0007-update-annotations-and-add-ci-cases.patch


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174

From ed4b71b2027a6e9fdf15931fe93aa9e0bb3dc79d Mon Sep 17 00:00:00 2001
From: leizhongkai <leizhongkai@huawei.com>
Date: Wed, 31 Jan 2024 18:17:52 +0800
Subject: [PATCH 07/43] update annotations and add ci cases

Signed-off-by: leizhongkai <leizhongkai@huawei.com>
---
 .../container_cases/dev_cgroup_rule.sh        | 24 +++++++++++
 src/daemon/modules/api/specs_api.h            |  2 +
 .../modules/service/service_container.c       | 18 +++++++-
 src/daemon/modules/spec/specs.c               | 41 ++++++++++++++++++-
 4 files changed, 82 insertions(+), 3 deletions(-)

diff --git a/CI/test_cases/container_cases/dev_cgroup_rule.sh b/CI/test_cases/container_cases/dev_cgroup_rule.sh
index 839a546c..5616d37a 100755
--- a/CI/test_cases/container_cases/dev_cgroup_rule.sh
+++ b/CI/test_cases/container_cases/dev_cgroup_rule.sh
@@ -29,6 +29,9 @@ function test_cpu_dev_cgoup_rule_spec()
     local image="busybox"
     local test="container device cgroup rule test with (${runtime}) => (${FUNCNAME[@]})"
     local test_dev="/dev/testA"
+    local default_config="/etc/default/isulad/config.json"
+    local default_config_bak="/etc/default/isulad/config.json.bak"
+    local test_cgroup_parent="/testABC"
 
     msg_info "${test} starting..."
 
@@ -54,6 +57,27 @@ function test_cpu_dev_cgoup_rule_spec()
     [[ $? -ne 0 ]] && [[ $cnt -le $priv_minor_88_cnt ]] && msg_err "${FUNCNAME[0]}:${LINENO} - check device minor failed" && ((ret++))
     isula rm -f $priv_cid
 
+    def_cid=$(isula run -tid --runtime $runtime -m 10m $image /bin/sh)
+    [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - run container failed" && ((ret++))
+    cp $default_config $default_config_bak
+    sed -i '/"linux": {/a \ \t\t"devices": [\n\t\t{\n\t\t\t"type": "c",\n\t\t\t"path": "\/dev\/testABC",\n\t\t\t"major": 88,\n\t\t\t"minor": 88\n\t\t}\n\t\t],' $default_config
+    stop_isulad_without_valgrind
+    start_isulad_with_valgrind --cgroup-parent $test_cgroup_parent
+    [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - start isulad failed" && ((ret++))
+    isula restart -t 0 $def_cid
+    [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - restart container failed" && ((ret++))
+    cat /sys/fs/cgroup/memory/$test_cgroup_parent/$def_cid/memory.limit_in_bytes | grep ^10485760$
+    [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - --cgroup-parent cannot work" && ((ret++))
+    cnt=$(cat ${RUNTIME_ROOT_PATH}/${runtime}/$def_cid/config.json | grep "major\": 88" | wc -l)
+    [[ $? -ne 0 ]]&& [[ $cnt -ne 2 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - check device major failed" && ((ret++))
+    cnt=$(cat ${RUNTIME_ROOT_PATH}/${runtime}/$def_cid/config.json | grep "minor\": 88" | wc -l)
+    [[ $? -ne 0 ]] && [[ $cnt -ne 2 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - check device minor failed" && ((ret++))
+    isula rm -f $def_cid
+    cp $default_config_bak $default_config
+    stop_isulad_without_valgrind
+    start_isulad_with_valgrind
+    [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - start isulad failed" && ((ret++))
+
     cid=$(isula run -tid --device "$test_dev:$test_dev" --runtime $runtime $image /bin/sh)
     [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - run container failed" && ((ret++))
     cnt=$(cat ${RUNTIME_ROOT_PATH}/${runtime}/$cid/config.json | grep "major\": 88" | wc -l)
diff --git a/src/daemon/modules/api/specs_api.h b/src/daemon/modules/api/specs_api.h
index 7c904614..f5f6ad8b 100644
--- a/src/daemon/modules/api/specs_api.h
+++ b/src/daemon/modules/api/specs_api.h
@@ -41,6 +41,8 @@ int merge_share_namespace(oci_runtime_spec *oci_spec, const host_config *host_sp
                           const container_config_v2_common_config *v2_spec,
                           const container_network_settings *network_settings);
 
