Latest shimv2 publishes an event to containerd used ttrpc instead
of using containerd binary, thus shimv2 shouldn't call `os.Exit` to
terminate the shim's life, but close the context on shutdown so that
events and other resources have hit the `defer`s.
Fixes:#1731
Signed-off-by: lifupan <lifupan@gmail.com>
Kubelet would cleanup the pod cgroup resources and kill the processes
in the pod cgroups when it detected all of the containers in a pod exited,
thus shimv2 should close the hypervisor process once the podsandbox container
exited, otherwise, the hypervisor process would be killed by kubelet and
made shimv2 failed to shutdown the sandbox.
Fixes:#1672
Signed-off-by: lifupan <lifupan@gmail.com>
```
//the network namespace created by cni plugin
netns, err = namespaces.NamespaceRequired(ctx)
if err != nil {
return nil, errors.Wrap(err, "create namespace")
}
```
the netns is a containerd namespace concept, it not netns, event a cni
set netns for this, this is a tricky way, so remove the logic.
Fixes: #1692
Signed-off-by: Ace-Tang <aceapril@126.com>
According to CRI specs, kubelet will call StopPodSandbox()
at least once before calling RemovePodSandbox, and this call
is idempotent, and must not return an error if all relevant
resources have already been reclaimed. And in that call it will
send a SIGKILL signal first to try to stop the container, thus
once the container has terminated, here should ignore this signal
and return directly.
Fixes:#1672
Signed-off-by: lifupan <lifupan@gmail.com>
This latest ttrpc vendor supports the feature of request timeout propgation.
this feature will do context cancel after a service call return, and this cancel
will propagated into kata sandbox's agent/hypervisor and resulted in the following
calls canceled. To fix this issue, pass the service's context instead of the service's
call's context to CreateSandbox(), and this context will live until the shim exited.
Fixes:#1627
Signed-off-by: lifupan <lifupan@gmail.com>
Latest containerd commit<c0f0b21314b93a1> had moved the
step of creating rootfs dir from creating bundle to container
creation; in order to support both of the old and latest
containerd, check the "rootfs" existed before creating it.
Fixes:#1652
Signed-off-by: lifupan <lifupan@gmail.com>
in wait function, should send msg to exit channel after task status has
updated, since shim.Wait() is running in another goroutine, when it
receive msg from exit channel, it will stop waiting and return, then
someone who hold this Wait() get return, it can delete task, if exit msg
is send first, the container status may still be running.
Fixes: #1600
Signed-off-by: Ace-Tang <aceapril@126.com>
This reverts commit 196661bc0d.
Reverting because cri-o with devicemapper started
to fail after this commit was merged.
Fixes: #1574.
Signed-off-by: Salvador Fuentes <salvador.fuentes@intel.com>
We can use the same data structure to describe both of them.
So that we can handle them similarly.
Fixes: #1566
Signed-off-by: Peng Tao <bergwolf@hyper.sh>
containerd checks for the grpc error code to determine
correct recover action upon grpc errors. We need to provide
them properly.
Unfortunately ttrpc doesn't support grpc interceptor so we have
to modify every service function for it.
Fixes: #1527
Signed-off-by: Peng Tao <bergwolf@hyper.sh>
There is no need to send another SIGKILL signal following
SIGTERM signal, otherwise, sending the SIGKILL signal would
get failed since the container process would has been terminated
by the previous SIGTERM signal.
Fixes:#1493
Signed-off-by: lifupan <lifupan@gmail.com>
When the container's rootfs is block storage backed such as devmapper,
shimv2 will not mount it on the host, instead it insert it into hypervisor
as a block device directly.
If kata's config set "disable_block_device_use" as true, it will mount
the rootfs onto host as before.
Fixes:#1158
Signed-off-by: lifupan <lifupan@gmail.com>
gometalinter is deprecated and will be archived April '19. The
suggestion is to switch to golangci-lint which is apparently 5x faster
than gometalinter.
Partially Fixes: #1377
Signed-off-by: Ganesh Maharaj Mahalingam <ganesh.mahalingam@intel.com>
containerd/cri's different runtime handlers can pass different
config files to shimv2 by a generic runtime options, by this kata
can launch the pods using different VMM for different runtime handlers.
Fixes:#1082
Signed-off-by: Fupan Li <lifupan@gmail.com>
Because the runtime v2 runs as a RPC server, the caller will at some
point use the Shutdown() API to shut down the server. Because this
will cause the server to exit, the caller cannot expect any valid
answer when calling this. That's why we cannot afford stopping and
deleting the sandbox from this function.
Instead, we move sandbox.Stop() and sandbox.Delete() to a more
appropriate API, the Delete() one.
Fixes#1150
Signed-off-by: Sebastien Boeuf <sebastien.boeuf@intel.com>
We can now remove all the sandbox shared types and convert the rest of
the code to using the new internal types package.
This commit includes virtcontainers, cli and containerd-shim changes in
one atomic change in order to not break bisect'ibility.
Fixes: #1095
Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
If the env KATA_CONF_FILE was set, shimv2 will use it as the
kata configure file, otherwise, it will try to find it from
/etc and /usr/share directory.
Fixes: #1091
Signed-off-by: fupan <lifupan@gmail.com>
containerd would like to get the shim's socket
address from shimv2's stdout, thus it's better
to discard the log's output before shimv2 init
it's logger and at the same time add a hook to
log into syslog.
Fixes: #1035
Signed-off-by: Fupan Li <lifupan@gmail.com>
Add the Kill api support to send signal to a given
container process.
Signed-off-by: ZeroMagic <anthonyliu@zju.edu.cn>
Signed-off-by: fupan.li <lifupan@gmail.com>
Add the Cleanup api support to cleanup the pod and
containers running in it when the pod's corresponding
shim died.
Signed-off-by: fupan <lifupan@gmail.com>
