
     1  // +build linux solaris
     3  package libcontainerd
     5  import (
     6  	"fmt"
     7  	"io"
     8  	"io/ioutil"
     9  	"log"
    10  	"net"
    11  	"os"
    12  	"os/exec"
    13  	"path/filepath"
    14  	goruntime "runtime"
    15  	"strconv"
    16  	"strings"
    17  	"sync"
    18  	"syscall"
    19  	"time"
    21  	""
    22  	containerd ""
    23  	""
    24  	sysinfo ""
    25  	""
    26  	""
    27  	""
    28  	""
    29  	""
    30  	""
    31  	""
    32  	""
    33  )
    35  const (
    36  	maxConnectionRetryCount      = 3
    37  	containerdHealthCheckTimeout = 3 * time.Second
    38  	containerdShutdownTimeout    = 15 * time.Second
    39  	containerdBinary             = "docker-containerd"
    40  	containerdPidFilename        = ""
    41  	containerdSockFilename       = "docker-containerd.sock"
    42  	containerdStateDir           = "containerd"
    43  	eventTimestampFilename       = "event.ts"
    44  )
    46  type remote struct {
    47  	sync.RWMutex
    48  	apiClient            containerd.APIClient
    49  	daemonPid            int
    50  	stateDir             string
    51  	rpcAddr              string
    52  	startDaemon          bool
    53  	closeManually        bool
    54  	debugLog             bool
    55  	rpcConn              *grpc.ClientConn
    56  	clients              []*client
    57  	eventTsPath          string
    58  	runtime              string
    59  	runtimeArgs          []string
    60  	daemonWaitCh         chan struct{}
    61  	liveRestore          bool
    62  	oomScore             int
    63  	restoreFromTimestamp *timestamp.Timestamp
    64  }
    66  // New creates a fresh instance of libcontainerd remote.
    67  func New(stateDir string, options ...RemoteOption) (_ Remote, err error) {
    68  	defer func() {
    69  		if err != nil {
    70  			err = fmt.Errorf("Failed to connect to containerd. Please make sure containerd is installed in your PATH or you have specified the correct address. Got error: %v", err)
    71  		}
    72  	}()
    73  	r := &remote{
    74  		stateDir:    stateDir,
    75  		daemonPid:   -1,
    76  		eventTsPath: filepath.Join(stateDir, eventTimestampFilename),
    77  	}
    78  	for _, option := range options {
    79  		if err := option.Apply(r); err != nil {
    80  			return nil, err
    81  		}
    82  	}
    84  	if err := sysinfo.MkdirAll(stateDir, 0700); err != nil {
    85  		return nil, err
    86  	}
    88  	if r.rpcAddr == "" {
    89  		r.rpcAddr = filepath.Join(stateDir, containerdSockFilename)
    90  	}
    92  	if r.startDaemon {
    93  		if err := r.runContainerdDaemon(); err != nil {
    94  			return nil, err
    95  		}
    96  	}
    98  	// don't output the grpc reconnect logging
    99  	grpclog.SetLogger(log.New(ioutil.Discard, "", log.LstdFlags))
   100  	dialOpts := append([]grpc.DialOption{grpc.WithInsecure()},
   101  		grpc.WithDialer(func(addr string, timeout time.Duration) (net.Conn, error) {
   102  			return net.DialTimeout("unix", addr, timeout)
   103  		}),
   104  	)
   105  	conn, err := grpc.Dial(r.rpcAddr, dialOpts...)
