From 4d6b19d0b65a6b00dcd97f6dfc5e94e6ed04c0e4 Mon Sep 17 00:00:00 2001 From: yangjiaqi Date: Fri, 2 Feb 2024 15:33:18 +0800 Subject: [PATCH] lxcfs-tools: support lxcfs reliability for docker Signed-off-by: yangjiaqi (cherry picked from commit eecc0385429807f331fd5eb79c8823f240e22166) --- ...ls-support-lxcfs-reliability-for-doc.patch | 175 ++++++ ...-test-add-tests-for-docker-and-lxcfs.patch | 536 ++++++++++++++++++ lxcfs-tools.spec | 12 +- 3 files changed, 721 insertions(+), 2 deletions(-) create mode 100644 0006-lxcfs-tools-support-lxcfs-reliability-for-doc.patch create mode 100644 0007-test-add-tests-for-docker-and-lxcfs.patch diff --git a/0006-lxcfs-tools-support-lxcfs-reliability-for-doc.patch b/0006-lxcfs-tools-support-lxcfs-reliability-for-doc.patch new file mode 100644 index 0000000..3e18ace --- /dev/null +++ b/0006-lxcfs-tools-support-lxcfs-reliability-for-doc.patch @@ -0,0 +1,175 @@ +From 3b181aba17cbb414249703bcbada4d36170de212 Mon Sep 17 00:00:00 2001 +From: Song Zhang +Date: Wed, 6 Dec 2023 20:21:43 +0800 +Subject: [PATCH] [Huawei]lxcfs-tools: support lxcfs reliability for docker + containers + +Signed-off-by: Song Zhang +--- + libmount/container_work.go | 29 ++++++++++++------------- + remountcmd.go | 43 +++++++++++++++++++++++++++++++++++--- + umountcmd.go | 4 +++- + 3 files changed, 58 insertions(+), 18 deletions(-) + +diff --git a/libmount/container_work.go b/libmount/container_work.go +index f10a547..e1cb5ac 100644 +--- a/libmount/container_work.go ++++ b/libmount/container_work.go +@@ -26,7 +26,7 @@ import ( + ) + + var ( +- lxcfsPath = "/var/lib/lxc/lxcfs/cgroup" ++ lxcfsPath = "/var/lib/lxc/lxcfs/cgroup" + ) + + func init() { +@@ -99,13 +99,13 @@ func doMount(pipe *os.File) error { + return err + } + +- // remount lxcfs cgroup path readonly +- if err := syscall.Mount(mount.Rootfs+lxcfsPath, mount.Rootfs+lxcfsPath, "none", syscall.MS_BIND, ""); err != nil { +- return err +- } +- if err := syscall.Mount(mount.Rootfs+lxcfsPath, mount.Rootfs+lxcfsPath, "none", syscall.MS_BIND|syscall.MS_REMOUNT|syscall.MS_RDONLY, ""); err != nil { +- return err +- } ++ // remount lxcfs cgroup path readonly ++ if err := syscall.Mount(mount.Rootfs+lxcfsPath, mount.Rootfs+lxcfsPath, "none", syscall.MS_BIND, ""); err != nil { ++ return err ++ } ++ if err := syscall.Mount(mount.Rootfs+lxcfsPath, mount.Rootfs+lxcfsPath, "none", syscall.MS_BIND|syscall.MS_REMOUNT|syscall.MS_RDONLY, ""); err != nil { ++ return err ++ } + for i := 0; i < len(mount.SrcPaths) && i < len(mount.DestPaths); i++ { + if err := syscall.Mount(mount.SrcPaths[i], mount.DestPaths[i], "none", syscall.MS_BIND, ""); err != nil { + return err +@@ -121,15 +121,16 @@ func doUmount(pipe *os.File) error { + } + for i := 0; i < len(umount.Paths); i++ { + if err := syscall.Unmount(umount.Paths[i], syscall.MNT_DETACH); err != nil { +- if !strings.Contains(err.Error(), "invalid argument") { ++ if !strings.Contains(err.Error(), "invalid argument") && ++ !strings.Contains(err.Error(), "no such file or directory") { + return err + } + } + } +- if err := syscall.Unmount(lxcfsPath, 0); err != nil { +- if !strings.Contains(err.Error(), "invalid argument") { +- return err +- } +- } ++ if err := syscall.Unmount(lxcfsPath, 0); err != nil { ++ if !strings.Contains(err.Error(), "invalid argument") { ++ return err ++ } ++ } + return nil + } +diff --git a/remountcmd.go b/remountcmd.go +index 868d423..55a2599 100644 +--- a/remountcmd.go ++++ b/remountcmd.go +@@ -22,6 +22,8 @@ import ( + "lxcfs-tools/libmount" + "os" + "os/exec" ++ "encoding/json" ++ "strconv" + "strings" + "sync" + "syscall" +@@ -213,11 +215,45 @@ func remountAll(initMountns, initUserns string) error { + return nil + } + ++var ( ++ runcStateDir = "/run/docker/runtime-runc/moby" ++) ++ ++type runcState struct { ++ Id string `json:"id"` ++ Pid int `json:"pid"` ++} ++ ++func getRuncContainerIDAndPid() ([]string, error) { ++ out, err := execCommond("runc", []string{"--root", runcStateDir, "list", "--format", "json"}) ++ if err != nil { ++ return nil ,err ++ } ++ if out[0] == "" { ++ return out, nil ++ } ++ // get runc states ++ var states []runcState ++ var res []string ++ if err = json.Unmarshal([]byte(out[0]), &states); err != nil { ++ return nil, err ++ } ++ for _, st := range states { ++ res = append(res, st.Id+" "+strconv.Itoa(st.Pid)) ++ } ++ return res, nil ++} ++ + func getContainerIDAndPid() ([]string, error) { + var ( + out []string + err error + ) ++ ++ if _, err := exec.LookPath("isula"); err != nil { ++ return getRuncContainerIDAndPid() ++ } ++ + for i := 0; i < 10; i++ { + out, err = execCommond("isula", []string{"ps", "--format", "{{.ID}} {{.Pid}}"}) + if err == nil { +@@ -262,6 +298,9 @@ func remountToContainer(initMountns, initUserns, containerid string, pid string, + valueMountPaths = append(valueMountPaths, fmt.Sprintf("/var/lib/lxc/lxcfs/proc/%s", value.Name())) + } + ++ valuePaths = append(valuePaths, "/sys/devices/system/cpu") ++ valueMountPaths = append(valueMountPaths, "/var/lib/lxc/lxcfs/sys/devices/system/cpu") ++ + if err := libmount.NsExecUmount(pid, valuePaths); err != nil { + lxcfs_log.Errorf("unmount %v for container error: %v", valuePaths, err) + } +@@ -298,9 +337,7 @@ func isContainerExsit(containerid string) (string, error) { + + func execCommond(command string, params []string) ([]string, error) { + cmd := exec.Command(command, params...) +- res := []string{ +- " ", +- } ++ res := []string{} + lxcfs_log.Info("exec cmd :", cmd.Args) + + stdout, err := cmd.StdoutPipe() +diff --git a/umountcmd.go b/umountcmd.go +index 8fd08ea..b988e21 100644 +--- a/umountcmd.go ++++ b/umountcmd.go +@@ -85,7 +85,7 @@ var umountContainer = cli.Command{ + + func umountAll(initMountns, initUserns string) error { + lxcfs_log.Info("begin umount All runing container...") +- out, err := execCommond("isula", []string{"ps", "--format", "{{.ID}} {{.Pid}}"}) ++ out, err := getContainerIDAndPid() + if err != nil { + return err + } +@@ -148,6 +148,8 @@ func umountForContainer(initMountns, initUserns, containerid string, pid string, + valuePaths = append(valuePaths, fmt.Sprintf("/proc/%s", value.Name())) + } + ++ valuePaths = append(valuePaths, "/sys/devices/system/cpu") ++ + if err := libmount.NsExecUmount(pid, valuePaths); err != nil { + lxcfs_log.Errorf("unmount %v for container %s error: %v", valuePaths, containerid, err) + return err +-- +2.33.0 + diff --git a/0007-test-add-tests-for-docker-and-lxcfs.patch b/0007-test-add-tests-for-docker-and-lxcfs.patch new file mode 100644 index 0000000..71a867d --- /dev/null +++ b/0007-test-add-tests-for-docker-and-lxcfs.patch @@ -0,0 +1,536 @@ +From 69730a8687a8e56aad46b9b4f309af1c3df6ed06 Mon Sep 17 00:00:00 2001 +From: yangjiaqi +Date: Thu, 25 Jan 2024 15:28:20 +0800 +Subject: [PATCH] test: add tests for docker and lxcfs + +Signed-off-by: yangjiaqi +--- + Makefile | 5 +- + remountcmd_test.go | 7 +- + tests/lib/commonlib.sh | 224 +++++++++++++++++++++++++++++++++ + tests/run_test.sh | 43 +++++++ + tests/src/test_docker_lxcfs.sh | 65 ++++++++++ + umountcmd_test.go | 61 +++++++-- + 6 files changed, 394 insertions(+), 11 deletions(-) + create mode 100644 tests/lib/commonlib.sh + create mode 100755 tests/run_test.sh + create mode 100755 tests/src/test_docker_lxcfs.sh + +diff --git a/Makefile b/Makefile +index cceab41..a55688b 100644 +--- a/Makefile ++++ b/Makefile +@@ -42,11 +42,14 @@ lxcfs-hook: $(SOURCES) | $(DEPS_LINK) + ${ENV} go build -buildmode=pie -mod=vendor -tags ${TAGS} -ldflags ${GO_LDFLAGS} -o build/lxcfs-hook ./hooks/lxcfs-hook + @echo "Done!" + +-tests: ++tests: funtests + @echo "Checking lxcfs-tools" + ${ENV} go test -mod=vendor -tags ${TAGS} -p 1 -v ./... -coverprofile=cover.out + @echo "Done!" + ++funtests: ++ bash tests/run_test.sh ++ + clean: + rm -rf build + +diff --git a/remountcmd_test.go b/remountcmd_test.go +index 106ac5e..aeb83ea 100644 +--- a/remountcmd_test.go ++++ b/remountcmd_test.go +@@ -66,12 +66,17 @@ func TestRemountAll(t *testing.T) { + } + defer recoveriSulad() + ++ if !tryMoveRunc() { ++ return ++ } ++ defer recoverRunc() ++ + tests := []struct { + name, initMountns, initUserns string + wantErr bool + }{ + { +- name: "TC1-absent of isulad", ++ name: "TC1-absent of container tools", + initMountns: "1", + initUserns: "5", + wantErr: true, +diff --git a/tests/lib/commonlib.sh b/tests/lib/commonlib.sh +new file mode 100644 +index 0000000..2ff4776 +--- /dev/null ++++ b/tests/lib/commonlib.sh +@@ -0,0 +1,224 @@ ++#!/bin/bash ++### ++ # Copyright (c) Huawei Technologies Co., Ltd. 2021-2024. All rights reserved. ++ # rubik licensed under the Mulan PSL v2. ++ # You can use this software according to the terms and conditions of the Mulan PSL v2. ++ # You may obtain a copy of Mulan PSL v2 at: ++ # http://license.coscl.org.cn/MulanPSL2 ++ # THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR ++ # IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR ++ # PURPOSE. ++ # See the Mulan PSL v2 for more details. ++ # Date: 2024-01-24 ++ # Description: This file is common functions file ++### ++ ++current_dir="$(dirname "$(realpath "$0")")" ++project_dir="$current_dir/../.." ++build_dir="$project_dir/build" ++exit_flag=0 ++tools_bak_name="/usr/local/bin/lxcfs-tools.test.bak" ++ ++function echoTxt() { ++ TXT="[$(date "+%Y-%m-%d-%H-%M-%S")]$1" ++ COLOR=$2 ++ if [ "${COLOR}" = "red" ]; then ++ echo -e "${color_red}${TXT}${color_reset}" ++ elif [ "${COLOR}" = "green" ]; then ++ echo -e "${color_green}${TXT}${color_reset}" ++ elif [ "${COLOR}" = "yellow" ]; then ++ echo -e "${color_yellow}${TXT}${color_reset}" ++ else ++ echo "${TXT}" ++ fi ++} ++ ++function tsm_error() { ++ txt_str=$1 ++ echoTxt "$txt_str" red ++} ++ ++function tsm_info() { ++ txt_str=$1 ++ echoTxt "$txt_str" green ++} ++ ++# 检查是否安装了docker和lxcfs rpm包 ++function check_packages() { ++ if ! rpm -q docker-engine >/dev/null 2>&1; then ++ echo "docker-engine is not installed, trying to install..." ++ if ! yum install -y docker-engine >/dev/null 2>&1; then ++ echo "Failed to install Docker, skip test cases" ++ exit 0 ++ fi ++ fi ++ ++ if ! rpm -q lxcfs >/dev/null 2>&1; then ++ echo "LXCFS is not installed, trying to install..." ++ if ! yum install -y lxcfs >/dev/null 2>&1; then ++ echo "Failed to install LXCFS, skip test cases" ++ exit 0 ++ fi ++ fi ++} ++ ++# 检查服务是否可用 ++function check_service() { ++ if ! systemctl is-active $1 >/dev/null 2>&1; then ++ echo "$1 is not running, trying to start..." ++ if ! systemctl start $1 >/dev/null 2>&1; then ++ echo "Failed to start $1, cannot run test cases" ++ exit 0 ++ fi ++ fi ++ ++ if ! systemctl is-active $1 >/dev/null 2>&1; then ++ echo "$1 is not running, cannot run test cases" ++ exit 0 ++ fi ++} ++ ++# 检查lxcfs-tools是否可用 ++function check_lxcfs_tools() { ++ if [ ! -f "$build_dir"/lxcfs-tools ]; then ++ echo "lxcfs-tools binary not found, compiling..." ++ cd "$project_dir" ++ make || { echo "$project_dir Compilation failed"; exit 0; } ++ fi ++ ++ if [ ! "$build_dir"/lxcfs-tools ]; then ++ echo "lxcfs-tools binary still not found, something went wrong" ++ exit 0 ++ fi ++ ++ # 检查 /usr/local/bin/ 目录下是否存在 lxcfs-tools 二进制 ++ if [ -f /usr/local/bin/lxcfs-tools ]; then ++ # 存在,则将其重命名为 lxcfs-tools.bak ++ mv /usr/local/bin/lxcfs-tools "${tools_bak_name}" ++ fi ++ ++ # 将 build 目录下的 lxcfs-tools 二进制拷贝到 /usr/local/bin/ 目录 ++ cp "$build_dir"/lxcfs-tools /usr/local/bin/ ++ ++} ++ ++function ensure_docker_image_exists() { ++ local image_name="$1" ++ ++ # 检查镜像是否存在 ++ if ! docker inspect "$image_name" &> /dev/null; then ++ echo "镜像 $image_name 不存在,开始拉取镜像..." ++ docker pull "$image_name" ++ ++ # 再次检查镜像是否存在 ++ if ! docker inspect "$image_name" &> /dev/null; then ++ echo "拉取镜像失败,退出进程" ++ exit 0 ++ fi ++ fi ++} ++ ++##################################################################### ++ ++# $1:result $2 expect result ++# $1 equal $2 ++############################################################# ++ ++function fn_check_result() { ++ if [ "$1" = "$2" ]; then ++ tsm_info "PASS:return $1 as expected!($3)" ++ else ++ tsm_error "FAILED:return $1 not as expected $2!($3)" ++ ((exit_flag++)) ++ fi ++} ++ ++# wait untill the state of container turns to the specified one ++# $1:container ID/container name ++# $2:the expected state ++ ++############################################################# ++ ++function WaitInspect() { ++ container=$1 ++ expect_state=$2 ++ result="FAIL" ++ if [ $# -lt 2 ]; then ++ tsm_error "FAILED: take at lease 2 input parameters" ++ ((exit_flag++)) ++ return 1 ++ fi ++ for ((i = 0; i < 30; i++)); do ++ current_state=$(docker inspect -f '{{.State.Status}}' "$container") ++ if [ "$current_state" == "$expect_state" ]; then ++ result="PASS" ++ break ++ else ++ sleep 1 ++ fi ++ done ++ if [ "$result" == "PASS" ]; then ++ tsm_info "PASS:return $current_state as expected!