From 2dd859bfce29ed7fc4643bb8206331d7b5f4b8e8 Mon Sep 17 00:00:00 2001 From: "fupan.lfp" Date: Wed, 24 Feb 2021 13:26:05 +0800 Subject: [PATCH 1/2] shimv2: return the hypervisor's pid as the container pid Since the kata's hypervisor process is in the network namespace, which is close to container's process, and some host metrics such as cadvisor can use this pid to access the network namespace to get some network metrics. Thus this commit replace the shim's pid with the hypervisor's pid. Fixes: #1451 Signed-off-by: fupan.lfp (backport https://github.com/kata-containers/kata-containers/pull/1452) Signed-off-by: Francesco Giudici --- src/runtime/containerd-shim-v2/create.go | 6 +++++ src/runtime/containerd-shim-v2/service.go | 31 +++++++++++++---------- src/runtime/virtcontainers/interfaces.go | 1 + src/runtime/virtcontainers/sandbox.go | 10 ++++++++ 4 files changed, 34 insertions(+), 14 deletions(-) diff --git a/src/runtime/containerd-shim-v2/create.go b/src/runtime/containerd-shim-v2/create.go index 87fddcba7..02e028b0a 100644 --- a/src/runtime/containerd-shim-v2/create.go +++ b/src/runtime/containerd-shim-v2/create.go @@ -87,6 +87,12 @@ func create(ctx context.Context, s *service, r *taskAPI.CreateTaskRequest) (*con return nil, err } s.sandbox = sandbox + pid, err := s.sandbox.GetHypervisorPid() + if err != nil { + return nil, err + } + s.hpid = uint32(pid) + go s.startManagementServer(ctx, ociSpec) case vc.PodContainer: diff --git a/src/runtime/containerd-shim-v2/service.go b/src/runtime/containerd-shim-v2/service.go index 27b799159..95498ac23 100644 --- a/src/runtime/containerd-shim-v2/service.go +++ b/src/runtime/containerd-shim-v2/service.go @@ -113,9 +113,12 @@ type service struct { mu sync.Mutex eventSendMu sync.Mutex - // pid Since this shimv2 cannot get the container processes pid from VM, - // thus for the returned values needed pid, just return this shim's + // hypervisor pid, Since this shimv2 cannot get the container processes pid from VM, + // thus for the returned values needed pid, just return the hypervisor's // pid directly. + hpid uint32 + + // shim's pid pid uint32 ctx context.Context @@ -370,11 +373,11 @@ func (s *service) Create(ctx context.Context, r *taskAPI.CreateTaskRequest) (_ * Terminal: r.Terminal, }, Checkpoint: r.Checkpoint, - Pid: s.pid, + Pid: s.hpid, }) return &taskAPI.CreateTaskResponse{ - Pid: s.pid, + Pid: s.hpid, }, nil } @@ -406,7 +409,7 @@ func (s *service) Start(ctx context.Context, r *taskAPI.StartRequest) (_ *taskAP } s.send(&eventstypes.TaskStart{ ContainerID: c.id, - Pid: s.pid, + Pid: s.hpid, }) } else { //start an exec @@ -417,12 +420,12 @@ func (s *service) Start(ctx context.Context, r *taskAPI.StartRequest) (_ *taskAP s.send(&eventstypes.TaskExecStarted{ ContainerID: c.id, ExecID: r.ExecID, - Pid: s.pid, + Pid: s.hpid, }) } return &taskAPI.StartResponse{ - Pid: s.pid, + Pid: s.hpid, }, nil } @@ -449,7 +452,7 @@ func (s *service) Delete(ctx context.Context, r *taskAPI.DeleteRequest) (_ *task s.send(&eventstypes.TaskDelete{ ContainerID: c.id, - Pid: s.pid, + Pid: s.hpid, ExitStatus: c.exit, ExitedAt: c.exitTime, }) @@ -457,7 +460,7 @@ func (s *service) Delete(ctx context.Context, r *taskAPI.DeleteRequest) (_ *task return &taskAPI.DeleteResponse{ ExitStatus: c.exit, ExitedAt: c.exitTime, - Pid: s.pid, + Pid: s.hpid, }, nil } //deal with the exec case @@ -471,7 +474,7 @@ func (s *service) Delete(ctx context.Context, r *taskAPI.DeleteRequest) (_ *task return &taskAPI.DeleteResponse{ ExitStatus: uint32(execs.exitCode), ExitedAt: execs.exitTime, - Pid: s.pid, + Pid: s.hpid, }, nil } @@ -566,7 +569,7 @@ func (s *service) State(ctx context.Context, r *taskAPI.StateRequest) (_ *taskAP return &taskAPI.StateResponse{ ID: c.id, Bundle: c.bundle, - Pid: s.pid, + Pid: s.hpid, Status: c.status, Stdin: c.stdin, Stdout: c.stdout, @@ -585,7 +588,7 @@ func (s *service) State(ctx context.Context, r *taskAPI.StateRequest) (_ *taskAP return &taskAPI.StateResponse{ ID: execs.id, Bundle: c.bundle, - Pid: s.pid, + Pid: s.hpid, Status: execs.status, Stdin: execs.tty.stdin, Stdout: execs.tty.stdout, @@ -735,7 +738,7 @@ func (s *service) Pids(ctx context.Context, r *taskAPI.PidsRequest) (_ *taskAPI. }() pInfo := task.ProcessInfo{ - Pid: s.pid, + Pid: s.hpid, } processes = append(processes, &pInfo) @@ -807,7 +810,7 @@ func (s *service) Connect(ctx context.Context, r *taskAPI.ConnectRequest) (_ *ta return &taskAPI.ConnectResponse{ ShimPid: s.pid, //Since kata cannot get the container's pid in VM, thus only return the shim's pid. - TaskPid: s.pid, + TaskPid: s.hpid, }, nil } diff --git a/src/runtime/virtcontainers/interfaces.go b/src/runtime/virtcontainers/interfaces.go index 365c329db..d729db41c 100644 --- a/src/runtime/virtcontainers/interfaces.go +++ b/src/runtime/virtcontainers/interfaces.go @@ -72,6 +72,7 @@ type VCSandbox interface { ListRoutes() ([]*pbTypes.Route, error) GetOOMEvent() (string, error) + GetHypervisorPid() (int, error) UpdateRuntimeMetrics() error GetAgentMetrics() (string, error) diff --git a/src/runtime/virtcontainers/sandbox.go b/src/runtime/virtcontainers/sandbox.go index cfa4cec8d..2fb2e6af3 100644 --- a/src/runtime/virtcontainers/sandbox.go +++ b/src/runtime/virtcontainers/sandbox.go @@ -246,6 +246,16 @@ func (s *Sandbox) GetNetNs() string { return s.networkNS.NetNsPath } +// GetHypervisorPid returns the hypervisor's pid. +func (s *Sandbox) GetHypervisorPid() (int, error) { + pids := s.hypervisor.getPids() + if len(pids) == 0 || pids[0] == 0 { + return -1, fmt.Errorf("Invalid hypervisor PID: %+v", pids) + } + + return pids[0], nil +} + // GetAllContainers returns all containers. func (s *Sandbox) GetAllContainers() []VCContainer { ifa := make([]VCContainer, len(s.containers)) From d87076eea592a79557b55f08b062415ebda45fa2 Mon Sep 17 00:00:00 2001 From: bin Date: Tue, 9 Mar 2021 17:41:44 +0800 Subject: [PATCH 2/2] runtime: return hypervisor Pid in TaskExit event Other RPC calls return Pid of hypervisor, the TaskExit should return the same Pid. Fixes: #1497 Signed-off-by: bin (backport https://github.com/kata-containers/kata-containers/pull/1498) Signed-off-by: Francesco Giudici [ fix missing GetHypervisorPid method in MockSandbox ] Signed-off-by: Peng Tao --- src/runtime/containerd-shim-v2/utils.go | 2 +- src/runtime/virtcontainers/pkg/vcmock/sandbox.go | 4 ++++ 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/src/runtime/containerd-shim-v2/utils.go b/src/runtime/containerd-shim-v2/utils.go index 95adb93fa..4618a4981 100644 --- a/src/runtime/containerd-shim-v2/utils.go +++ b/src/runtime/containerd-shim-v2/utils.go @@ -24,7 +24,7 @@ import ( func cReap(s *service, status int, id, execid string, exitat time.Time) { s.ec <- exit{ timestamp: exitat, - pid: s.pid, + pid: s.hpid, status: status, id: id, execid: execid, diff --git a/src/runtime/virtcontainers/pkg/vcmock/sandbox.go b/src/runtime/virtcontainers/pkg/vcmock/sandbox.go index 727fed7af..95ae2afe4 100644 --- a/src/runtime/virtcontainers/pkg/vcmock/sandbox.go +++ b/src/runtime/virtcontainers/pkg/vcmock/sandbox.go @@ -254,3 +254,7 @@ func (s *Sandbox) GetAgentURL() (string, error) { } return "", nil } + +func (s *Sandbox) GetHypervisorPid() (int, error) { + return 0, nil +}