[lxc-devel] [lxd/master] OnStop improvements

stgraber on Github lxc-bot at linuxcontainers.org
Fri Oct 14 19:17:45 UTC 2016 

A non-text attachment was scrubbed...
Name: not available
Type: text/x-mailbox
Size: 301 bytes
Desc: not available
URL: <http://lists.linuxcontainers.org/pipermail/lxc-devel/attachments/20161014/d2b0a10f/attachment.bin>
-------------- next part --------------
From 5759729ceb4e689086275a910de0ac32f0a065f8 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?St=C3=A9phane=20Graber?= <stgraber at ubuntu.com>
Date: Fri, 14 Oct 2016 15:10:32 -0400
Subject: [PATCH 1/2] doc: We actually require 2.0.0 or higher
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: Stéphane Graber <stgraber at ubuntu.com>
---
 doc/requirements.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/doc/requirements.md b/doc/requirements.md
index 7d840f7..883f86e 100644
--- a/doc/requirements.md
+++ b/doc/requirements.md
@@ -20,7 +20,7 @@ The following optional features also require extra kernel options:
 As well as any other kernel feature required by the LXC version in use.
 
 ## LXC
-LXD requires LXC 1.1.5 or higher with the following build options:
+LXD requires LXC 2.0.0 or higher with the following build options:
  * apparmor (if using LXD's apparmor support)
  * seccomp
 

From c04cac4b8949de51e24f72228cf2534d1057c5ee Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?St=C3=A9phane=20Graber?= <stgraber at ubuntu.com>
Date: Fri, 14 Oct 2016 15:10:45 -0400
Subject: [PATCH 2/2] Remove legacy code from OnStop
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

This changes OnStop to assume LXC 2.0.0 or higher.

So it now relies on LXC_TARGET being set in the environment (and will
fail if it's not) and also depends on LXC interrupting container restart
on hook failures.

This allows the removal of a good chunk of code and improved logging of
what's going on with the container.

Signed-off-by: Stéphane Graber <stgraber at ubuntu.com>
---
 lxd/container_lxc.go | 64 ++++++++++++++++++----------------------------------
 1 file changed, 22 insertions(+), 42 deletions(-)

diff --git a/lxd/container_lxc.go b/lxd/container_lxc.go
index 830265d..614a54d 100644
--- a/lxd/container_lxc.go
+++ b/lxd/container_lxc.go
@@ -1753,6 +1753,12 @@ func (c *containerLXC) Shutdown(timeout time.Duration) error {
 }
 
 func (c *containerLXC) OnStop(target string) error {
+	// Validate target
+	if !shared.StringInSlice(target, []string{"stop", "reboot"}) {
+		shared.LogError("Container sent invalid target to OnStop", log.Ctx{"container": c.Name(), "target": target})
+		return fmt.Errorf("Invalid stop target: %s", target)
+	}
+
 	// Get operation
 	op, _ := c.getOperation("")
 	if op != nil && !shared.StringInSlice(op.action, []string{"stop", "shutdown"}) {
@@ -1774,10 +1780,21 @@ func (c *containerLXC) OnStop(target string) error {
 
 	// Unload the apparmor profile
 	if err := AADestroy(c); err != nil {
-		shared.LogError("failed to destroy apparmor namespace", log.Ctx{"container": c.Name(), "err": err})
+		shared.LogError("Failed to destroy apparmor namespace", log.Ctx{"container": c.Name(), "err": err})
+	}
+
+	// Log user actions
+	if op == nil {
+		ctxMap := log.Ctx{"name": c.name,
+			"action":    target,
+			"created":   c.creationDate,
+			"ephemeral": c.ephemeral,
+			"used":      c.lastUsedDate,
+			"stateful":  false}
+
+		shared.LogInfo(fmt.Sprintf("Container initiated %s", target), ctxMap)
 	}
 
-	// FIXME: The go routine can go away once we can rely on LXC_TARGET
 	go func(c *containerLXC, target string, op *lxcContainerOperation) {
 		c.fromHook = false
 
@@ -1786,26 +1803,8 @@ func (c *containerLXC) OnStop(target string) error {
 			defer op.Done(nil)
 		}
 
-		if target == "unknown" && op != nil {
-			target = "stop"
-		}
-
-		if target == "unknown" {
-			time.Sleep(5 * time.Second)
-
-			newContainer, err := containerLoadByName(c.daemon, c.Name())
-			if err != nil {
-				return
-			}
-
-			if newContainer.Id() != c.id {
-				return
-			}
-
-			if newContainer.IsRunning() {
-				return
-			}
-		}
+		// Wait for other post-stop actions to be done
+		c.IsRunning()
 
 		// Clean all the unix devices
 		err = c.removeUnixDevices()
@@ -1827,22 +1826,6 @@ func (c *containerLXC) OnStop(target string) error {
 
 		// Reboot the container
 		if target == "reboot" {
-
-			/* This part is a hack to workaround a LXC bug where a
-			   failure from a post-stop script doesn't prevent the container to restart. */
-			ephemeral := c.ephemeral
-			args := containerArgs{
-				Architecture: c.Architecture(),
-				Config:       c.LocalConfig(),
-				Devices:      c.LocalDevices(),
-				Ephemeral:    false,
-				Profiles:     c.Profiles(),
-			}
-			c.Update(args, false)
-			c.Stop(false)
-			args.Ephemeral = ephemeral
-			c.Update(args, true)
-
 			// Start the container again
 			c.Start(false)
 			return
@@ -1852,10 +1835,7 @@ func (c *containerLXC) OnStop(target string) error {
 		deviceTaskSchedulerTrigger("container", c.name, "stopped")
 
 		// Record current state
-		err = dbContainerSetState(c.daemon.db, c.id, "STOPPED")
-		if err != nil {
-			return
-		}
+		dbContainerSetState(c.daemon.db, c.id, "STOPPED")
 
 		// Destroy ephemeral containers
 		if c.ephemeral {

More information about the lxc-devel mailing list