feature: support take over moby container

Signed-off-by: Michael Wan <[email protected]>

Author: HusterWan

ctrd/container.go

@@ -357,23 +357,30 @@ func (c *Client) createContainer(ctx context.Context, ref, id string, container
 	logrus.Infof("success to get image %s, container id %s", img.Name(), id)
 
 	// create container
-	specOptions := []oci.SpecOpts{
-		oci.WithRootFSPath("rootfs"),
-	}
-
 	options := []containerd.NewContainerOpts{
-		containerd.WithSpec(container.Spec, specOptions...),
 		containerd.WithRuntime(fmt.Sprintf("io.containerd.runtime.v1.%s", runtime.GOOS), &runctypes.RuncOptions{
 			Runtime:     container.Runtime,
 			RuntimeRoot: runtimeRoot,
 		}),
 	}
 
-	// check snapshot exist or not.
-	if _, err := c.GetSnapshot(ctx, id); err != nil {
-		return errors.Wrapf(err, "failed to create container %s", id)
+	rootFSPath := "rootfs"
+	// if container is taken over by pouch, not created by pouch
+	if container.Takeover {
+		rootFSPath = container.BaseFS
+	} else { // containers created by pouch must first create snapshot
+		// check snapshot exist or not.
+		if _, err := c.GetSnapshot(ctx, id); err != nil {
+			return errors.Wrapf(err, "failed to create container %s", id)
+		}
+		options = append(options, containerd.WithSnapshot(id))
+	}
+
+	// specify Spec for new container
+	specOptions := []oci.SpecOpts{
+		oci.WithRootFSPath(rootFSPath),
 	}
-	options = append(options, containerd.WithSnapshot(id))
+	options = append(options, containerd.WithSpec(container.Spec, specOptions...))
 
 	nc, err := wrapperCli.client.NewContainer(ctx, id, options...)
 	if err != nil {

ctrd/container_types.go

@@ -6,13 +6,23 @@ import (
 	specs "github.com/opencontainers/runtime-spec/specs-go"
 )
 
-// Container wraps container's info.
+// Container wraps container's info. there have two kind of containers now:
+// One is created by pouch, no need any different operations,
+// The other is just taken over by pouch, like created by moby, we use `Takeover` flag to mark it,
+// because the container is not created by pouch, so we must specify rootfs the container used, so that
+// we can use the rootfs to create new containerd container.
 type Container struct {
 	ID      string
 	Image   string
 	Runtime string
 	IO      *containerio.IO
 	Spec    *specs.Spec
+
+	// BaseFS is rootfs used by containerd container
+	BaseFS string
+	// Takeover specify if the containerd container is just
+	// taken over by pouch, not created by pouch
+	Takeover bool
 }
 
 // Process wraps exec process's info.

daemon/mgr/container.go

@@ -26,12 +26,14 @@ import (
 	"github.com/alibaba/pouch/pkg/collect"
 	"github.com/alibaba/pouch/pkg/errtypes"
 	"github.com/alibaba/pouch/pkg/meta"
+	mountutils "github.com/alibaba/pouch/pkg/mount"
 	"github.com/alibaba/pouch/pkg/randomid"
 	"github.com/alibaba/pouch/pkg/utils"
 	"github.com/alibaba/pouch/storage/quota"
 	volumetypes "github.com/alibaba/pouch/storage/volume/types"
 
 	"github.com/containerd/containerd/errdefs"
+	"github.com/containerd/containerd/mount"
 	"github.com/containerd/containerd/namespaces"
 	"github.com/docker/libnetwork"
 	"github.com/go-openapi/strfmt"
@@ -571,14 +573,24 @@ func (mgr *ContainerManager) createContainerdContainer(ctx context.Context, c *C
 
 	c.Lock()
 	ctrdContainer := &ctrd.Container{
-		ID:      c.ID,
-		Image:   c.Config.Image,
-		Runtime: c.HostConfig.Runtime,
-		Spec:    sw.s,
-		IO:      io,
+		ID:       c.ID,
+		Image:    c.Config.Image,
+		Runtime:  c.HostConfig.Runtime,
+		Spec:     sw.s,
+		IO:       io,
+		Takeover: c.Takeover,
+		BaseFS:   c.BaseFS,
 	}
 	c.Unlock()
 
