containers
/
podman
mirror of https://github.com/containers/podman.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #11061 from giuseppe/migrate-no-move-to-cgroup 

command: migrate doesn't move process to cgroup
This commit is contained in:
OpenShift Merge Robot 2021-07-27 20:46:46 +02:00 committed by GitHub
parent b6c279be22 63ef5576ed
commit a6a0f6c192
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
7 changed files with 21 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
cmd/podman/common/completion.go
View File

@ -46,7 +46,9 @@ func setupContainerEngine(cmd *cobra.Command) (entities.ContainerEngine, error)
return nil, err return nil, err
} }
if !registry.IsRemote() && rootless.IsRootless() { if !registry.IsRemote() && rootless.IsRootless() {
err := containerEngine.SetupRootless(registry.Context(), cmd) _, noMoveProcess := cmd.Annotations[registry.NoMoveProcess]
err := containerEngine.SetupRootless(registry.Context(), noMoveProcess)
if err != nil { if err != nil {
return nil, err return nil, err
} }

3
cmd/podman/registry/config.go
View File

@ -15,6 +15,9 @@ import (
) )
const ( const (
// NoMoveProcess used as cobra.Annotation when command doesn't need Podman to be moved to a separate cgroup
NoMoveProcess = "NoMoveProcess"
// ParentNSRequired used as cobra.Annotation when command requires root access // ParentNSRequired used as cobra.Annotation when command requires root access
ParentNSRequired = "ParentNSRequired" ParentNSRequired = "ParentNSRequired"

3
cmd/podman/root.go
View File

@ -208,7 +208,8 @@ func persistentPreRunE(cmd *cobra.Command, args []string) error {
// 3) command doesn't require Parent Namespace // 3) command doesn't require Parent Namespace
_, found := cmd.Annotations[registry.ParentNSRequired] _, found := cmd.Annotations[registry.ParentNSRequired]
if !registry.IsRemote() && rootless.IsRootless() && !found { if !registry.IsRemote() && rootless.IsRootless() && !found {
err := registry.ContainerEngine().SetupRootless(registry.Context(), cmd) _, noMoveProcess := cmd.Annotations[registry.NoMoveProcess]
err := registry.ContainerEngine().SetupRootless(registry.Context(), noMoveProcess)
if err != nil { if err != nil {
return err return err
} }

5
cmd/podman/system/migrate.go
View File

@ -22,7 +22,10 @@ var (
` `
migrateCommand = &cobra.Command{ migrateCommand = &cobra.Command{
Annotations: map[string]string{registry.EngineMode: registry.ABIMode}, Annotations: map[string]string{
registry.EngineMode: registry.ABIMode,
registry.NoMoveProcess: registry.NoMoveProcess,
},
Use: "migrate [options]", Use: "migrate [options]",
Args: validate.NoArgs, Args: validate.NoArgs,
Short: "Migrate containers", Short: "Migrate containers",

3
pkg/domain/entities/engine_container.go
View File

@ -8,7 +8,6 @@ import (
"github.com/containers/podman/v3/libpod/define" "github.com/containers/podman/v3/libpod/define"
"github.com/containers/podman/v3/pkg/domain/entities/reports" "github.com/containers/podman/v3/pkg/domain/entities/reports"
"github.com/containers/podman/v3/pkg/specgen" "github.com/containers/podman/v3/pkg/specgen"
"github.com/spf13/cobra"
) )
type ContainerCopyFunc func() error type ContainerCopyFunc func() error
@ -82,7 +81,7 @@ type ContainerEngine interface {
PodStop(ctx context.Context, namesOrIds []string, options PodStopOptions) ([]*PodStopReport, error) PodStop(ctx context.Context, namesOrIds []string, options PodStopOptions) ([]*PodStopReport, error)
PodTop(ctx context.Context, options PodTopOptions) (*StringSliceReport, error) PodTop(ctx context.Context, options PodTopOptions) (*StringSliceReport, error)
PodUnpause(ctx context.Context, namesOrIds []string, options PodunpauseOptions) ([]*PodUnpauseReport, error) PodUnpause(ctx context.Context, namesOrIds []string, options PodunpauseOptions) ([]*PodUnpauseReport, error)
SetupRootless(ctx context.Context, cmd *cobra.Command) error SetupRootless(ctx context.Context, noMoveProcess bool) error
SecretCreate(ctx context.Context, name string, reader io.Reader, options SecretCreateOptions) (*SecretCreateReport, error) SecretCreate(ctx context.Context, name string, reader io.Reader, options SecretCreateOptions) (*SecretCreateReport, error)
SecretInspect(ctx context.Context, nameOrIDs []string) ([]*SecretInfoReport, []error, error) SecretInspect(ctx context.Context, nameOrIDs []string) ([]*SecretInfoReport, []error, error)
SecretList(ctx context.Context) ([]*SecretInfoReport, error) SecretList(ctx context.Context) ([]*SecretInfoReport, error)