   106  	if err != nil {
   107  		return nil, fmt.Errorf("error connecting to containerd: %v", err)
   108  	}
   110  	r.rpcConn = conn
   111  	r.apiClient = containerd.NewAPIClient(conn)
   113  	// Get the timestamp to restore from
   114  	t := r.getLastEventTimestamp()
   115  	tsp, err := ptypes.TimestampProto(t)
   116  	if err != nil {
   117  		logrus.Errorf("libcontainerd: failed to convert timestamp: %q", err)
   118  	}
   119  	r.restoreFromTimestamp = tsp
   121  	go r.handleConnectionChange()
   123  	if err := r.startEventsMonitor(); err != nil {
   124  		return nil, err
   125  	}
   127  	return r, nil
   128  }
   130  func (r *remote) UpdateOptions(options ...RemoteOption) error {
   131  	for _, option := range options {
   132  		if err := option.Apply(r); err != nil {
   133  			return err
   134  		}
   135  	}
   136  	return nil
   137  }
   139  func (r *remote) handleConnectionChange() {
   140  	var transientFailureCount = 0
   142  	ticker := time.NewTicker(500 * time.Millisecond)
   143  	defer ticker.Stop()
   144  	healthClient := grpc_health_v1.NewHealthClient(r.rpcConn)
   146  	for {
   147  		<-ticker.C
   148  		ctx, cancel := context.WithTimeout(context.Background(), containerdHealthCheckTimeout)
   149  		_, err := healthClient.Check(ctx, &grpc_health_v1.HealthCheckRequest{})
   150  		cancel()
   151  		if err == nil {
   152  			continue
   153  		}
   155  		logrus.Debugf("libcontainerd: containerd health check returned error: %v", err)
   157  		if r.daemonPid != -1 {
   158  			if strings.Contains(err.Error(), "is closing") {
   159  				// Well, we asked for it to stop, just return
   160  				return
   161  			}
   162  			// all other errors are transient
   163  			// Reset state to be notified of next failure
   164  			transientFailureCount++
   165  			if transientFailureCount >= maxConnectionRetryCount {
   166  				transientFailureCount = 0
   167  				if utils.IsProcessAlive(r.daemonPid) {
   168  					utils.KillProcess(r.daemonPid)
   169  				}
   170  				<-r.daemonWaitCh
   171  				if err := r.runContainerdDaemon(); err != nil { //FIXME: Handle error
   172  					logrus.Errorf("libcontainerd: error restarting containerd: %v", err)
   173  				}
   174  				continue
   175  			}
   176  		}
   177  	}
   178  }
   180  func (r *remote) Cleanup() {
   181  	if r.daemonPid == -1 {
   182  		return
   183  	}
   184  	r.closeManually = true
   185  	r.rpcConn.Close()
   186  	// Ask the daemon to quit
   187  	syscall.Kill(r.daemonPid, syscall.SIGTERM)
   189  	// Wait up to 15secs for it to stop
   190  	for i := time.Duration(0); i < containerdShutdownTimeout; i += time.Second {
   191  		if !utils.IsProcessAlive(r.daemonPid) {
   192  			break
   193  		}
   194  		time.Sleep(time.Second)
   195  	}
   197  	if utils.IsProcessAlive(r.daemonPid) {
   198  		logrus.Warnf("libcontainerd: containerd (%d) didn't stop within 15 secs, killing it\n", r.daemonPid)
   199  		syscall.Kill(r.daemonPid, syscall.SIGKILL)
   200  	}
   202  	// cleanup some files
   203  	os.Remove(filepath.Join(r.stateDir, containerdPidFilename))
   204  	os.Remove(filepath.Join(r.stateDir, containerdSockFilename))
   205  }
   207  func (r *remote) Client(b Backend) (Client, error) {
   208  	c := &client{
   209  		clientCommon: clientCommon{
   210  			backend:    b,
   211  			containers: make(map[string]*container),
   212  			locker:     locker.New(),
   213  		},
   214  		remote:        r,
   215  		exitNotifiers: make(map[string]*exitNotifier),
   216  		liveRestore:   r.liveRestore,
   217  	}
   219  	r.Lock()
   220  	r.clients = append(r.clients, c)
   221  	r.Unlock()
   222  	return c, nil
   223  }
   225  func (r *remote) updateEventTimestamp(t time.Time) {
   226  	f, err := os.OpenFile(r.eventTsPath, syscall.O_CREAT|syscall.O_WRONLY|syscall.O_TRUNC, 0600)
   227  	if err != nil {
   228  		logrus.Warnf("libcontainerd: failed to open event timestamp file: %v", err)
   229  		return
   230  	}
   231  	defer f.Close()
   233  	b, err := t.MarshalText()
   234  	if err != nil {
   235  		logrus.Warnf("libcontainerd: failed to encode timestamp: %v", err)
   236  		return
   237  	}
   239  	n, err := f.Write(b)
   240  	if err != nil || n != len(b) {
   241  		logrus.Warnf("libcontainerd: failed to update event timestamp file: %v", err)
   242  		f.Truncate(0)
   243  		return
   244  	}
   245  }
   247  func (r *remote) getLastEventTimestamp() time.Time {
   248  	t := time.Now()
   250  	fi, err := os.Stat(r.eventTsPath)
   251  	if os.IsNotExist(err) || fi.Size() == 0 {
