From 9710c4f5691007ada3bb06f1a20aacdeaa2107a9 Mon Sep 17 00:00:00 2001 From: dongyuzhen Date: Tue, 18 Mar 2025 11:29:12 +0800 Subject: [PATCH] sync patches from upstream (cherry picked from commit fbe976fb84b8937c7f0ed4caba0f216b3e11c3aa) --- ...work_ready-from-metadata-to-state-fo.patch | 80 ++++++++++++++++ ...en-create-failed-to-be-consisent-wit.patch | 91 +++++++++++++++++++ iSulad.spec | 10 +- 3 files changed, 180 insertions(+), 1 deletion(-) create mode 100644 0199-move-sandbox-network_ready-from-metadata-to-state-fo.patch create mode 100644 0200-clean-sandbox-when-create-failed-to-be-consisent-wit.patch diff --git a/0199-move-sandbox-network_ready-from-metadata-to-state-fo.patch b/0199-move-sandbox-network_ready-from-metadata-to-state-fo.patch new file mode 100644 index 0000000..9f96200 --- /dev/null +++ b/0199-move-sandbox-network_ready-from-metadata-to-state-fo.patch @@ -0,0 +1,80 @@ +From c61807c0f18022117fc02889b42d87ec19e9d1e9 Mon Sep 17 00:00:00 2001 +From: zhongtao +Date: Sat, 22 Feb 2025 10:38:59 +1400 +Subject: [PATCH 1/2] move sandbox network_ready from metadata to state for + save optimization + +Signed-off-by: zhongtao +--- + src/daemon/sandbox/sandbox.cc | 12 ++++++++++-- + 1 file changed, 10 insertions(+), 2 deletions(-) + +diff --git a/src/daemon/sandbox/sandbox.cc b/src/daemon/sandbox/sandbox.cc +index b97c0bc6..33d7f63f 100644 +--- a/src/daemon/sandbox/sandbox.cc ++++ b/src/daemon/sandbox/sandbox.cc +@@ -431,7 +431,11 @@ auto Sandbox::UpdateStatsInfo(const StatsInfo &info) -> StatsInfo + + void Sandbox::SetNetworkReady(bool ready) + { ++ Errors tmp_error; + m_networkReady = ready; ++ if (!SaveState(tmp_error)) { ++ ERROR("Failed to save sandbox state, %s for %s", m_id.c_str(), tmp_error.GetMessage().c_str()); ++ } + } + + auto Sandbox::Save(Errors &error) -> bool +@@ -504,6 +508,8 @@ auto Sandbox::Load(Errors &error) -> bool + return true; + } + ++// no need to save state after recovery ++// when restarting isulad, the status will be updated again and wait sandbox + void Sandbox::OnSandboxReady() + { + WriteGuard lock(m_stateMutex); +@@ -514,6 +520,8 @@ void Sandbox::OnSandboxReady() + m_state.status = SANDBOX_STATUS_RUNNING; + } + ++// no need to save intermediate state ++// when restarting isulad, the status will be updated again and wait sandbox + void Sandbox::OnSandboxPending() + { + WriteGuard lock(m_stateMutex); +@@ -842,6 +850,7 @@ auto Sandbox::SaveState(Errors &error) -> bool + state.pid = m_state.pid; + state.status = m_state.status; + state.updated_at = m_state.updatedAt; ++ state.network_ready = m_networkReady; + + stateJson = GenerateSandboxStateJson(&state); + if (stateJson.length() == 0) { +@@ -953,6 +962,7 @@ auto Sandbox::LoadState(Errors &error) -> bool + m_state.createdAt = state->get()->created_at; + m_state.updatedAt = state->get()->updated_at; + m_state.status = (SandboxStatus)state->get()->status; ++ m_networkReady = state->get()->network_ready; + + return true; + } +@@ -1005,7 +1015,6 @@ auto Sandbox::LoadMetadata(Errors &error) -> bool + m_runtimeInfo.sandboxer = std::string(metadata->get()->runtime_info->sandboxer); + m_runtimeInfo.runtimeHandler = std::string(metadata->get()->runtime_info->runtime_handler); + m_netMode = std::string(metadata->get()->net_mode); +- m_networkReady = metadata->get()->network_ready; + m_taskAddress = std::string(metadata->get()->task_address); + m_netNsPath = std::string(metadata->get()->net_ns_path); + +@@ -1125,7 +1134,6 @@ void Sandbox::FillSandboxMetadata(sandbox_metadata* metadata, Errors &error) + metadata->runtime_info->runtime_handler = util_strdup_s(m_runtimeInfo.runtimeHandler.c_str()); + + metadata->net_mode = util_strdup_s(m_netMode.c_str()); +- metadata->network_ready = m_networkReady; + metadata->task_address = util_strdup_s(m_taskAddress.c_str()); + metadata->net_ns_path = util_strdup_s(m_netNsPath.c_str()); + +-- +2.43.0 + diff --git a/0200-clean-sandbox-when-create-failed-to-be-consisent-wit.patch b/0200-clean-sandbox-when-create-failed-to-be-consisent-wit.patch new file