+	// if container is taken over by pouch,
+	// verify BaseFS before create containerd container
+	if c.Takeover {
+		if err := mgr.ensureRootFSMounted(c.BaseFS, c.Snapshotter.Data); err != nil {
+			return fmt.Errorf("failed to mount container rootfs: %v", err)
+		}
+	}
+
 	if err := mgr.Client.CreateContainer(ctx, ctrdContainer); err != nil {
 		logrus.Errorf("failed to create new containerd container: %v", err)
 
@@ -605,6 +617,53 @@ func (mgr *ContainerManager) createContainerdContainer(ctx context.Context, c *C
 	return c.Write(mgr.Store)
 }
 
+func (mgr *ContainerManager) ensureRootFSMounted(rootfs string, snapData map[string]string) error {
+	if rootfs == "" || len(snapData) == 0 {
+		return fmt.Errorf("container rootfs or snapshotter data is empty")
+	}
+
+	// check if rootfs already mounted
+	notMounted, err := mountutils.IsLikelyNotMountPoint(rootfs)
+	if err != nil {
+		return err
+	}
+	// rootfs already mounted
+	if !notMounted {
+		return nil
+	}
+
+	var workDir, upperDir, lowerDir string
+	for _, dir := range []string{"WorkDir", "UpperDir", "LowerDir"} {
+		if v, ok := snapData[dir]; ok {
+			switch dir {
+			case "WorkDir":
+				workDir = v
+			case "UpperDir":
+				upperDir = v
+			case "LowerDir":
+				lowerDir = v
+			}
+		}
+	}
+
+	if workDir == "" || upperDir == "" || lowerDir == "" {
+		return fmt.Errorf("faile to mount overlay: one or more dirs in WorkDir, UpperDir and LowerDir are empty")
+	}
+
+	options := []string{
+		fmt.Sprintf("workdir=%s", snapData["WorkDir"]),
+		fmt.Sprintf("upperdir=%s", snapData["UpperDir"]),
+		fmt.Sprintf("lowerdir=%s", snapData["LowerDir"]),
+	}
+	mount := mount.Mount{
+		Type:    "overlay",
+		Source:  "overlay",
+		Options: options,
+	}
+
+	return mount.Mount(rootfs)
+}
+
 // Stop stops a running container.
 func (mgr *ContainerManager) Stop(ctx context.Context, name string, timeout int64) error {
 	c, err := mgr.container(name)

daemon/mgr/container_types.go

@@ -180,6 +180,10 @@ type Container struct {
 
 	// Escape keys for detach
 	DetachKeys string
+
+	// Specify whether the container is being taken over,
+	// not created by pouch
+	Takeover bool
 }
 
 // Key returns container's id.

pkg/mount/mount.go

@@ -0,0 +1,31 @@
+package mount
+
+import (
+	"os"
+	"path/filepath"
+	"strings"
+	"syscall"
+)
+
+// IsLikelyNotMountPoint determines if a directory is not a mountpoint.
+// It is fast but not necessarily ALWAYS correct. If the path is in fact
+// a bind mount from one part of a mount to another it will not be detected.
+// mkdir /tmp/a /tmp/b; mount --bin /tmp/a /tmp/b; IsLikelyNotMountPoint("/tmp/b")
+// will return true. When in fact /tmp/b is a mount point. If this situation
+// if of interest to you, don't use this function...
+func IsLikelyNotMountPoint(file string) (bool, error) {
+	stat, err := os.Stat(file)
+	if err != nil {
+		return true, err
+	}
+	rootStat, err := os.Lstat(filepath.Dir(strings.TrimSuffix(file, "/")))
+	if err != nil {
+		return true, err
+	}
+	// If the directory has a different device as parent, then it is a mountpoint.
+	if stat.Sys().(*syscall.Stat_t).Dev != rootStat.Sys().(*syscall.Stat_t).Dev {
+		return false, nil
+	}
+
+	return true, nil
+}

pkg/mount/mount_test.go

@@ -0,0 +1,29 @@
+package mount
+
+import "testing"
+
+func TestIsLikelyNotMountPoint(t *testing.T) {
+	type args struct {
+		file string
+	}
+	tests := []struct {
+		name    string
+		args    args
+		want    bool
+		wantErr bool
+	}{
+	// TODO: Add test cases.
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			got, err := IsLikelyNotMountPoint(tt.args.file)
+			if (err != nil) != tt.wantErr {
+				t.Errorf("IsLikelyNotMountPoint() error = %v, wantErr %v", err, tt.wantErr)
+				return
+			}
+			if got != tt.want {
+				t.Errorf("IsLikelyNotMountPoint() = %v, want %v", got, tt.want)
+			}
+		})
+	}
+}