github.com/anuvu/nomad@v0.8.7-atom1/client/driver/raw_exec.go (about) 1 package driver 2 3 import ( 4 "context" 5 "encoding/json" 6 "fmt" 7 "log" 8 "os" 9 "path/filepath" 10 "runtime" 11 "syscall" 12 "time" 13 14 multierror "github.com/hashicorp/go-multierror" 15 "github.com/hashicorp/go-plugin" 16 "github.com/hashicorp/nomad/client/allocdir" 17 "github.com/hashicorp/nomad/client/driver/env" 18 "github.com/hashicorp/nomad/client/driver/executor" 19 dstructs "github.com/hashicorp/nomad/client/driver/structs" 20 "github.com/hashicorp/nomad/client/fingerprint" 21 cstructs "github.com/hashicorp/nomad/client/structs" 22 "github.com/hashicorp/nomad/helper/fields" 23 "github.com/hashicorp/nomad/nomad/structs" 24 "github.com/mitchellh/mapstructure" 25 ) 26 27 const ( 28 // rawExecEnableOption is the option that enables this driver in the Config.Options map. 29 rawExecEnableOption = "driver.raw_exec.enable" 30 31 // rawExecNoCgroupOption forces no cgroups. 32 rawExecNoCgroupOption = "driver.raw_exec.no_cgroups" 33 34 // The key populated in Node Attributes to indicate presence of the Raw Exec 35 // driver 36 rawExecDriverAttr = "driver.raw_exec" 37 ) 38 39 // The RawExecDriver is a privileged version of the exec driver. It provides no 40 // resource isolation and just fork/execs. The Exec driver should be preferred 41 // and this should only be used when explicitly needed. 42 type RawExecDriver struct { 43 DriverContext 44 fingerprint.StaticFingerprinter 45 46 // useCgroup tracks whether we should use a cgroup to manage the process 47 // tree 48 useCgroup bool 49 } 50 51 // rawExecHandle is returned from Start/Open as a handle to the PID 52 type rawExecHandle struct { 53 version string 54 pluginClient *plugin.Client 55 userPid int 56 executor executor.Executor 57 isolationConfig *dstructs.IsolationConfig 58 killTimeout time.Duration 59 maxKillTimeout time.Duration 60 logger *log.Logger 61 waitCh chan *dstructs.WaitResult 62 doneCh chan struct{} 63 taskEnv *env.TaskEnv 64 taskDir *allocdir.TaskDir 65 } 66 67 // NewRawExecDriver is used to create a new raw exec driver 68 func NewRawExecDriver(ctx *DriverContext) Driver { 69 return &RawExecDriver{DriverContext: *ctx} 70 } 71 72 // Validate is used to validate the driver configuration 73 func (d *RawExecDriver) Validate(config map[string]interface{}) error { 74 fd := &fields.FieldData{ 75 Raw: config, 76 Schema: map[string]*fields.FieldSchema{ 77 "command": { 78 Type: fields.TypeString, 79 Required: true, 80 }, 81 "args": { 82 Type: fields.TypeArray, 83 }, 84 }, 85 } 86 87 if err := fd.Validate(); err != nil { 88 return err 89 } 90 91 return nil 92 } 93 94 func (d *RawExecDriver) Abilities() DriverAbilities { 95 return DriverAbilities{ 96 SendSignals: true, 97 Exec: true, 98 } 99 } 100 101 func (d *RawExecDriver) FSIsolation() cstructs.FSIsolation { 102 return cstructs.FSIsolationNone 103 } 104 105 func (d *RawExecDriver) Fingerprint(req *cstructs.FingerprintRequest, resp *cstructs.FingerprintResponse) error { 106 // Check that the user has explicitly enabled this executor. 107 enabled := req.Config.ReadBoolDefault(rawExecEnableOption, false) 108 109 if enabled || req.Config.DevMode { 110 d.logger.Printf("[WARN] driver.raw_exec: raw exec is enabled. Only enable if needed") 111 resp.AddAttribute(rawExecDriverAttr, "1") 112 resp.Detected = true 113 return nil 114 } 115 116 resp.RemoveAttribute(rawExecDriverAttr) 117 return nil 118 } 119 120 func (d *RawExecDriver) Prestart(*ExecContext, *structs.Task) (*PrestartResponse, error) { 121 // If we are on linux, running as root, cgroups are mounted, and cgroups 122 // aren't disabled by the operator use cgroups for pid management. 