+int update_spec_annotations(oci_runtime_spec *oci_spec, container_config *container_spec, host_config *host_spec);
+
 oci_runtime_spec *load_oci_config(const char *rootpath, const char *name);
 
 oci_runtime_spec *default_spec(bool system_container);
diff --git a/src/daemon/modules/service/service_container.c b/src/daemon/modules/service/service_container.c
index 97f73768..239783b8 100644
--- a/src/daemon/modules/service/service_container.c
+++ b/src/daemon/modules/service/service_container.c
@@ -691,11 +691,18 @@ out:
     epoll_loop_close(&descr);
 }
 
-static int do_oci_spec_update(const char *id, oci_runtime_spec *oci_spec, host_config *hostconfig)
+static int do_oci_spec_update(const char *id, oci_runtime_spec *oci_spec, container_config *container_spec, host_config *hostconfig)
 {
     __isula_auto_free char *cgroup_parent = NULL;
     int ret;
 
+    // First renew annotations for oci spec, cgroup path, rootfs.mount, native.mask
+    // for iSulad daemon might get updated
+    ret = update_spec_annotations(oci_spec, container_spec, hostconfig);
+    if (ret < 0) {
+        return -1;
+    }
+
     // If isulad daemon cgroup parent updated, we should update this config into oci spec
     cgroup_parent = merge_container_cgroups_path(id, hostconfig);
     if (cgroup_parent == NULL) {
@@ -802,13 +809,20 @@ static int do_start_container(container_t *cont, const char *console_fifos[], bo
     }
 
     // Update possible changes
-    nret = do_oci_spec_update(id, oci_spec, cont->hostconfig);
+    nret = do_oci_spec_update(id, oci_spec, cont->common_config->config, cont->hostconfig);
     if (nret != 0) {
         ERROR("Failed to update possible changes for oci spec");
         ret = -1;
         goto close_exit_fd;
     }
 
+    nret = container_to_disk(cont);
+    if (nret != 0) {
+        ERROR("Failed to save container info to disk");
+        ret = -1;
+        goto close_exit_fd;
+    }
+
     nret = setup_ipc_dirs(cont->hostconfig, cont->common_config);
     if (nret != 0) {
         ERROR("Failed to setup ipc dirs");
diff --git a/src/daemon/modules/spec/specs.c b/src/daemon/modules/spec/specs.c
index cc49d85f..62e340b1 100644
--- a/src/daemon/modules/spec/specs.c
+++ b/src/daemon/modules/spec/specs.c
@@ -385,6 +385,44 @@ out:
     return ret;
 }
 
+int update_spec_annotations(oci_runtime_spec *oci_spec, container_config *container_spec, host_config *host_spec)
+{
+    int ret = 0;
+    if (oci_spec == NULL || container_spec == NULL || host_spec == NULL) {
+        return -1;
+    }
+
+    ret = make_sure_container_spec_annotations(container_spec);
+    if (ret < 0) {
+        return -1;
+    }
+
+    ret = make_annotations_cgroup_dir(container_spec, host_spec);
+    if (ret != 0) {
+        return -1;
+    }
+
+    /* add rootfs.mount */
+    ret = add_rootfs_mount(container_spec);
+    if (ret != 0) {
+        ERROR("Failed to add rootfs mount");
+        return -1;
+    }
+
+    /* add native.umask */
+    ret = add_native_umask(container_spec);
+    if (ret != 0) {
+        ERROR("Failed to add native umask");
+        return -1;
+    }
+
+    if (merge_annotations(oci_spec, container_spec)) {
+        return -1;
+    }
+
+    return 0;
+}
+
 static int make_sure_oci_spec_root(oci_runtime_spec *oci_spec)
 {
     if (oci_spec->root == NULL) {
@@ -2501,4 +2539,5 @@ int spec_module_init(void)
         return -1;
     }
     return 0;
-}
\ No newline at end of file
+}
+
-- 
2.34.1