[lxc-devel] [lxd/master] OnStop improvements
stgraber on Github
lxc-bot at linuxcontainers.org
Fri Oct 14 19:17:45 UTC 2016
A non-text attachment was scrubbed...
Name: not available
Type: text/x-mailbox
Size: 301 bytes
Desc: not available
URL: <http://lists.linuxcontainers.org/pipermail/lxc-devel/attachments/20161014/d2b0a10f/attachment.bin>
-------------- next part --------------
From 5759729ceb4e689086275a910de0ac32f0a065f8 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?St=C3=A9phane=20Graber?= <stgraber at ubuntu.com>
Date: Fri, 14 Oct 2016 15:10:32 -0400
Subject: [PATCH 1/2] doc: We actually require 2.0.0 or higher
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Signed-off-by: Stéphane Graber <stgraber at ubuntu.com>
---
doc/requirements.md | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/doc/requirements.md b/doc/requirements.md
index 7d840f7..883f86e 100644
--- a/doc/requirements.md
+++ b/doc/requirements.md
@@ -20,7 +20,7 @@ The following optional features also require extra kernel options:
As well as any other kernel feature required by the LXC version in use.
## LXC
-LXD requires LXC 1.1.5 or higher with the following build options:
+LXD requires LXC 2.0.0 or higher with the following build options:
* apparmor (if using LXD's apparmor support)
* seccomp
From c04cac4b8949de51e24f72228cf2534d1057c5ee Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?St=C3=A9phane=20Graber?= <stgraber at ubuntu.com>
Date: Fri, 14 Oct 2016 15:10:45 -0400
Subject: [PATCH 2/2] Remove legacy code from OnStop
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
This changes OnStop to assume LXC 2.0.0 or higher.
So it now relies on LXC_TARGET being set in the environment (and will
fail if it's not) and also depends on LXC interrupting container restart
on hook failures.
This allows the removal of a good chunk of code and improved logging of
what's going on with the container.
Signed-off-by: Stéphane Graber <stgraber at ubuntu.com>
---
lxd/container_lxc.go | 64 ++++++++++++++++++----------------------------------
1 file changed, 22 insertions(+), 42 deletions(-)
diff --git a/lxd/container_lxc.go b/lxd/container_lxc.go
index 830265d..614a54d 100644
--- a/lxd/container_lxc.go
+++ b/lxd/container_lxc.go
@@ -1753,6 +1753,12 @@ func (c *containerLXC) Shutdown(timeout time.Duration) error {
}
func (c *containerLXC) OnStop(target string) error {
+ // Validate target
+ if !shared.StringInSlice(target, []string{"stop", "reboot"}) {
+ shared.LogError("Container sent invalid target to OnStop", log.Ctx{"container": c.Name(), "target": target})
+ return fmt.Errorf("Invalid stop target: %s", target)
+ }
+
// Get operation
op, _ := c.getOperation("")
if op != nil && !shared.StringInSlice(op.action, []string{"stop", "shutdown"}) {
@@ -1774,10 +1780,21 @@ func (c *containerLXC) OnStop(target string) error {
// Unload the apparmor profile
if err := AADestroy(c); err != nil {
- shared.LogError("failed to destroy apparmor namespace", log.Ctx{"container": c.Name(), "err": err})
+ shared.LogError("Failed to destroy apparmor namespace", log.Ctx{"container": c.Name(), "err": err})
+ }
+
+ // Log user actions
+ if op == nil {
+ ctxMap := log.Ctx{"name": c.name,
+ "action": target,
+ "created": c.creationDate,
+ "ephemeral": c.ephemeral,
+ "used": c.lastUsedDate,
+ "stateful": false}
+
+ shared.LogInfo(fmt.Sprintf("Container initiated %s", target), ctxMap)
}
- // FIXME: The go routine can go away once we can rely on LXC_TARGET
go func(c *containerLXC, target string, op *lxcContainerOperation) {
c.fromHook = false
@@ -1786,26 +1803,8 @@ func (c *containerLXC) OnStop(target string) error {
defer op.Done(nil)
}
- if target == "unknown" && op != nil {
- target = "stop"
- }
-
- if target == "unknown" {
- time.Sleep(5 * time.Second)
-
- newContainer, err := containerLoadByName(c.daemon, c.Name())
- if err != nil {
- return
- }
-
- if newContainer.Id() != c.id {
- return
- }
-
- if newContainer.IsRunning() {
- return
- }
- }
+ // Wait for other post-stop actions to be done
+ c.IsRunning()
// Clean all the unix devices
err = c.removeUnixDevices()
@@ -1827,22 +1826,6 @@ func (c *containerLXC) OnStop(target string) error {
// Reboot the container
if target == "reboot" {
-
- /* This part is a hack to workaround a LXC bug where a
- failure from a post-stop script doesn't prevent the container to restart. */
- ephemeral := c.ephemeral
- args := containerArgs{
- Architecture: c.Architecture(),
- Config: c.LocalConfig(),
- Devices: c.LocalDevices(),
- Ephemeral: false,
- Profiles: c.Profiles(),
- }
- c.Update(args, false)
- c.Stop(false)
- args.Ephemeral = ephemeral
- c.Update(args, true)
-
// Start the container again
c.Start(false)
return
@@ -1852,10 +1835,7 @@ func (c *containerLXC) OnStop(target string) error {
deviceTaskSchedulerTrigger("container", c.name, "stopped")
// Record current state
- err = dbContainerSetState(c.daemon.db, c.id, "STOPPED")
- if err != nil {
- return
- }
+ dbContainerSetState(c.daemon.db, c.id, "STOPPED")
// Destroy ephemeral containers
if c.ephemeral {
More information about the lxc-devel
mailing list