Merge pull request #671 from bergwolf/kata-shim

enable kata shim

Author: laijs

Gopkg.lock

@@ -982,6 +982,11 @@ func (h *jsonBasedHyperstart) ExecProcess(container, process string, user *runva
 }
 
 func (h *jsonBasedHyperstart) SignalProcess(container, process string, signal syscall.Signal) error {
+	// Kata agent API requires process == "" to kill all processes in a container
+	// Convert it back to hyperstart semantics.
+	if process == "" {
+		process = "init"
+	}
 	if h.vmAPIVersion <= 4242 {
 		if process == "init" {
 			return h.hyperstartCommand(hyperstartapi.INIT_KILLCONTAINER, hyperstartapi.KillCommand{

agent/hyperstart.go

@@ -253,6 +253,10 @@ func (kata *kataAgent) ExecProcess(container, process string, user *runvapi.User
 }
 
 func (kata *kataAgent) SignalProcess(container, process string, signal syscall.Signal) error {
+	// Kata Agent uses empty ExecId to signal all processes of a container
+	if process == "init" {
+		process = ""
+	}
 	_, err := kata.agent.SignalProcess(context.Background(), &kagenta.SignalProcessRequest{
 		ContainerId: container,
 		ExecId:      process,

agent/kata.go

@@ -19,17 +19,19 @@ import (
 	"github.com/opencontainers/runtime-spec/specs-go"
 )
 
-func startContainer(vm *hypervisor.Vm, root, container string, spec *specs.Spec, state *State) error {
+func startContainer(vm *hypervisor.Vm, root, container string, spec *specs.Spec, state *State, signalShim bool) error {
 	err := vm.StartContainer(container)
 	if err != nil {
 		glog.V(1).Infof("Start Container fail: fail to start container with err: %#v", err)
 		return err
 	}
 
-	err = syscall.Kill(state.Pid, syscall.SIGUSR1)
-	if err != nil {
-		glog.V(1).Infof("failed to notify the shim to work", err.Error())
-		return err
+	if signalShim {
+		err = syscall.Kill(state.Pid, syscall.SIGUSR1)
+		if err != nil {
+			glog.V(1).Infof("failed to notify the shim to work", err.Error())
+			return err
+		}
 	}
 
 	glog.V(3).Infof("change the status of container %s to `running`", container)

cli/container.go

@@ -67,6 +67,15 @@ func createFakeBridge() {
 	}
 }
 
+func validateInterface(infos []InterfaceInfo) bool {
+	for _, info := range infos {
+		if len(info.Ip) == 0 || len(info.Mac) == 0 || len(info.Name) == 0 {
+			return false
+		}
+	}
+	return true
+}
+
 func initSandboxNetwork(vm *hypervisor.Vm, enc *gob.Encoder, dec *gob.Decoder, pid int) error {
 	/* send collect netns request to nsListener */
 	if err := enc.Encode("init"); err != nil {
@@ -99,6 +108,11 @@ func initSandboxNetwork(vm *hypervisor.Vm, enc *gob.Encoder, dec *gob.Decoder, p
 	createFakeBridge()
 
 	glog.V(3).Infof("interface configuration for sandbox ns is %#v", infos)
+	if !validateInterface(infos) {
+		glog.V(1).Infof("interface not configured")
+		return nil
+	}
+
 	mirredPairs := []tcMirredPair{}
 	for _, info := range infos {
 		nicId := strconv.Itoa(info.Index)

cli/network.go

@@ -0,0 +1,30 @@
+package main
+
+import (
+	"fmt"
+	"runtime"
+
+	"github.com/containernetworking/plugins/pkg/ns"
+)
+
+func nsSetRun(nsPid int, cb func() error) error {
+	runtime.LockOSThread()
+	defer runtime.UnlockOSThread()
+
+	curr, err := ns.GetCurrentNS()
+	if err != nil {
+		return err
+	}
+	defer curr.Close()
+
+	target, err := ns.GetNS(fmt.Sprintf("/proc/%d/ns/net", nsPid))
+	if err != nil {
+		return err
+	}
+	if err = target.Set(); err != nil {
+		return err
+	}
+	defer curr.Set()
+
+	return cb()
+}

cli/nsset.go

@@ -7,6 +7,7 @@ import (
 	"os/exec"
 	"os/signal"
 	"path/filepath"
+	"strings"
 	"sync"
 	"syscall"
 
@@ -20,6 +21,8 @@ import (
 	"github.com/urfave/cli"
 )
 