($3)" ++ return 0 ++ else ++ tsm_error "FAILED:return $current_state not as expected!($3)" ++ ((exit_flag++)) ++ return 1 ++ fi ++} ++ ++function wait_service_lxcfs_running() { ++ local reTry=${1:-30} ++ local lxcfs_status ++ local i ++ for i in $(seq "${reTry}"); do ++ lxcfs_status=$(systemctl status lxcfs | awk -F "[()]" '/Active/{print $2}') ++ if [[ "${lxcfs_status}" == "running" ]]; then ++ return 0 ++ fi ++ sleep 1 ++ done ++ return 1 ++} ++ ++function restart_lxcfs() { ++ local ret i ++ for i in $(seq 10); do ++ systemctl restart lxcfs ++ wait_service_lxcfs_running ++ ret=$? ++ [[ "$ret" -eq 0 ]] && break ++ done ++ return "$ret" ++} ++ ++function stop_services() { ++ systemctl stop docker ++ systemctl stop lxcfs ++ ++ # 等待服务停止 ++ for i in {1..10}; do ++ if [[ $(systemctl is-active docker) == "inactive" && $(systemctl is-active lxcfs) == "inactive" ]]; then ++ echo "Services stopped successfully" ++ return 0 ++ fi ++ sleep 1 ++ done ++ ++ echo "Timeout waiting for services to stop" ++ return 0 ++} ++ ++function clean_env() { ++ rm -rf /usr/local/bin/lxcfs-tools ++ if [ -f "${tools_bak_name}" ]; then ++ # 存在,则将其重命名为 lxcfs-tools ++ mv "${tools_bak_name}" /usr/local/bin/lxcfs-tools ++ fi ++ docker rm -f `docker ps -aq` > /dev/null ++ stop_services ++} ++ ++ ++ ++ +diff --git a/tests/run_test.sh b/tests/run_test.sh +new file mode 100755 +index 0000000..6339a70 +--- /dev/null ++++ b/tests/run_test.sh +@@ -0,0 +1,43 @@ ++#!/bin/bash ++### ++ # Copyright (c) Huawei Technologies Co., Ltd. 2021-2023. All rights reserved. ++ # rubik licensed under the Mulan PSL v2. ++ # You can use this software according to the terms and conditions of the Mulan PSL v2. ++ # You may obtain a copy of Mulan PSL v2 at: ++ # http://license.coscl.org.cn/MulanPSL2 ++ # THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR ++ # IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR ++ # PURPOSE. ++ # See the Mulan PSL v2 for more details. ++ # Date: 2024-01-25 ++ # Description: This file is used for running testcases ++### ++ ++current_dir="$(cd "$(dirname "$0")" && pwd)" ++src_dir="$current_dir/src" ++log_dir="$current_dir/logs" ++fail_cnt=0 ++mkdir -p "$log_dir" ++ ++for script in "$src_dir"/*.sh; do ++ script_name=$(basename "$script") ++ log_file="${log_dir}/${script_name%.sh}-$(date +%Y-%m-%d-%H-%M-%S).log" ++ echo "Running $script_name..." ++ bash -x "$script" > "$log_file" 2>&1 ++ exit_code=$? ++ ++ if [ $exit_code -eq 0 ]; then ++ echo "$(date '+%Y-%m-%d %H:%M:%S') $script_name succeeded" | tee -a "$log_file" ++ else ++ cat ${log_file} ++ echo "$(date '+%Y-%m-%d %H:%M:%S') $script_name failed with exit code $exit_code" | tee -a "$log_file" ++ fail_cnt=$((fail_cnt+1)) ++ fi ++done ++ ++rm -rf "$log_dir" ++ ++if [ $fail_cnt -ne 0 ]; then ++ echo "There were $fail_cnt failed test cases." ++ exit 1 ++fi +diff --git a/tests/src/test_docker_lxcfs.sh b/tests/src/test_docker_lxcfs.sh +new file mode 100755 +index 0000000..bf260d8 +--- /dev/null ++++ b/tests/src/test_docker_lxcfs.sh +@@ -0,0 +1,65 @@ ++### ++ # Copyright (c) Huawei Technologies Co., Ltd. 2021-2024. All rights reserved. ++ # rubik licensed under the Mulan PSL v2. ++ # You can use this software according to the terms and conditions of the Mulan PSL v2. ++ # You may obtain a copy of Mulan PSL v2 at: ++ # http://license.coscl.org.cn/MulanPSL2 ++ # THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR ++ # IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR ++ # PURPOSE. ++ # See the Mulan PSL v2 for more details. ++ # Author: Jiaqi Yang ++ # Date: 2024-01-24 ++ # Description: This file is used for testing docker with lxcfs ++### ++ ++current_dir="$(cd "$(dirname "$0")" && pwd)" ++lib_dir="${current_dir}"/../lib ++image_name="rnd-dockerhub.huawei.com/official/ubuntu:latest" ++con_name="test" ++source "${lib_dir}"/commonlib.sh ++ ++function pre() { ++ check_packages ++ check_service docker ++ check_service lxcfs ++ check_lxcfs_tools ++ ensure_docker_image_exists "$image_name" ++ docker rm -f "${con_name}" > /dev/null ++} ++ ++function test_fun() { ++ cid=`docker run -itd --cpuset-cpus="0-1" -m 256m -v /var/lib/lxc:/var/lib/lxc:slave \ ++ -v /var/lib/lxc/lxcfs/proc/cpuinfo:/proc/cpuinfo:rw \ ++ -v /var/lib/lxc/lxcfs/proc/meminfo:/proc/meminfo:rw \ ++ -v /var/lib/lxc/lxcfs/proc/stat:/proc/stat:rw \ ++ -v /var/lib/lxc/lxcfs/sys/devices/system/cpu:/sys/devices/system/cpu:rw \ ++ --name ${con_name} ${image_name} /bin/bash` ++ ++ WaitInspect $cid running ++ ++ docker exec -it ${con_name} bash -c "free -h" | grep Mem | grep 256 ++ fn_check_result $? 0 "check meminfo" ++ ++ restart_lxcfs ++ fn_check_result $? 0 "restart lxcfs" ++ ++ docker exec -it ${con_name} bash -c "free -h" | grep Mem | grep 256 ++ fn_check_result $? 0 "check meminfo" ++ ++ docker exec -it test bash -c "cat /proc/cpuinfo | grep processor | wc -l | grep 2" ++ fn_check_result $? 0 "check cpuinfo" ++ ++ docker exec -it test bash -c "cat /proc/stat | grep cpu | wc -l | grep 3" ++ fn_check_result $? 0 "check stat" ++} ++ ++function main() { ++ pre ++ echo "All services are ready, running test cases..." ++ test_fun ++ clean_env ++ exit $exit_flag ++} ++ ++main +diff --git a/umountcmd_test.go b/umountcmd_test.go +index bcae021..dd15a3a 100644 +--- a/umountcmd_test.go ++++ b/umountcmd_test.go +@@ -23,7 +23,8 @@ import ( + ) + + var ( +- oldPath, newPath string ++ oldPath, newPath string ++ oldRuncPath, newRuncPath string + ) + + func isuladExisted() bool { +@@ -34,8 +35,19 @@ func isuladExisted() bool { + return true + } + +-func whereIsIsulad() string { +- cmd := exec.Command("whereis", "isula") ++func runcExisted() bool { ++ cmd := exec.Command("runc", "-v") ++ if err := cmd.Run(); err != nil { ++ return false ++ } ++ return true ++} ++ ++func whereIsCmd(cmdStr string) string { ++ if cmdStr != "runc" && cmdStr != "isula" { ++ return "" ++ } ++ cmd := exec.Command("whereis", cmdStr) + out, err := cmd.CombinedOutput() + if err != nil { + return "" +@@ -45,12 +57,12 @@ func whereIsIsulad() string { + return path + } + +-func rename(oldPath, newPath string) error { +- if err := os.Rename(oldPath, newPath); err != nil { ++func rename(old, new string) error { ++ if err := os.Rename(old, new); err != nil { + fmt.Println(err) + return err + } +- fmt.Printf("rename isula path from %s to %s\n", oldPath, newPath) ++ fmt.Printf("rename path from %s to %s\n", old, new) + return nil + } + +@@ -58,8 +70,8 @@ func tryMoveiSulad() bool { + oldPath = "" + newPath = "" + if isuladExisted() { +- fmt.Println("isuila existed ") +- oldPath = whereIsIsulad() ++ fmt.Println("isuila existed") ++ oldPath = whereIsCmd("isula") + if oldPath == "" { + return false + } +@@ -71,6 +83,23 @@ func tryMoveiSulad() bool { + return true + } + ++func tryMoveRunc() bool { ++ oldRuncPath = "" ++ newRuncPath = "" ++ if runcExisted() { ++ fmt.Println("runc existed") ++ oldRuncPath = whereIsCmd("runc") ++ if oldRuncPath == "" { ++ return false ++ } ++ newRuncPath = oldRuncPath + ".bak" ++ if err := rename(oldRuncPath, newRuncPath); err != nil { ++ return false ++ } ++ } ++ return true ++} ++ + func recoveriSulad() { + if oldPath == "" || newPath == "" { + return +@@ -80,6 +109,15 @@ func recoveriSulad() { + } + } + ++func recoverRunc() { ++ if oldRuncPath == "" || newRuncPath == "" { ++ return ++ } ++ if err := rename(newRuncPath, oldRuncPath); err != nil { ++ return ++ } ++} ++ + // TestUmountAll tests umountAll + func TestUmountAll(t *testing.T) { + if !tryMoveiSulad() { +@@ -87,12 +125,17 @@ func TestUmountAll(t *testing.T) { + } + defer recoveriSulad() + ++ if !tryMoveRunc() { ++ return ++ } ++ defer recoverRunc() ++ + tests := []struct { + name, initMountns, initUserns string + wantErr bool + }{ + { +- name: "TC1-absent of isulad", ++ name: "TC1-absent of container tools", + initMountns: "1", + initUserns: "5", + wantErr: true, +-- +2.33.0 + diff --git a/lxcfs-tools.spec b/lxcfs-tools.spec index b98512b..8a117dc 100644 --- a/lxcfs-tools.spec +++ b/lxcfs-tools.spec @@ -1,7 +1,7 @@ #Basic Information Name: lxcfs-tools Version: 0.3 -Release: 32 +Release: 33 Summary: toolkit for lxcfs to remount a running isulad License: Mulan PSL v2 URL: https://gitee.com/openeuler/lxcfs-tools @@ -13,6 +13,8 @@ Patch2: 0002-enable-external-linkmode-for-cgo-build.patch Patch3: 0003-retry-10-times-to-avoid-isulad-unavailable.patch Patch4: 0004-add-dt-test.patch Patch5: 0005-add-riscv64-to-syscall-build.patch +Patch6: 0006-lxcfs-tools-support-lxcfs-reliability-for-doc.patch +Patch7: 0007-test-add-tests-for-docker-and-lxcfs.patch %ifarch sw_64 Patch1000: lxcfs-tools-sw.patch @@ -24,7 +26,7 @@ Patch1001: add-loong64-support.patch #Dependency BuildRequires: golang > 1.7 BuildRequires: glibc-static -Requires: iSulad +Requires: lxcfs %description A toolkit for lxcfs to remount a running isulad when crashes recover @@ -104,6 +106,12 @@ rm -rfv %{buildroot} %changelog +* Fri Feb 2 2024 yangjiaqi - 0.3-33 +- Type:bugfix +- CVE:NA +- SUG:NA +- DESC:support lxcfs reliability for docker + * Wed Dec 27 2023 yangjiaqi - 0.3-32 - Type:bugfix - CVE:NA -- Gitee