   252  		return t
   253  	}
   255  	f, err := os.Open(r.eventTsPath)
   256  	if err != nil {
   257  		logrus.Warnf("libcontainerd: Unable to access last event ts: %v", err)
   258  		return t
   259  	}
   260  	defer f.Close()
   262  	b := make([]byte, fi.Size())
   263  	n, err := f.Read(b)
   264  	if err != nil || n != len(b) {
   265  		logrus.Warnf("libcontainerd: Unable to read last event ts: %v", err)
   266  		return t
   267  	}
   269  	t.UnmarshalText(b)
   271  	return t
   272  }
   274  func (r *remote) startEventsMonitor() error {
   275  	// First, get past events
   276  	t := r.getLastEventTimestamp()
   277  	tsp, err := ptypes.TimestampProto(t)
   278  	if err != nil {
   279  		logrus.Errorf("libcontainerd: failed to convert timestamp: %q", err)
   280  	}
   281  	er := &containerd.EventsRequest{
   282  		Timestamp: tsp,
   283  	}
   284  	events, err := r.apiClient.Events(context.Background(), er, grpc.FailFast(false))
   285  	if err != nil {
   286  		return err
   287  	}
   288  	go r.handleEventStream(events)
   289  	return nil
   290  }
   292  func (r *remote) handleEventStream(events containerd.API_EventsClient) {
   293  	for {
   294  		e, err := events.Recv()
   295  		if err != nil {
   296  			if grpc.ErrorDesc(err) == transport.ErrConnClosing.Desc &&
   297  				r.closeManually {
   298  				// ignore error if grpc remote connection is closed manually
   299  				return
   300  			}
   301  			logrus.Errorf("libcontainerd: failed to receive event from containerd: %v", err)
   302  			go r.startEventsMonitor()
   303  			return
   304  		}
   306  		logrus.Debugf("libcontainerd: received containerd event: %#v", e)
   308  		var container *container
   309  		var c *client
   310  		r.RLock()
   311  		for _, c = range r.clients {
   312  			container, err = c.getContainer(e.Id)
   313  			if err == nil {
   314  				break
   315  			}
   316  		}
   317  		r.RUnlock()
   318  		if container == nil {
   319  			logrus.Warnf("libcontainerd: unknown container %s", e.Id)
   320  			continue
   321  		}
   323  		if err := container.handleEvent(e); err != nil {
   324  			logrus.Errorf("libcontainerd: error processing state change for %s: %v", e.Id, err)
   325  		}
   327  		tsp, err := ptypes.Timestamp(e.Timestamp)
   328  		if err != nil {
   329  			logrus.Errorf("libcontainerd: failed to convert event timestamp: %q", err)
   330  			continue
   331  		}
   333  		r.updateEventTimestamp(tsp)
   334  	}
   335  }
   337  func (r *remote) runContainerdDaemon() error {
   338  	pidFilename := filepath.Join(r.stateDir, containerdPidFilename)
   339  	f, err := os.OpenFile(pidFilename, os.O_RDWR|os.O_CREATE, 0600)
   340  	if err != nil {
   341  		return err
   342  	}
   343  	defer f.Close()
   345  	// File exist, check if the daemon is alive
   346  	b := make([]byte, 8)
   347  	n, err := f.Read(b)
   348  	if err != nil && err != io.EOF {
   349  		return err
   350  	}
   352  	if n > 0 {
   353  		pid, err := strconv.ParseUint(string(b[:n]), 10, 64)
   354  		if err != nil {
   355  			return err
   356  		}
   357  		if utils.IsProcessAlive(int(pid)) {
   358  			logrus.Infof("libcontainerd: previous instance of containerd still alive (%d)", pid)
   359  			r.daemonPid = int(pid)
   360  			return nil
   361  		}
   362  	}
   364  	// rewind the file
   365  	_, err = f.Seek(0, os.SEEK_SET)
   366  	if err != nil {
   367  		return err
   368  	}
   370  	// Truncate it
   371  	err = f.Truncate(0)
   372  	if err != nil {
   373  		return err
   374  	}
   376  	// Start a new instance
   377  	args := []string{
   378  		"-l", fmt.Sprintf("unix://%s", r.rpcAddr),
   379  		"--metrics-interval=0",
   380  		"--start-timeout", "2m",
   381  		"--state-dir", filepath.Join(r.stateDir, containerdStateDir),
   382  	}
   383  	if goruntime.GOOS == "solaris" {
   384  		args = append(args, "--shim", "containerd-shim", "--runtime", "runc")
   385  	} else {
   386  		args = append(args, "--shim", "docker-containerd-shim")
   387  		if r.runtime != "" {
   388  			args = append(args, "--runtime")
   389  			args = append(args, r.runtime)
   390  		}
   391  	}
   392  	if r.debugLog {
   393  		args = append(args, "--debug")
   394  	}
   395  	if len(r.runtimeArgs) > 0 {
   396  		for _, v := range r.runtimeArgs {
   397  			args = append(args, "--runtime-args")
   398  			args = append(args, v)
   399  		}
   400  		logrus.Debugf("libcontainerd: runContainerdDaemon: runtimeArgs: %s", args)
   401  	}
   403  	cmd := exec.Command(containerdBinary, args...)