+const KataShimBinary = "/usr/libexec/kata-containers/kata-shim"
+
 var shimCommand = cli.Command{
 	Name:     "shim",
 	Usage:    "[internal command] proxy operations(io, signal ...) to the container/process",
@@ -153,13 +156,45 @@ func forwardAllSignals(h agent.SandboxAgent, container, process string) chan os.
 	return sigc
 }
 
-func createShim(options runvOptions, container, process string, spec *specs.Process) (*os.Process, error) {
+func prepareKataShim(options runvOptions, container, process string, terminal bool) (string, []string, error) {
+	args := []string{"kata-shim"}
+	if options.GlobalBool("debug") {
+		args = append(args, "--log", "debug")
+	}
+	agentAddr := filepath.Join(options.GlobalString("root"), container, "sandbox", "kata-agent.sock")
+	args = append(args, "--agent", agentAddr, "--container", container, "--exec-id", process)
+	if terminal {
+		args = append(args, "--terminal")
+	}
+
+	return KataShimBinary, args, nil
+}
+
+func prepareRunvShim(options runvOptions, container, process string, terminal bool) (string, []string, error) {
 	path, err := osext.Executable()
 	if err != nil {
-		return nil, fmt.Errorf("cannot find self executable path for %s: %v", os.Args[0], err)
+		return "", nil, fmt.Errorf("cannot find self executable path for %s: %v", os.Args[0], err)
 	}
 
+	args := []string{"runv", "--root", options.GlobalString("root")}
+	if options.GlobalString("log_dir") != "" {
+		args = append(args, "--log_dir", filepath.Join(options.GlobalString("log_dir"), "shim-"+container))
+	}
+	if options.GlobalBool("debug") {
+		args = append(args, "--debug")
+	}
+	args = append(args, "shim", "--container", container, "--process", process)
+	args = append(args, "--proxy-stdio", "--proxy-exit-code", "--proxy-signal")
+	if terminal {
+		args = append(args, "--proxy-winsize")
+	}
+
+	return path, args, nil
+}
+
+func createShim(options runvOptions, container, process string, spec *specs.Process) (*os.Process, error) {
 	var ptymaster, tty *os.File
+	var err error
 	if options.String("console") != "" {
 		tty, err = os.OpenFile(options.String("console"), os.O_RDWR, 0)
 		if err != nil {
@@ -176,18 +211,19 @@ func createShim(options runvOptions, container, process string, spec *specs.Proc
 		ptymaster.Close()
 	}
 
-	args := []string{"runv", "--root", options.GlobalString("root")}
-	if options.GlobalString("log_dir") != "" {
-		args = append(args, "--log_dir", filepath.Join(options.GlobalString("log_dir"), "shim-"+container))
-	}
-	if options.GlobalBool("debug") {
-		args = append(args, "--debug")
+	var (
+		path string
+		args []string
+	)
+	if options.GlobalString("agent") != "kata" {
+		path, args, err = prepareRunvShim(options, container, process, spec.Terminal)
+	} else {
+		path, args, err = prepareKataShim(options, container, process, spec.Terminal)
 	}
-	args = append(args, "shim", "--container", container, "--process", process)
-	args = append(args, "--proxy-stdio", "--proxy-exit-code", "--proxy-signal")
-	if spec.Terminal {
-		args = append(args, "--proxy-winsize")
+	if err != nil {
+		return nil, err
 	}
+	glog.V(3).Infof("starting shim with args %s", strings.Join(args, " "))
 
 	cmd := exec.Cmd{
 		Path: path,
@@ -198,11 +234,7 @@ func createShim(options runvOptions, container, process string, spec *specs.Proc
 			Setsid:  tty != nil || !options.attach,
 		},
 	}
-	if options.withContainer == nil {
-		cmd.SysProcAttr.Cloneflags = syscall.CLONE_NEWNET
-	} else {
-		cmd.Env = append(os.Environ(), fmt.Sprintf("_RUNVNETNSPID=%d", options.withContainer.Pid))
-	}
+
 	if tty == nil {
 		// inherit stdio/tty
 		cmd.Stdin = os.Stdin
@@ -215,7 +247,12 @@ func createShim(options runvOptions, container, process string, spec *specs.Proc
 		cmd.Stderr = tty
 	}
 
-	err = cmd.Start()
+	if options.withContainer == nil {
+		cmd.SysProcAttr.Cloneflags = syscall.CLONE_NEWNET
+		err = cmd.Start()
+	} else {
+		err = nsSetRun(options.withContainer.Pid, cmd.Start)
+	}
 	if err != nil {
 		return nil, err
 	}