12
pkg/domain/infra/abi/system.go
View File

@ -24,7 +24,6 @@ import (
"github.com/containers/storage/pkg/unshare" "github.com/containers/storage/pkg/unshare"
"github.com/pkg/errors" "github.com/pkg/errors"
"github.com/sirupsen/logrus" "github.com/sirupsen/logrus"
"github.com/spf13/cobra"
"github.com/spf13/pflag" "github.com/spf13/pflag"
) )
@ -57,7 +56,7 @@ func (ic *ContainerEngine) Info(ctx context.Context) (*define.Info, error) {
return info, err return info, err
} }
func (ic *ContainerEngine) SetupRootless(_ context.Context, cmd *cobra.Command) error { func (ic *ContainerEngine) SetupRootless(_ context.Context, noMoveProcess bool) error {
// do it only after podman has already re-execed and running with uid==0. // do it only after podman has already re-execed and running with uid==0.
hasCapSysAdmin, err := unshare.HasCapSysAdmin() hasCapSysAdmin, err := unshare.HasCapSysAdmin()
if err != nil { if err != nil {
@ -104,6 +103,9 @@ func (ic *ContainerEngine) SetupRootless(_ context.Context, cmd *cobra.Command)
if became { if became {
os.Exit(ret) os.Exit(ret)
} }
if noMoveProcess {
return nil
}
// if there is no pid file, try to join existing containers, and create a pause process. // if there is no pid file, try to join existing containers, and create a pause process.
ctrs, err := ic.Libpod.GetRunningContainers() ctrs, err := ic.Libpod.GetRunningContainers()
@ -118,9 +120,10 @@ func (ic *ContainerEngine) SetupRootless(_ context.Context, cmd *cobra.Command)
} }
became, ret, err = rootless.TryJoinFromFilePaths(pausePidPath, true, paths) became, ret, err = rootless.TryJoinFromFilePaths(pausePidPath, true, paths)
if err := movePauseProcessToScope(ic.Libpod); err != nil { if err := movePauseProcessToScope(ic.Libpod); err != nil {
conf, err := ic.Config(context.Background()) conf, err2 := ic.Config(context.Background())
if err != nil { if err2 != nil {
return err return err
} }
if conf.Engine.CgroupManager == config.SystemdCgroupsManager { if conf.Engine.CgroupManager == config.SystemdCgroupsManager {
@ -148,7 +151,6 @@ func movePauseProcessToScope(r *libpod.Runtime) error {
if err != nil { if err != nil {
return errors.Wrapf(err, "could not get pause process pid file path") return errors.Wrapf(err, "could not get pause process pid file path")
} }
data, err := ioutil.ReadFile(pausePidPath) data, err := ioutil.ReadFile(pausePidPath)
if err != nil { if err != nil {
return errors.Wrapf(err, "cannot read pause pid file") return errors.Wrapf(err, "cannot read pause pid file")

3
pkg/domain/infra/tunnel/system.go
View File

@ -7,14 +7,13 @@ import (
"github.com/containers/podman/v3/libpod/define" "github.com/containers/podman/v3/libpod/define"
"github.com/containers/podman/v3/pkg/bindings/system" "github.com/containers/podman/v3/pkg/bindings/system"
"github.com/containers/podman/v3/pkg/domain/entities" "github.com/containers/podman/v3/pkg/domain/entities"
"github.com/spf13/cobra"
) )
func (ic *ContainerEngine) Info(ctx context.Context) (*define.Info, error) { func (ic *ContainerEngine) Info(ctx context.Context) (*define.Info, error) {
return system.Info(ic.ClientCtx, nil) return system.Info(ic.ClientCtx, nil)
} }
func (ic *ContainerEngine) SetupRootless(_ context.Context, cmd *cobra.Command) error { func (ic *ContainerEngine) SetupRootless(_ context.Context, noMoveProcess bool) error {
panic(errors.New("rootless engine mode is not supported when tunneling")) panic(errors.New("rootless engine mode is not supported when tunneling"))
} }