From 345c9f2b37ed2192af40554ae3d80484bdebae08 Mon Sep 17 00:00:00 2001 From: Kenfe-Mickael Laventure Date: Mon, 24 Apr 2017 14:55:08 -0700 Subject: [PATCH 1/2] Delay io closure until process exit This helps ensuring that a client reconnecting to the FIFOs won't get stuck if the container process happenned to have close both its stdout and stderr descriptors. Signed-off-by: Kenfe-Mickael Laventure --- containerd-shim/process.go | 1 + containerd-shim/process_linux.go | 27 +++++++++++++++++++-------- 2 files changed, 20 insertions(+), 8 deletions(-) diff --git a/containerd-shim/process.go b/containerd-shim/process.go index 6fb0a9b..f94ae5d 100644 --- a/containerd-shim/process.go +++ b/containerd-shim/process.go @@ -64,6 +64,7 @@ type process struct { consolePath string state *processState runtime string + ioCleanupFn func() } func newProcess(id, bundle, runtimeName string) (*process, error) { diff --git a/containerd-shim/process_linux.go b/containerd-shim/process_linux.go index 37b7d3f..69bc942 100644 --- a/containerd-shim/process_linux.go +++ b/containerd-shim/process_linux.go @@ -59,11 +59,13 @@ func (p *process) openIO() error { return err } p.Add(1) - go func() { - io.Copy(stdoutw, master) + p.ioCleanupFn = func() { master.Close() stdoutr.Close() stdoutw.Close() + } + go func() { + io.Copy(stdoutw, master) p.Done() }() return nil @@ -74,6 +76,7 @@ func (p *process) openIO() error { } p.shimIO = i // non-tty + ioClosers := make([]io.Closer, 0) for _, pair := range []struct { name string dest func(wc io.WriteCloser, rc io.Closer) @@ -85,8 +88,6 @@ func (p *process) openIO() error { go func() { io.Copy(wc, i.Stdout) p.Done() - wc.Close() - rc.Close() }() }, }, @@ -97,8 +98,6 @@ func (p *process) openIO() error { go func() { io.Copy(wc, i.Stderr) p.Done() - wc.Close() - rc.Close() }() }, }, @@ -112,21 +111,33 @@ func (p *process) openIO() error { return fmt.Errorf("containerd-shim: opening %s failed: %s", pair.name, err) } pair.dest(fw, fr) + ioClosers = append(ioClosers, fw, fr) } f, err := fifo.OpenFifo(ctx, p.state.Stdin, syscall.O_RDONLY, 0) if err != nil { return fmt.Errorf("containerd-shim: opening %s failed: %s", p.state.Stdin, err) } + ioClosers = append(ioClosers, i.Stdin, f) + p.ioCleanupFn = func() { + for _, c := range ioClosers { + c.Close() + } + } go func() { io.Copy(i.Stdin, f) - i.Stdin.Close() - f.Close() }() return nil } +func (p *process) Wait() { + p.WaitGroup.Wait() + if p.ioCleanupFn != nil { + p.ioCleanupFn() + } +} + func (p *process) killAll() error { if !p.state.Exec { cmd := exec.Command(p.runtime, append(p.state.RuntimeArgs, "kill", "--all", p.id, "SIGKILL")...) From fbc69f71a1a58b21c4b8cd113177eff2e6898ad3 Mon Sep 17 00:00:00 2001 From: Kenfe-Mickael Laventure Date: Mon, 24 Apr 2017 15:11:57 -0700 Subject: [PATCH 2/2] Add travis support for branch v0.2.x Signed-off-by: Kenfe-Mickael Laventure --- .travis.yml | 31 +++++++++++++++++++++++++++++++ Makefile | 6 ++++++ hack/install-runc.sh | 10 ++++++++++ hack/install-seccomp.sh | 17 +++++++++++++++++ 4 files changed, 64 insertions(+) create mode 100644 .travis.yml create mode 100755 hack/install-runc.sh create mode 100755 hack/install-seccomp.sh diff --git a/.travis.yml b/.travis.yml new file mode 100644 index 0000000..4af8ad5 --- /dev/null +++ b/.travis.yml @@ -0,0 +1,31 @@ +dist: trusty +sudo: required + +language: go + +go: + - 1.8.x + - tip + +go_import_path: github.com/containerd/containerd + +addons: + apt: + packages: + - apparmor + - libapparmor-dev + - curl + +env: + - SECCOMP_VERSION=2.3.1 RUNC_COMMIT=51371867a01c467f08af739783b8beafc154c4d7 + +install: + - hack/install-seccomp.sh + - hack/install-runc.sh + - go get -u github.com/golang/lint/golint + +script: + - make all + - sudo make install + - sudo -E env "PATH=$PATH" "GOPATH=$GOPATH" make test + - sudo -E env "PATH=$PATH" "GOPATH=$GOPATH" make integration-test diff --git a/Makefile b/Makefile index 4d9c57d..c822bf7 100644 --- a/Makefile +++ b/Makefile @@ -29,6 +29,8 @@ DOCKER_RUN := docker run --privileged --rm -i $(DOCKER_FLAGS) "$(DOCKER_IMAGE)" export GOPATH:=$(CURDIR)/vendor:$(GOPATH) +.PHONY: integration-test + all: client daemon shim static: client-static daemon-static shim-static @@ -94,6 +96,10 @@ ifneq ($(wildcard /.dockerenv), ) go test -check.v -check.timeout=$(TEST_TIMEOUT) $(TESTFLAGS) timeout=$(TEST_SUITE_TIMEOUT) github.com/containerd/containerd/integration-test endif +integration-test: + cd integration-test ; \ +go test -check.v -check.timeout=$(TEST_TIMEOUT) $(TESTFLAGS) timeout=$(TEST_SUITE_TIMEOUT) github.com/containerd/containerd/integration-test + bench: shim validate install bundles-rootfs go test -bench=. -v $(shell go list ./... | grep -v /vendor | grep -v /integration-test) -runtime=$(RUNTIME) diff --git a/hack/install-runc.sh b/hack/install-runc.sh new file mode 100755 index 0000000..9d8d692 --- /dev/null +++ b/hack/install-runc.sh @@ -0,0 +1,10 @@ +#!/bin/bash + +set -e + +export GOPATH="$(mktemp -d)" +git clone git://github.com/docker/runc.git "$GOPATH/src/github.com/opencontainers/runc" +cd "$GOPATH/src/github.com/opencontainers/runc" +git checkout -q "$RUNC_COMMIT" +make BUILDTAGS="seccomp apparmor selinux" +sudo make install diff --git a/hack/install-seccomp.sh b/hack/install-seccomp.sh new file mode 100755 index 0000000..75a52af --- /dev/null +++ b/hack/install-seccomp.sh @@ -0,0 +1,17 @@ +#!/bin/bash + +set -e +set -x + +export SECCOMP_PATH="$(mktemp -d)" + +curl -fsSL "https://github.com/seccomp/libseccomp/releases/download/v${SECCOMP_VERSION}/libseccomp-${SECCOMP_VERSION}.tar.gz" \ + | tar -xzC "$SECCOMP_PATH" --strip-components=1 +( + cd "$SECCOMP_PATH" + ./configure --prefix=/usr/local + make + sudo make install + sudo ldconfig +) +rm -rf "$SECCOMP_PATH"