   404  	// redirect containerd logs to docker logs
   405  	cmd.Stdout = os.Stdout
   406  	cmd.Stderr = os.Stderr
   407  	cmd.SysProcAttr = setSysProcAttr(true)
   408  	cmd.Env = nil
   409  	// clear the NOTIFY_SOCKET from the env when starting containerd
   410  	for _, e := range os.Environ() {
   411  		if !strings.HasPrefix(e, "NOTIFY_SOCKET") {
   412  			cmd.Env = append(cmd.Env, e)
   413  		}
   414  	}
   415  	if err := cmd.Start(); err != nil {
   416  		return err
   417  	}
   418  	logrus.Infof("libcontainerd: new containerd process, pid: %d", cmd.Process.Pid)
   419  	if err := setOOMScore(cmd.Process.Pid, r.oomScore); err != nil {
   420  		utils.KillProcess(cmd.Process.Pid)
   421  		return err
   422  	}
   423  	if _, err := f.WriteString(fmt.Sprintf("%d", cmd.Process.Pid)); err != nil {
   424  		utils.KillProcess(cmd.Process.Pid)
   425  		return err
   426  	}
   428  	r.daemonWaitCh = make(chan struct{})
   429  	go func() {
   430  		cmd.Wait()
   431  		close(r.daemonWaitCh)
   432  	}() // Reap our child when needed
   433  	r.daemonPid = cmd.Process.Pid
   434  	return nil
   435  }
   437  // WithRemoteAddr sets the external containerd socket to connect to.
   438  func WithRemoteAddr(addr string) RemoteOption {
   439  	return rpcAddr(addr)
   440  }
   442  type rpcAddr string
   444  func (a rpcAddr) Apply(r Remote) error {
   445  	if remote, ok := r.(*remote); ok {
   446  		remote.rpcAddr = string(a)
   447  		return nil
   448  	}
   449  	return fmt.Errorf("WithRemoteAddr option not supported for this remote")
   450  }
   452  // WithRuntimePath sets the path of the runtime to be used as the
   453  // default by containerd
   454  func WithRuntimePath(rt string) RemoteOption {
   455  	return runtimePath(rt)
   456  }
   458  type runtimePath string
   460  func (rt runtimePath) Apply(r Remote) error {
   461  	if remote, ok := r.(*remote); ok {
   462  		remote.runtime = string(rt)
   463  		return nil
   464  	}
   465  	return fmt.Errorf("WithRuntime option not supported for this remote")
   466  }
   468  // WithRuntimeArgs sets the list of runtime args passed to containerd
   469  func WithRuntimeArgs(args []string) RemoteOption {
   470  	return runtimeArgs(args)
   471  }
   473  type runtimeArgs []string
   475  func (rt runtimeArgs) Apply(r Remote) error {
   476  	if remote, ok := r.(*remote); ok {
   477  		remote.runtimeArgs = rt
   478  		return nil
   479  	}
   480  	return fmt.Errorf("WithRuntimeArgs option not supported for this remote")
   481  }
   483  // WithStartDaemon defines if libcontainerd should also run containerd daemon.
   484  func WithStartDaemon(start bool) RemoteOption {
   485  	return startDaemon(start)
   486  }
   488  type startDaemon bool
   490  func (s startDaemon) Apply(r Remote) error {
   491  	if remote, ok := r.(*remote); ok {
   492  		remote.startDaemon = bool(s)
   493  		return nil
   494  	}
   495  	return fmt.Errorf("WithStartDaemon option not supported for this remote")
   496  }
   498  // WithDebugLog defines if containerd debug logs will be enabled for daemon.
   499  func WithDebugLog(debug bool) RemoteOption {
   500  	return debugLog(debug)
   501  }
   503  type debugLog bool
   505  func (d debugLog) Apply(r Remote) error {
   506  	if remote, ok := r.(*remote); ok {
   507  		remote.debugLog = bool(d)
   508  		return nil
   509  	}
   510  	return fmt.Errorf("WithDebugLog option not supported for this remote")
   511  }
   513  // WithLiveRestore defines if containers are stopped on shutdown or restored.
   514  func WithLiveRestore(v bool) RemoteOption {
   515  	return liveRestore(v)
   516  }
   518  type liveRestore bool
   520  func (l liveRestore) Apply(r Remote) error {
   521  	if remote, ok := r.(*remote); ok {
   522  		remote.liveRestore = bool(l)
   523  		for _, c := range remote.clients {
   524  			c.liveRestore = bool(l)
   525  		}
   526  		return nil
   527  	}
   528  	return fmt.Errorf("WithLiveRestore option not supported for this remote")
   529  }
   531  // WithOOMScore defines the oom_score_adj to set for the containerd process.
   532  func WithOOMScore(score int) RemoteOption {
   533  	return oomScore(score)
   534  }
   536  type oomScore int
   538  func (o oomScore) Apply(r Remote) error {
   539  	if remote, ok := r.(*remote); ok {
   540  		remote.oomScore = int(o)
   541  		return nil
   542  	}
   543  	return fmt.Errorf("WithOOMScore option not supported for this remote")
   544  }