123 forceDisable := d.DriverContext.config.ReadBoolDefault(rawExecNoCgroupOption, false) 124 if !forceDisable && runtime.GOOS == "linux" && 125 syscall.Geteuid() == 0 && cgroupsMounted(d.DriverContext.node) { 126 d.useCgroup = true 127 } 128 129 return nil, nil 130 } 131 132 func (d *RawExecDriver) Start(ctx *ExecContext, task *structs.Task) (*StartResponse, error) { 133 var driverConfig ExecDriverConfig 134 if err := mapstructure.WeakDecode(task.Config, &driverConfig); err != nil { 135 return nil, err 136 } 137 138 // Get the command to be ran 139 command := driverConfig.Command 140 if err := validateCommand(command, "args"); err != nil { 141 return nil, err 142 } 143 144 pluginLogFile := filepath.Join(ctx.TaskDir.Dir, "executor.out") 145 executorConfig := &dstructs.ExecutorConfig{ 146 LogFile: pluginLogFile, 147 LogLevel: d.config.LogLevel, 148 } 149 150 exec, pluginClient, err := createExecutor(d.config.LogOutput, d.config, executorConfig) 151 if err != nil { 152 return nil, err 153 } 154 executorCtx := &executor.ExecutorContext{ 155 TaskEnv: ctx.TaskEnv, 156 Driver: "raw_exec", 157 Task: task, 158 TaskDir: ctx.TaskDir.Dir, 159 LogDir: ctx.TaskDir.LogDir, 160 } 161 if err := exec.SetContext(executorCtx); err != nil { 162 pluginClient.Kill() 163 return nil, fmt.Errorf("failed to set executor context: %v", err) 164 } 165 166 taskKillSignal, err := getTaskKillSignal(task.KillSignal) 167 if err != nil { 168 return nil, err 169 } 170 171 execCmd := &executor.ExecCommand{ 172 Cmd: command, 173 Args: driverConfig.Args, 174 User: task.User, 175 TaskKillSignal: taskKillSignal, 176 BasicProcessCgroup: d.useCgroup, 177 } 178 ps, err := exec.LaunchCmd(execCmd) 179 if err != nil { 180 pluginClient.Kill() 181 return nil, err 182 } 183 d.logger.Printf("[DEBUG] driver.raw_exec: started process with pid: %v", ps.Pid) 184 185 // Return a driver handle 186 maxKill := d.DriverContext.config.MaxKillTimeout 187 h := &rawExecHandle{ 188 pluginClient: pluginClient, 189 executor: exec, 190 isolationConfig: ps.IsolationConfig, 191 userPid: ps.Pid, 192 killTimeout: GetKillTimeout(task.KillTimeout, maxKill), 193 maxKillTimeout: maxKill, 194 version: d.config.Version.VersionNumber(), 195 logger: d.logger, 196 doneCh: make(chan struct{}), 197 waitCh: make(chan *dstructs.WaitResult, 1), 198 taskEnv: ctx.TaskEnv, 199 taskDir: ctx.TaskDir, 200 } 201 go h.run() 202 return &StartResponse{Handle: h}, nil 203 } 204 205 func (d *RawExecDriver) Cleanup(*ExecContext, *CreatedResources) error { return nil } 206 207 type rawExecId struct { 208 Version string 209 KillTimeout time.Duration 210 MaxKillTimeout time.Duration 211 UserPid int 212 PluginConfig *PluginReattachConfig 213 IsolationConfig *dstructs.IsolationConfig 214 } 215 216 func (d *RawExecDriver) Open(ctx *ExecContext, handleID string) (DriverHandle, error) { 217 id := &rawExecId{} 218 if err := json.Unmarshal([]byte(handleID), id); err != nil { 219 return nil, fmt.Errorf("Failed to parse handle '%s': %v", handleID, err) 220 } 221 222 pluginConfig := &plugin.ClientConfig{ 223 Reattach: id.PluginConfig.PluginConfig(), 224 } 225 exec, pluginClient, err := createExecutorWithConfig(pluginConfig, d.config.LogOutput) 226 if err != nil { 227 merrs := new(multierror.Error) 228 merrs.Errors = append(merrs.Errors, err) 229 d.logger.Println("[ERR] driver.raw_exec: error connecting to plugin so destroying plugin pid and user pid") 230 if e := destroyPlugin(id.PluginConfig.Pid, id.UserPid); e != nil { 231 merrs.Errors = append(merrs.Errors, fmt.Errorf("error