mode 100644 index 0000000..e3783b4 --- /dev/null +++ b/0200-clean-sandbox-when-create-failed-to-be-consisent-wit.patch @@ -0,0 +1,91 @@ +From e980d889e5af64219cbb1bf7ec4ebaa14c05588a Mon Sep 17 00:00:00 2001 +From: zhongtao +Date: Mon, 24 Feb 2025 15:10:28 +1400 +Subject: [PATCH 2/2] clean sandbox when create failed to be consisent with CRI + v1alpha + +Signed-off-by: zhongtao +--- + .../v1/v1_cri_pod_sandbox_manager_service.cc | 25 +++++++++++++++++-- + 1 file changed, 23 insertions(+), 2 deletions(-) + +diff --git a/src/daemon/entry/cri/v1/v1_cri_pod_sandbox_manager_service.cc b/src/daemon/entry/cri/v1/v1_cri_pod_sandbox_manager_service.cc +index fd87e90b..35f968e8 100644 +--- a/src/daemon/entry/cri/v1/v1_cri_pod_sandbox_manager_service.cc ++++ b/src/daemon/entry/cri/v1/v1_cri_pod_sandbox_manager_service.cc +@@ -324,12 +324,14 @@ void PodSandboxManagerService::StartPodSandboxAndSetupNetowrk(std::shared_ptrCreate(error); + if (error.NotEmpty()) { + ERROR("Failed to create sandbox: %s", sandboxName.c_str()); +- return; ++ // clean_sandbox to be consisent with CRI v1alpha ++ goto cleanup_sandbox; + } + + msg.container_id = sandbox->GetId().c_str(); +@@ -380,15 +382,21 @@ void PodSandboxManagerService::StartPodSandboxAndSetupNetowrk(std::shared_ptrGetId(), 0, stopError); + WARN("Error stop container: %s: %s", sandbox->GetId().c_str(), stopError.GetCMessage()); ++ return; ++cleanup_sandbox: ++ sandbox::SandboxManager::GetInstance()->DeleteSandbox(sandbox->GetId(), error); ++ if (error.NotEmpty()) { ++ WARN("Error remove container: %s: %s", sandbox->GetId().c_str(), error.GetCMessage()); ++ } + } + + void PodSandboxManagerService::SetupNetowrkAndStartPodSandbox(std::shared_ptr sandbox, std::string &sandboxName, std::string &networkMode, Errors &error) + { + cri_container_message_t msg = { 0 }; + std::string network_setting_json; ++ bool clean_sandbox = true; + + // Step 8.1.1: Setup networking for the sandbox. + // Setup sandbox network before create sandbox since the remote create might fail for sandbox +@@ -404,6 +412,8 @@ void PodSandboxManagerService::SetupNetowrkAndStartPodSandbox(std::shared_ptrGetId().c_str(); + msg.sandbox_id = sandbox->GetId().c_str(); + msg.type = CRI_CONTAINER_MESSAGE_TYPE_CREATED; +@@ -438,6 +448,13 @@ cleanup_network: + return; + } + } ++ if (clean_sandbox) { ++ sandbox::SandboxManager::GetInstance()->DeleteSandbox(sandbox->GetId(), error); ++ if (error.NotEmpty()) { ++ WARN("Error remove sanbox: %s: %s", sandbox->GetId().c_str(), error.GetCMessage()); ++ } ++ } ++ + } + + auto PodSandboxManagerService::RunPodSandbox(const runtime::v1::PodSandboxConfig &config, +@@ -517,6 +534,10 @@ auto PodSandboxManagerService::RunPodSandbox(const runtime::v1::PodSandboxConfig + sandbox->Save(error); + if (error.NotEmpty()) { + ERROR("Failed to save sandbox, %s", sandboxName.c_str()); ++ sandbox::SandboxManager::GetInstance()->DeleteSandbox(sandbox->GetId(), error); ++ if (error.NotEmpty()) { ++ WARN("Error remove sanbox: %s: %s", sandbox->GetId().c_str(), error.GetCMessage()); ++ } + goto clean_ns; + } + +-- +2.43.0 + diff --git a/iSulad.spec b/iSulad.spec index 8ac119c..c3bdf56 100644 --- a/iSulad.spec +++ b/iSulad.spec @@ -1,5 +1,5 @@ %global _version 2.1.5 -%global _release 20 +%global _release 21 %global is_systemd 1 %global enable_criv1 1 %global enable_cdi 1 @@ -219,6 +219,8 @@ Patch0195: 0195-Add-some-unit-tests-for-sandbox-and-shim-controller.patch Patch0196: 0196-add-remove-pod-in-cri-stats.patch Patch0197: 0197-coco-support-confidential-containers.patch Patch0198: 0198-isolate-isula-search-ut-in-registry_images_ut.patch +Patch0199: 0199-move-sandbox-network_ready-from-metadata-to-state-fo.patch +Patch0200: 0200-clean-sandbox-when-create-failed-to-be-consisent-wit.patch %ifarch x86_64 aarch64 Provides: libhttpclient.so()(64bit) @@ -480,6 +482,12 @@ fi %endif %changelog +* Tue Mar 18 2025 dongyuzhen - 2.1.5-21 +- Type:enhancement +- CVE:NA +- SUG:NA +- DESC:sync patches from upstream + * Wed Feb 19 2025 liuxu - 2.1.5-20 - Type: update - ID: NA -- Gitee