 22 +++- + 19 files changed, 268 insertions(+), 2 deletions(-) + +diff --git a/src/cmd/isulad-shim/process.c b/src/cmd/isulad-shim/process.c +index bf67c414..8a4ca175 100644 +--- a/src/cmd/isulad-shim/process.c ++++ b/src/cmd/isulad-shim/process.c +@@ -1287,6 +1287,12 @@ static void get_runtime_cmd(process_t *p, const char *log_path, const char *pid_ + params[i++] = p->state->cwd; + } + } else { ++ // the --systemd-cgroup argument is not in oci spec, but up to now, ++ // the latest version of runc, crun, youki, runsc, kata-runtime all support this argument ++ // should ensure that this is supported for oci runtime ++ if (p->state->systemd_cgroup) { ++ params[i++] = "--systemd-cgroup"; ++ } + params[i++] = "create"; + params[i++] = "--bundle"; + params[i++] = p->bundle; +diff --git a/src/cmd/isulad/isulad_commands.h b/src/cmd/isulad/isulad_commands.h +index ba4b838d..cf5f65f5 100644 +--- a/src/cmd/isulad/isulad_commands.h ++++ b/src/cmd/isulad/isulad_commands.h +@@ -226,6 +226,8 @@ int command_default_ulimit_append(command_option_t *option, const char *arg); + &(cmdargs)->json_confs->storage_opts, \ + "Storage driver options", \ + command_append_array }, \ ++ { CMD_OPT_TYPE_BOOL, false, "systemd-cgroup", 0, &(cmdargs)->json_confs->systemd_cgroup, \ ++ "Use systemd cgroup driver(default false)", NULL }, \ + SUP_GROUPS_OPT(cmdargs) \ + { CMD_OPT_TYPE_CALLBACK, \ + false, \ +diff --git a/src/contrib/config/daemon.json b/src/contrib/config/daemon.json +index 966e016a..69362c26 100644 +--- a/src/contrib/config/daemon.json ++++ b/src/contrib/config/daemon.json +@@ -36,5 +36,6 @@ + "cri-runtimes": { + "kata": "io.containerd.kata.v2" + }, +- "enable-cri-v1": false ++ "enable-cri-v1": false, ++ "systemd-cgroup": false + } +diff --git a/src/daemon/common/cgroup.h b/src/daemon/common/cgroup.h +index 6664fb15..fa20f42c 100644 +--- a/src/daemon/common/cgroup.h ++++ b/src/daemon/common/cgroup.h +@@ -141,6 +141,10 @@ typedef struct { + + int common_get_cgroup_v1_metrics(const char *cgroup_path, cgroup_metrics_t *cgroup_metrics); + ++char *common_get_init_cgroup(const char *subsystem); ++ ++char *common_get_own_cgroup(const char *subsystem); ++ + #ifdef __cplusplus + } + #endif +diff --git a/src/daemon/common/cgroup_v1.c b/src/daemon/common/cgroup_v1.c +index 9004becc..e38fc03e 100644 +--- a/src/daemon/common/cgroup_v1.c ++++ b/src/daemon/common/cgroup_v1.c +@@ -554,3 +554,119 @@ int common_get_cgroup_v1_metrics(const char *cgroup_path, cgroup_metrics_t *cgro + return 0; + } + ++/* parse cgroup files, such as /proc/self/cgroup or /proc/1/cgroup */ ++static int parse_cgroup_file(const char *path, char ***nlist, char ***plist) ++{ ++ int ret = 0; ++ size_t length = 0; ++ __isula_auto_file FILE *fp = NULL; ++ __isula_auto_free char *pline = NULL; ++ ++ fp = util_fopen(path, "r"); ++ if (fp == NULL) { ++ return -1; ++ } ++ ++ while (getline(&pline, &length, fp) != -1) { ++ char *pos = NULL; ++ char *pos2 = NULL; ++ char *pos3 = NULL; ++ char *ptoken = NULL; ++ char *psave = NULL; ++ pos = strchr(pline, ':'); ++ if (pos == NULL) { ++ ERROR("Invalid cgroup entry: must contain at least two colons: %s", pline); ++ ret = -1; ++ goto out; ++ } ++ pos++; ++ pos2 = strchr(pos, ':'); ++ if (pos2 == NULL) { ++ ERROR("Invalid cgroup entry: must contain at least two colons: %s", pline); ++ ret = -1; ++ goto out; ++ } ++ pos3 = strchr(pos2, '\n'); ++ if (pos3 != NULL) { ++ *pos3 = '\0'; ++ } ++ *pos2 = '\0'; ++ ++ if ((pos2 - pos) == 0) { ++ INFO("Cgroup entry: %s not supported by cgroup v1", pline); ++ continue; ++ } ++ ++ for (ptoken = strtok_r(pos, ",", &psave); ptoken; ptoken = strtok_r(NULL, ",", &psave)) { ++ ret = util_array_append(nlist, ptoken); ++ if (ret != 0) { ++ ERROR("Failed to append string"); ++ goto out; ++ } ++ ++ ret = util_array_append(plist, pos2 + 1); ++ if (ret != 0) { ++ ERROR("Failed to append string"); ++ goto out; ++ } ++ } ++ } ++ ++out: ++ if (ret != 0) { ++ util_free_array(*nlist); ++ *nlist = NULL; ++ util_free_array(*plist); ++ *plist = NULL; ++ } ++ return ret; ++} ++ ++static char *common_get_cgroup_path(const char *path, const char *subsystem) ++{ ++ char **nlist = NULL, **plist = NULL; ++ size_t i = 0; ++ char *res = NULL; ++ if (path == NULL) { ++ ERROR("Invalid NULL param"); ++ return NULL; ++ } ++ ++ if (parse_cgroup_file(path, &nlist, &plist) < 0) { ++ return NULL; ++ } ++ ++ for (i = 0; i < util_array_len((const char **)nlist); i++) { ++ const char *prefix = "name="; ++ bool find_sub = (strcmp(nlist[i], subsystem) == 0 || (strncmp(nlist[i], prefix, strlen(prefix)) == 0 ++ && strcmp(nlist[i]+strlen(prefix), subsystem) == 0)); ++ if (find_sub) { ++ res = util_strdup_s(plist[i]); ++ break; ++ } ++ } ++ ++ util_free_array(nlist); ++ util_free_array(plist); ++ return res; ++} ++ ++char *common_get_init_cgroup(const char *subsystem) ++{ ++ if (common_get_cgroup_version() != CGROUP_VERSION_1) { ++ ERROR("Not implemented for cgroup v2 hierarchy"); ++ return NULL; ++ } ++ ++ return common_get_cgroup_path("/proc/1/cgroup", subsystem); ++} ++ ++char *common_get_own_cgroup(const char *subsystem) ++{ ++ if (common_get_cgroup_version() != CGROUP_VERSION_1) { ++ ERROR("Not implemented for cgroup v2 hierarchy"); ++ return NULL; ++ } ++ ++ return common_get_cgroup_path("/proc/self/cgroup", subsystem); ++} +diff --git a/src/daemon/config/isulad_config.c b/src/daemon/config/isulad_config.c +index 51758adb..8179558e 100644 +--- a/src/daemon/config/isulad_config.c ++++ b/src/daemon/config/isulad_config.c +@@ -1762,6 +1762,8 @@ int merge_json_confs_into_global(struct service_arguments *args) + args->json_confs->enable_cri_v1 = tmp_json_confs->enable_cri_v1; + #endif + ++ args->json_confs->systemd_cgroup = tmp_json_confs->systemd_cgroup; ++ + if (merge_cri_runtimes_into_global(args, tmp_json_confs)) { + ret = -1; + goto out; +@@ -1895,3 +1897,24 @@ isulad_daemon_constants *get_isulad_daemon_constants(void) + { + return g_isulad_daemon_constants; + } ++ ++bool conf_get_systemd_cgroup() ++{ ++ bool systemd_cgroup = false; ++ struct service_arguments *conf = NULL; ++ ++ if (isulad_server_conf_rdlock() != 0) { ++ return false; ++ } ++ ++ conf = conf_get_server_conf(); ++ if (conf == NULL || conf->json_confs == NULL) { ++ goto out; ++ } ++ ++ systemd_cgroup = conf->json_confs->systemd_cgroup; ++ ++out: ++ (void)isulad_server_conf_unlock(); ++ return systemd_cgroup; ++} +diff --git a/src/daemon/config/isulad_config.h b/src/daemon/config/isulad_config.h +index 459ea331..f29cd564 100644 +--- a/src/daemon/config/isulad_config.h ++++ b/src/daemon/config/isulad_config.h +@@ -114,6 +114,8 @@ char *conf_get_isulad_monitor_fifo_path(void); + int init_isulad_daemon_constants(void); + isulad_daemon_constants *get_isulad_daemon_constants(void); + ++bool conf_get_systemd_cgroup(void); ++ + #ifdef __cplusplus + } + #endif +diff --git a/src/daemon/entry/connect/grpc/cri/v1/cri_v1_runtime_runtime_service.cc b/src/daemon/entry/connect/grpc/cri/v1/cri_v1_runtime_runtime_service.cc +index ba9459f6..76e393f3 100644 +--- a/src/daemon/entry/connect/grpc/cri/v1/cri_v1_runtime_runtime_service.cc ++++ b/src/daemon/entry/connect/grpc/cri/v1/cri_v1_runtime_runtime_service.cc +@@ -632,3 +632,28 @@ grpc::Status RuntimeV1RuntimeServiceImpl::Status(grpc::ServerContext *context, + + return grpc::Status::OK; + } ++ ++grpc::Status ++RuntimeV1RuntimeServiceImpl::RuntimeConfig(grpc::ServerContext *context, ++ const runtime::v1::RuntimeConfigRequest *request, ++ runtime::v1::RuntimeConfigResponse *reply) ++{ ++ Errors error; ++ ++ if (request == nullptr) { ++ ERROR("Invalid input arguments"); ++ return grpc::Status(grpc::StatusCode::INVALID_ARGUMENT, "Invalid input arguments"); ++ } ++ ++ EVENT("Event: {Object: CRI, Type: Runtime Config}"); ++ ++ m_rService->RuntimeConfig(reply, error); ++ if (!error.Empty()) { ++ ERROR("Object: CRI, Type: Failed to get runtime config:%s", error.GetMessage().c_str()); ++ return grpc::Status(grpc::StatusCode::UNKNOWN, error.GetMessage()); ++ } ++ ++ EVENT("Event: {Object: CRI, Type: Runtime Config}"); ++ ++ return grpc::Status::OK; ++} +diff --git a/src/daemon/entry/connect/grpc/cri/v1/cri_v1_runtime_runtime_service.h b/src/daemon/entry/connect/grpc/cri/v1/cri_v1_runtime_runtime_service.h +index 09ebe68b..52cc6b99 100644 +--- a/src/daemon/entry/connect/grpc/cri/v1/cri_v1_runtime_runtime_service.h ++++ b/src/daemon/entry/connect/grpc/cri/v1/cri_v1_runtime_runtime_service.h +@@ -101,6 +101,10 @@ public: + grpc::Status Status(grpc::ServerContext *context, const runtime::v1::StatusRequest *request, + runtime::v1::StatusResponse *reply) override; + ++ grpc::Status RuntimeConfig(grpc::ServerContext *context, ++ const runtime::v1::RuntimeConfigRequest *request, ++ runtime::v1::RuntimeConfigResponse *reply) override; ++ + private: + std::unique_ptr m_rService; + }; +diff --git a/src/daemon/entry/cri/v1/v1_cri_runtime_manager_service.cc b/src/daemon/entry/cri/v1/v1_cri_runtime_manager_service.cc +index 1afac3e2..de489aae 100644 +--- a/src/daemon/entry/cri/v1/v1_cri_runtime_manager_service.cc ++++ b/src/daemon/entry/cri/v1/v1_cri_runtime_manager_service.cc +@@ -16,6 +16,7 @@ + #include "isula_libutils/log.h" + #include "v1_cri_helpers.h" + #include "cri_helpers.h" ++#include "isulad_config.h" + + namespace CRIV1 { + void RuntimeManagerService::UpdateRuntimeConfig(const runtime::v1::RuntimeConfig &config, Errors & /*error*/) +@@ -69,4 +70,15 @@ auto RuntimeManagerService::Status(Errors &error) -> std::unique_ptrmutable_linux()->set_cgroup_driver(conf_get_systemd_cgroup() ? runtime::v1::SYSTEMD : runtime::v1::CGROUPFS); ++} ++ + } // namespace CRI +diff --git a/src/daemon/entry/cri/v1/v1_cri_runtime_manager_service.h b/src/daemon/entry/cri/v1/v1_cri_runtime_manager_service.h +index 3800ec30..2160064e 100644 +--- a/src/daemon/entry/cri/v1/v1_cri_runtime_manager_service.h ++++ b/src/daemon/entry/cri/v1/v1_cri_runtime_manager_service.h +@@ -39,6 +39,8 @@ public: + + auto Status(Errors &error) -> std::unique_ptr; + ++ void RuntimeConfig(runtime::v1::RuntimeConfigResponse *reply, Errors &error); ++ + private: + service_executor_t *m_cb; + std::shared_ptr m_pluginManager; +diff --git a/src/daemon/entry/cri/v1/v1_cri_runtime_service.h b/src/daemon/entry/cri/v1/v1_cri_runtime_service.h +index 87394173..839f6724 100644 +--- a/src/daemon/entry/cri/v1/v1_cri_runtime_service.h ++++ b/src/daemon/entry/cri/v1/v1_cri_runtime_service.h +@@ -89,6 +89,8 @@ public: + virtual void UpdateRuntimeConfig(const runtime::v1::RuntimeConfig &config, Errors &error) = 0; + + virtual auto Status(Errors &error) -> std::unique_ptr = 0; ++ ++ virtual void RuntimeConfig(runtime::v1::RuntimeConfigResponse *reply, Errors &error) = 0; + }; + } // namespace CRIV1 + #endif // DAEMON_ENTRY_CRI_V1_CRI_RUNTIME_SERVICE_INTERFACE_H +diff --git a/src/daemon/entry/cri/v1/v1_cri_runtime_service_impl.cc b/src/daemon/entry/cri/v1/v1_cri_runtime_service_impl.cc +index 67cda5ed..aa5ae516 100644 +--- a/src/daemon/entry/cri/v1/v1_cri_runtime_service_impl.cc ++++ b/src/daemon/entry/cri/v1/v1_cri_runtime_service_impl.cc +@@ -161,4 +161,9 @@ auto CRIRuntimeServiceImpl::Status(Errors &error) -> std::unique_ptrStatus(error); + } + ++void CRIRuntimeServiceImpl::RuntimeConfig(runtime::v1::RuntimeConfigResponse *reply, Errors &error) ++{ ++ m_runtimeManager->RuntimeConfig(reply, error); ++} ++ + } // namespace CRIV1 +diff --git a/src/daemon/entry/cri/v1/v1_cri_runtime_service_impl.h b/src/daemon/entry/cri/v1/v1_cri_runtime_service_impl.h +index 23866648..0a25749f 100644 +--- a/src/daemon/entry/cri/v1/v1_cri_runtime_service_impl.h ++++ b/src/daemon/entry/cri/v1/v1_cri_runtime_service_impl.h +@@ -92,6 +92,8 @@ public: + + auto Status(Errors &error) -> std::unique_ptr override; + ++ void RuntimeConfig(runtime::v1::RuntimeConfigResponse *reply, Errors &error) override; ++ + protected: + std::unique_ptr m_runtimeVersioner; + std::unique_ptr m_containerManager; +diff --git a/src/daemon/executor/container_cb/execution.c b/src/daemon/executor/container_cb/execution.c +index 63d8143c..7ed8e837 100644 +--- a/src/daemon/executor/container_cb/execution.c ++++ b/src/daemon/executor/container_cb/execution.c +@@ -427,6 +427,32 @@ static int cpurt_controller_init(const char *id, const host_config *host_spec) + return 0; + } + ++ if (conf_get_systemd_cgroup()) { ++ // currently it is the same as docker, yet it is unclear that ++ // if systemd cgroup is used and cgroup parent is set to a slice rather than system.slice ++ // should iSulad set cpu.rt_runtime_us and cpu.rt_period_us for the parent path? ++ // in fact, even if system.slice is used, ++ // cpu.rt_runtime_us and cpu.rt_period_us might still needed to be set manually ++ __isula_auto_free char *init_cgroup = common_get_init_cgroup("cpu"); ++ if (init_cgroup == NULL) { ++ ERROR("Failed to get init cgroup"); ++ return -1; ++ } ++ // make sure that the own cgroup path for cpu existed ++ __isula_auto_free char *own_cgroup = common_get_own_cgroup("cpu"); ++ if (own_cgroup == NULL) { ++ ERROR("Failed to get own cgroup"); ++ return -1; ++ } ++ char *new_cgroups_path = util_path_join(init_cgroup, cgroups_path); ++ if (new_cgroups_path == NULL) { ++ ERROR("Failed to join path"); ++ return -1; ++ } ++ free(cgroups_path); ++ cgroups_path = new_cgroups_path; ++ } ++ + mnt_root = sysinfo_cgroup_controller_cpurt_mnt_path(); + if (mnt_root == NULL) { + ERROR("Failed to get cpu rt controller mnt root path"); +diff --git a/src/daemon/modules/runtime/engines/lcr/lcr_rt_ops.c b/src/daemon/modules/runtime/engines/lcr/lcr_rt_ops.c +index 8c3c5f1a..6b862958 100644 +--- a/src/daemon/modules/runtime/engines/lcr/lcr_rt_ops.c ++++ b/src/daemon/modules/runtime/engines/lcr/lcr_rt_ops.c +@@ -53,6 +53,13 @@ int rt_lcr_create(const char *name, const char *runtime, const rt_create_params_ + char *runtime_root = NULL; + struct engine_operation *engine_ops = NULL; + ++ if (conf_get_systemd_cgroup()) { ++ ERROR("Systemd cgroup not supported for lcr runtime"); ++ isulad_set_error_message("Systemd cgroup not supported for lcr runtime"); ++ ret = -1; ++ goto out; ++ } ++ + runtime_root = conf_get_routine_rootdir(runtime); + if (runtime_root == NULL) { + ERROR("Root path is NULL"); +diff --git a/src/daemon/modules/runtime/isula/isula_rt_ops.c b/src/daemon/modules/runtime/isula/isula_rt_ops.c +index 745154bb..b9aba3e3 100644 +--- a/src/daemon/modules/runtime/isula/isula_rt_ops.c ++++ b/src/daemon/modules/runtime/isula/isula_rt_ops.c +@@ -1157,6 +1157,7 @@ int rt_isula_create(const char *id, const char *runtime, const rt_create_params_ + p.runtime_args = (char **)runtime_args; + p.runtime_args_len = runtime_args_len; + p.attach_socket = attach_socket; ++ p.systemd_cgroup = conf_get_systemd_cgroup(); + copy_process(&p, config->process); + copy_annotations(&p, config->annotations); + +diff --git a/src/daemon/modules/runtime/shim/shim_rt_ops.c b/src/daemon/modules/runtime/shim/shim_rt_ops.c +index 81daf224..fc4d8e3a 100644 +--- a/src/daemon/modules/runtime/shim/shim_rt_ops.c ++++ b/src/daemon/modules/runtime/shim/shim_rt_ops.c +@@ -35,6 +35,7 @@ + #include "engine.h" + #include "shim_rt_monitor.h" + #include "supervisor.h" ++#include "isulad_config.h" + + #define EXIT_SIGNAL_OFFSET_X 128 + +@@ -370,6 +371,11 @@ int rt_shim_create(const char *id, const char *runtime, const rt_create_params_t + return -1; + } + ++ if (conf_get_systemd_cgroup()) { ++ ERROR("ShimV2 does not support systemd cgroup yet"); ++ return -1; ++ } ++ + exit_fifo_path = util_path_dir(params->exit_fifo); + if (exit_fifo_path == NULL) { + ERROR("%s: failed to get exit fifo dir from %s", id, params->exit_fifo); +diff --git a/src/daemon/modules/spec/specs.c b/src/daemon/modules/spec/specs.c +index 464b4fb4..b4d2b0f6 100644 +--- a/src/daemon/modules/spec/specs.c ++++ b/src/daemon/modules/spec/specs.c +@@ -188,7 +188,10 @@ static char *do_get_container_cgroup_path(const host_config *host_spec) + } + + if (path == NULL) { +- // third, all faild, just use default '/isulad' ++ // third, all faild, just use default '/isulad' for cgroupfs or "system.slice" for systemd ++ if (conf_get_systemd_cgroup()) { ++ return util_strdup_s("system.slice"); ++ } + path = util_strdup_s("/isulad"); + } + +@@ -2288,6 +2291,23 @@ char *merge_container_cgroups_path(const char *id, const host_config *host_spec) + + path = do_get_container_cgroup_path(host_spec); + ++ if (conf_get_systemd_cgroup()) { ++ // systemd cgroup path has the form of [slice]:[prefix]:[name] ++#define SYSTEMD_CGROUP_PATH_LEN 3 ++ if (!util_has_suffix(path, ".slice")) { ++ ERROR("Invalid cgroup path %s for systemd", path); ++ isulad_set_error_message("Invalid cgroup path %s for systemd", path); ++ return NULL; ++ } ++ ++ // slice must not contain slashes ++ // convert test.slice/test-a.slice/test-a-b.slice to become test-a-b.slice ++ __isula_auto_free char *base = util_path_base(path); ++ const char *isulad_prefix = "isulad"; ++ const char *parts[SYSTEMD_CGROUP_PATH_LEN] = {base, isulad_prefix, id}; ++ return util_string_join(":", parts, SYSTEMD_CGROUP_PATH_LEN); ++ } ++ + return util_path_join(path, id); + } + +-- +2.25.1 + diff --git a/0025-add-ci-cases-for-systemd-cgroup-driver.patch b/0025-add-ci-cases-for-systemd-cgroup-driver.patch new file mode 100644 index 0000000000000000000000000000000000000000..dfbfc18026ccd90f4e32fb7977959dd74989c033 --- /dev/null +++ b/0025-add-ci-cases-for-systemd-cgroup-driver.patch @@ -0,0 +1,219 @@ +From f5f100f5b244be2debebe815aaed3afad8950daf Mon Sep 17 00:00:00 2001 +From: jikai +Date: Tue, 6 Feb 2024 17:33:17 +0800 +Subject: [PATCH 25/26] add ci cases for systemd cgroup driver + +Signed-off-by: jikai +--- + .../container_cases/systemd_cgroup.sh | 80 +++++++++++++++++++ + test/mocks/isulad_config_mock.cc | 8 ++ + test/mocks/isulad_config_mock.h | 1 + + test/specs/specs/specs_ut.cc | 49 ++++++++++++ + 4 files changed, 138 insertions(+) + create mode 100755 CI/test_cases/container_cases/systemd_cgroup.sh + +diff --git a/CI/test_cases/container_cases/systemd_cgroup.sh b/CI/test_cases/container_cases/systemd_cgroup.sh +new file mode 100755 +index 00000000..ac1288e1 +--- /dev/null ++++ b/CI/test_cases/container_cases/systemd_cgroup.sh +@@ -0,0 +1,80 @@ ++#!/bin/bash ++# ++# attributes: isulad systemd cgroup run ++# concurrent: NO ++# spend time: 18 ++ ++####################################################################### ++##- Copyright (c) Huawei Technologies Co., Ltd. 2020. All rights reserved. ++# - iSulad licensed under the Mulan PSL v2. ++# - You can use this software according to the terms and conditions of the Mulan PSL v2. ++# - You may obtain a copy of Mulan PSL v2 at: ++# - http://license.coscl.org.cn/MulanPSL2 ++# - THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR ++# - IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR ++# - PURPOSE. ++# - See the Mulan PSL v2 for more details. ++##- @Description:CI ++##- @Author: jikai ++##- @Create: 2024-02-05 ++####################################################################### ++ ++curr_path=$(dirname $(readlink -f "$0")) ++data_path=$(realpath $curr_path/../data) ++source ../helpers.sh ++ ++function test_systemd_cgroup() ++{ ++ local ret=0 ++ local runtime=$1 ++ local image="busybox" ++ ++ local test="systemd cgroup driver test with (${runtime})=> (${FUNCNAME[@]})" ++ msg_info "${test} starting..." ++ ++ check_valgrind_log ++ [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - stop isulad failed" && ((ret++)) ++ ++ start_isulad_with_valgrind --systemd-cgroup ++ [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - start isulad failed" && ((ret++)) ++ ++ cid1=$(isula run -tid --runtime $runtime -m 10M $image /bin/sh) ++ [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - start container failed" && ((ret++)) ++ cat /sys/fs/cgroup/memory/system.slice/isulad-$cid1.scope/memory.limit_in_bytes | grep ^10485760$ ++ [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - check memory limit failed" && ((ret++)) ++ ++ cid2=$(isula run -tid --runtime $runtime --cgroup-parent /test $image /bin/sh) ++ [[ $? -eq 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - start container failed" && ((ret++)) ++ ++ cid3=$(isula run -tid --runtime $runtime -m 10M --cgroup-parent test-a-b.slice $image /bin/sh) ++ [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - start container failed" && ((ret++)) ++ cat /sys/fs/cgroup/memory/test.slice/test-a.slice/test-a-b.slice/isulad-$cid3.scope/memory.limit_in_bytes | grep ^10485760$ ++ [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - check memory limit failed" && ((ret++)) ++ ++ isula rm -f $cid1 $cid2 $cid3 ++ [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - rm container failed" && ((ret++)) ++ ++ check_valgrind_log ++ [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - stop isulad failed" && ((ret++)) ++ ++ start_isulad_with_valgrind ++ [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - start isulad failed" && ((ret++)) ++ ++ rm -rf $ulimitlog ++ ++ msg_info "${test} finished with return ${ret}..." ++ return ${ret} ++} ++ ++declare -i ans=0 ++ ++for element in ${RUNTIME_LIST[@]}; ++do ++ # lcr does not support systemd cgroup driver ++ if [ "$element" == "lcr" ];then ++ continue ++ fi ++ test_systemd_cgroup $element || ((ans++)) ++done ++ ++show_result ${ans} "${curr_path}/${0}" +diff --git a/test/mocks/isulad_config_mock.cc b/test/mocks/isulad_config_mock.cc +index 7ba4fa57..65b00563 100644 +--- a/test/mocks/isulad_config_mock.cc ++++ b/test/mocks/isulad_config_mock.cc +@@ -210,3 +210,11 @@ char *conf_get_isulad_loglevel(void) + } + return nullptr; + } ++ ++bool conf_get_systemd_cgroup(void) ++{ ++ if (g_isulad_conf_mock != nullptr) { ++ return g_isulad_conf_mock->ConfGetSystemdCgroup(); ++ } ++ return false; ++} +diff --git a/test/mocks/isulad_config_mock.h b/test/mocks/isulad_config_mock.h +index 6793fa51..d59c5938 100644 +--- a/test/mocks/isulad_config_mock.h ++++ b/test/mocks/isulad_config_mock.h +@@ -45,6 +45,7 @@ public: + MOCK_METHOD0(ConfGetSandboxStatePath, char *(void)); + MOCK_METHOD0(ConfGetEngineLogFile, char *(void)); + MOCK_METHOD0(ConfGetIsuladLogLevel, char *(void)); ++ MOCK_METHOD0(ConfGetSystemdCgroup, bool(void)); + }; + + void MockIsuladConf_SetMock(MockIsuladConf *mock); +diff --git a/test/specs/specs/specs_ut.cc b/test/specs/specs/specs_ut.cc +index 47e4ca6e..6c42216d 100644 +--- a/test/specs/specs/specs_ut.cc ++++ b/test/specs/specs/specs_ut.cc +@@ -319,6 +319,7 @@ TEST_F(SpecsUnitTest, test_merge_container_cgroups_path_2) + ASSERT_TRUE(host_spec != nullptr); + + EXPECT_CALL(m_isulad_conf, GetCgroupParent()).WillRepeatedly(Invoke(invoke_conf_get_isulad_cgroup_parent_null)); ++ EXPECT_CALL(m_isulad_conf, ConfGetSystemdCgroup()).WillRepeatedly(Return(false)); + + merged_cp = merge_container_cgroups_path("123", host_spec); + ASSERT_NE(merged_cp, nullptr); +@@ -347,6 +348,7 @@ TEST_F(SpecsUnitTest, test_merge_container_cgroups_path_3) + host_spec->cgroup_parent = util_strdup_s("/test"); + + EXPECT_CALL(m_isulad_conf, GetCgroupParent()).WillRepeatedly(Invoke(invoke_conf_get_isulad_cgroup_parent_null)); ++ EXPECT_CALL(m_isulad_conf, ConfGetSystemdCgroup()).WillRepeatedly(Return(false)); + + merged_cp = merge_container_cgroups_path("123", host_spec); + ASSERT_NE(merged_cp, nullptr); +@@ -373,6 +375,7 @@ TEST_F(SpecsUnitTest, test_merge_container_cgroups_path_4) + ASSERT_TRUE(host_spec != nullptr); + + EXPECT_CALL(m_isulad_conf, GetCgroupParent()).WillRepeatedly(Invoke(invoke_conf_get_isulad_cgroup_parent)); ++ EXPECT_CALL(m_isulad_conf, ConfGetSystemdCgroup()).WillRepeatedly(Return(false)); + + merged_cp = merge_container_cgroups_path("123", host_spec); + ASSERT_NE(merged_cp, nullptr); +@@ -401,6 +404,7 @@ TEST_F(SpecsUnitTest, test_merge_container_cgroups_path_5) + host_spec->cgroup_parent = util_strdup_s("/test"); + + EXPECT_CALL(m_isulad_conf, GetCgroupParent()).WillRepeatedly(Invoke(invoke_conf_get_isulad_cgroup_parent)); ++ EXPECT_CALL(m_isulad_conf, ConfGetSystemdCgroup()).WillRepeatedly(Return(false)); + + merged_cp = merge_container_cgroups_path("123", host_spec); + ASSERT_NE(merged_cp, nullptr); +@@ -414,6 +418,51 @@ TEST_F(SpecsUnitTest, test_merge_container_cgroups_path_5) + testing::Mock::VerifyAndClearExpectations(&m_isulad_conf); + } + ++// systemd cgroup test ++TEST_F(SpecsUnitTest, test_merge_container_cgroups_path_6) ++{ ++ oci_runtime_spec *oci_spec = nullptr; ++ host_config *host_spec = nullptr; ++ char *merged_cp = nullptr; ++ ++ oci_spec = (oci_runtime_spec *)util_common_calloc_s(sizeof(oci_runtime_spec)); ++ ASSERT_TRUE(oci_spec != nullptr); ++ ++ host_spec = (host_config *)util_common_calloc_s(sizeof(host_config)); ++ ASSERT_TRUE(host_spec != nullptr); ++ ++ EXPECT_CALL(m_isulad_conf, GetCgroupParent()).WillRepeatedly(Invoke(invoke_conf_get_isulad_cgroup_parent_null)); ++ EXPECT_CALL(m_isulad_conf, ConfGetSystemdCgroup()).WillRepeatedly(Return(true)); ++ ++ merged_cp = merge_container_cgroups_path("123", host_spec); ++ ASSERT_NE(merged_cp, nullptr); ++ ASSERT_STREQ(merged_cp, "system.slice:isulad:123"); ++ free(merged_cp); ++ ++ host_spec->cgroup_parent = util_strdup_s("/test"); ++ merged_cp = merge_container_cgroups_path("123", host_spec); ++ ASSERT_EQ(merged_cp, nullptr); ++ free(host_spec->cgroup_parent); ++ ++ host_spec->cgroup_parent = util_strdup_s("test.slice"); ++ merged_cp = merge_container_cgroups_path("123", host_spec); ++ ASSERT_NE(merged_cp, nullptr); ++ ASSERT_STREQ(merged_cp, "test.slice:isulad:123"); ++ free(merged_cp); ++ free(host_spec->cgroup_parent); ++ ++ host_spec->cgroup_parent = util_strdup_s("test/test-a/test-a-b.slice"); ++ merged_cp = merge_container_cgroups_path("123", host_spec); ++ ASSERT_NE(merged_cp, nullptr); ++ ASSERT_STREQ(merged_cp, "test-a-b.slice:isulad:123"); ++ ++ free_oci_runtime_spec(oci_spec); ++ free_host_config(host_spec); ++ free(merged_cp); ++ ++ testing::Mock::VerifyAndClearExpectations(&m_isulad_conf); ++} ++ + TEST_F(SpecsUnitTest, test_update_oci_container_cgroups_path) + { + parser_error err = nullptr; +-- +2.25.1 + diff --git a/0026-move-systemd_cgroup-CI-test-to-manual-cases.patch b/0026-move-systemd_cgroup-CI-test-to-manual-cases.patch new file mode 100644 index 0000000000000000000000000000000000000000..7f6b431112fa1b4f7ea36cdce0add627a6a37322 --- /dev/null +++ b/0026-move-systemd_cgroup-CI-test-to-manual-cases.patch @@ -0,0 +1,18 @@ +From b93647205db5c4a5d74fb245c9b1e15ca1ffd3fe Mon Sep 17 00:00:00 2001 +From: jikai +Date: Sat, 16 Mar 2024 09:35:22 +0800 +Subject: [PATCH 26/26] move systemd_cgroup CI test to manual cases + +Signed-off-by: jikai +--- + CI/test_cases/{container_cases => manual_cases}/systemd_cgroup.sh | 0 + 1 file changed, 0 insertions(+), 0 deletions(-) + rename CI/test_cases/{container_cases => manual_cases}/systemd_cgroup.sh (100%) + +diff --git a/CI/test_cases/container_cases/systemd_cgroup.sh b/CI/test_cases/manual_cases/systemd_cgroup.sh +similarity index 100% +rename from CI/test_cases/container_cases/systemd_cgroup.sh +rename to CI/test_cases/manual_cases/systemd_cgroup.sh +-- +2.25.1 + diff --git a/iSulad.spec b/iSulad.spec index 6a4c7b2a00a388c67c851262b31d8a9580c65e64..ab7be07cc31d7ae5ec798c003934aaf706216a54 100644 --- a/iSulad.spec +++ b/iSulad.spec @@ -1,5 +1,5 @@ %global _version 2.1.5 -%global _release 1 +%global _release 2 %global is_systemd 1 %global enable_criv1 1 %global enable_shimv2 1 @@ -21,6 +21,26 @@ Patch0003: 0003-bugfix-for-mount-point-remains-under-special-circums.patch Patch0004: 0004-do-not-cleanup-if-the-directory-does-not-exist.patch Patch0005: 0005-module-only-deletes-the-temporary-files-it-creates.patch Patch0006: 0006-skip-devmapper-ut.patch +Patch0007: 0007-update-annotations-and-add-ci-cases.patch +Patch0008: 0008-bug-fix-for-device-cgroup-ulimt-oci-update.patch +Patch0009: 0009-improve-dt-for-oci-spec-update.patch +Patch0010: 0010-open-run-container-with-dev-volume-testcase.patch +Patch0011: 0011-add-cpu-usage-nano-cores-for-sandbox.patch +Patch0012: 0012-sleep-some-time-in-ServiceWorkThread-to-prevent-the-.patch +Patch0013: 0013-restore-name-for-rename-failed.patch +Patch0014: 0014-2371-Allow-iSulad-to-pull-load-image-with-symlink.patch +Patch0015: 0015-Replace-http-parser-dependency-with-lcr.patch +Patch0016: 0016-add-more-detailed-log-information-for-load-sandbox.patch +Patch0017: 0017-bugfix-for-the-concurrency-competition-between-the-r.patch +Patch0018: 0018-add-concurrent-load-test.patch +Patch0019: 0019-get-the-realpath-of-the-host-path-for-archive-when-c.patch +Patch0020: 0020-bugfix-for-wrong-goto-branch.patch +Patch0021: 0021-bugfix-for-wrong-dynamic-allocation-object-type.patch +Patch0022: 0022-add-swap-usage-in-cri.patch +Patch0023: 0023-add-benchmark-result-of-perf-test-in-cri.patch +Patch0024: 0024-add-support-for-systemd-cgroup-driver.patch +Patch0025: 0025-add-ci-cases-for-systemd-cgroup-driver.patch +Patch0026: 0026-move-systemd_cgroup-CI-test-to-manual-cases.patch %ifarch x86_64 aarch64 Provides: libhttpclient.so()(64bit) @@ -55,7 +75,6 @@ BuildRequires: libisula-devel > %{lcrver_lower} libisula-devel < %{lcrver_upper} BuildRequires: cmake gcc-c++ yajl-devel BuildRequires: grpc grpc-plugins grpc-devel protobuf-devel ncurses-devel BuildRequires: libcurl libcurl-devel libarchive-devel device-mapper-devel -BuildRequires: http-parser-devel BuildRequires: libseccomp-devel libcap-devel libselinux-devel libwebsockets libwebsockets-devel BuildRequires: systemd-devel git BuildRequires: libevhtp-devel libevent-devel @@ -68,7 +87,7 @@ Requires: libisula > %{lcrver_lower} libisula < %{lcrver_upper} Requires: lcr > %{lcrver_lower} lcr < %{lcrver_upper} Requires: grpc protobuf Requires: libcurl -Requires: http-parser libseccomp +Requires: libseccomp Requires: libcap libselinux libwebsockets libarchive device-mapper Requires: systemd Requires: (docker-runc or runc) @@ -277,6 +296,12 @@ fi %endif %changelog +* Tue Mar 19 2024 zhongtao - 2.1.5-2 +- Type: update +- ID: NA +- SUG: NA +- DESC: upgrade from upstream + * Tue Jan 30 2024 zhongtao - 2.1.5-1 - Type: update - ID: NA