destroying plugin and userpid: %v", e)) 232 } 233 if id.IsolationConfig != nil { 234 ePid := pluginConfig.Reattach.Pid 235 if e := executor.ClientCleanup(id.IsolationConfig, ePid); e != nil { 236 merrs.Errors = append(merrs.Errors, fmt.Errorf("destroying resource container failed: %v", e)) 237 } 238 } 239 return nil, fmt.Errorf("error connecting to plugin: %v", merrs.ErrorOrNil()) 240 } 241 242 ver, _ := exec.Version() 243 d.logger.Printf("[DEBUG] driver.raw_exec: version of executor: %v", ver.Version) 244 245 // Return a driver handle 246 h := &rawExecHandle{ 247 pluginClient: pluginClient, 248 executor: exec, 249 userPid: id.UserPid, 250 isolationConfig: id.IsolationConfig, 251 logger: d.logger, 252 killTimeout: id.KillTimeout, 253 maxKillTimeout: id.MaxKillTimeout, 254 version: id.Version, 255 doneCh: make(chan struct{}), 256 waitCh: make(chan *dstructs.WaitResult, 1), 257 taskEnv: ctx.TaskEnv, 258 taskDir: ctx.TaskDir, 259 } 260 go h.run() 261 return h, nil 262 } 263 264 func (h *rawExecHandle) ID() string { 265 id := rawExecId{ 266 Version: h.version, 267 KillTimeout: h.killTimeout, 268 MaxKillTimeout: h.maxKillTimeout, 269 PluginConfig: NewPluginReattachConfig(h.pluginClient.ReattachConfig()), 270 UserPid: h.userPid, 271 IsolationConfig: h.isolationConfig, 272 } 273 274 data, err := json.Marshal(id) 275 if err != nil { 276 h.logger.Printf("[ERR] driver.raw_exec: failed to marshal ID to JSON: %s", err) 277 } 278 return string(data) 279 } 280 281 func (h *rawExecHandle) WaitCh() chan *dstructs.WaitResult { 282 return h.waitCh 283 } 284 285 func (h *rawExecHandle) Update(task *structs.Task) error { 286 // Store the updated kill timeout. 287 h.killTimeout = GetKillTimeout(task.KillTimeout, h.maxKillTimeout) 288 h.executor.UpdateTask(task) 289 290 // Update is not possible 291 return nil 292 } 293 294 func (h *rawExecHandle) Exec(ctx context.Context, cmd string, args []string) ([]byte, int, error) { 295 return executor.ExecScript(ctx, h.taskDir.Dir, h.taskEnv, nil, cmd, args) 296 } 297 298 func (h *rawExecHandle) Signal(s os.Signal) error { 299 return h.executor.Signal(s) 300 } 301 302 func (h *rawExecHandle) Kill() error { 303 if err := h.executor.ShutDown(); err != nil { 304 if h.pluginClient.Exited() { 305 return nil 306 } 307 return fmt.Errorf("executor Shutdown failed: %v", err) 308 } 309 310 select { 311 case <-h.doneCh: 312 return nil 313 case <-time.After(h.killTimeout): 314 if h.pluginClient.Exited() { 315 return nil 316 } 317 if err := h.executor.Exit(); err != nil { 318 return fmt.Errorf("executor Exit failed: %v", err) 319 } 320 321 return nil 322 } 323 } 324 325 func (h *rawExecHandle) Stats() (*cstructs.TaskResourceUsage, error) { 326 return h.executor.Stats() 327 } 328 329 func (h *rawExecHandle) run() { 330 ps, werr := h.executor.Wait() 331 close(h.doneCh) 332 if ps.ExitCode == 0 && werr != nil { 333 if h.isolationConfig != nil { 334 ePid := h.pluginClient.ReattachConfig().Pid 335 if e := executor.ClientCleanup(h.isolationConfig, ePid); e != nil { 336 h.logger.Printf("[ERR] driver.raw_exec: destroying resource container failed: %v", e) 337 } 338 } else { 339 if e := killProcess(h.userPid); e != nil { 340 h.logger.Printf("[ERR] driver.raw_exec: error killing user process: %v", e) 341 } 342 } 343 } 344 345 // Exit the executor 346 if err := h.executor.Exit(); err != nil { 347 h.logger.Printf("[ERR] driver.raw_exec: error killing executor: %v", err) 348 } 349 h.pluginClient.Kill() 350 351 // Send the results 352 h.waitCh <- &dstructs.WaitResult{ExitCode: ps.ExitCode, Signal: ps.Signal, Err: werr} 353 close(h.waitCh) 354 }