Merge branch 'cri-compatibility' of github.com:Starnop/pouch into cri-compatibility

Author: starnop

INSTALLATION.md

@@ -36,14 +36,13 @@ sudo apt-get install curl apt-transport-https ca-certificates software-propertie
 curl -fsSL http://mirrors.aliyun.com/opsx/pouch/linux/debian/[email protected] | sudo apt-key add -
 ```
 
-Verify that you now have the key with the fingerprint `B615 DDD7 90C7 0912 582D  DC2D D7AE A5ED 439A E9EC`, by searching for the last 8 characters of the fingerprint.
+Verify that you now have the key with the fingerprint `F443 EDD0 4A58 7E8B F645  9C40 CF68 F84A BE2F 475F`, by searching for the last 8 characters of the fingerprint.
 
 ``` bash
-$ apt-key fingerprint 439AE9EC
-pub   2048R/439AE9EC 2018-01-31
-      Key fingerprint = B615 DDD7 90C7 0912 582D  DC2D D7AE A5ED 439A E9EC
-uid                  Pouch Release <[email protected]>
-sub   2048R/B3D2A915 2018-01-31
+$ apt-key fingerprint BE2F475F
+pub   4096R/BE2F475F 2018-02-28
+      Key fingerprint = F443 EDD0 4A58 7E8B F645  9C40 CF68 F84A BE2F 475F
+uid                  opsx-admin <[email protected]>
 ```
 
 **2. Set up the pouch repository**

cli/common_flags.go

@@ -84,6 +84,7 @@ func addCommonFlags(flagSet *pflag.FlagSet) *container {
 
 	flagSet.StringVarP(&c.workdir, "workdir", "w", "", "Set the working directory in a container")
 	flagSet.Var(&c.ulimit, "ulimit", "Set container ulimit")
+	flagSet.Int64Var(&c.pidsLimit, "pids-limit", -1, "Set container pids limit, -1 for unlimited")
 
 	flagSet.BoolVar(&c.rich, "rich", false, "Start container in rich container mode. (default false)")
 	flagSet.StringVar(&c.richMode, "rich-mode", "", "Choose one rich container mode. dumb-init(default), systemd, sbin-init")

cli/container.go

@@ -69,6 +69,7 @@ type container struct {
 	specAnnotation []string
 	cgroupParent   string
 	ulimit         Ulimit
+	pidsLimit      int64
 
 	//add for rich container mode
 	rich       bool
@@ -223,6 +224,7 @@ func (c *container) config() (*types.ContainerCreateConfig, error) {
 				IntelRdtL3Cbm: intelRdtL3Cbm,
 				CgroupParent:  c.cgroupParent,
 				Ulimits:       c.ulimit.value(),
+				PidsLimit:     c.pidsLimit,
 			},
 			EnableLxcfs:   c.enableLxcfs,
 			Privileged:    c.privileged,

cri/v1alpha1/cri.go

@@ -9,7 +9,6 @@ import (
 	"path"
 	"path/filepath"
 	"reflect"
-	"strings"
 	"time"
 
 	apitypes "github.com/alibaba/pouch/apis/types"
@@ -648,7 +647,7 @@ func (c *CriManager) ContainerStatus(ctx context.Context, r *runtime.ContainerSt
 	labels, annotations := extractLabels(container.Config.Labels)
 
 	imageRef := container.Image
-	imageInfo, err := c.ImageMgr.GetImage(ctx, strings.TrimPrefix(imageRef, "sha256:"))
+	imageInfo, err := c.ImageMgr.GetImage(ctx, imageRef)
 	if err != nil {
 		return nil, fmt.Errorf("failed to get image %s: %v", imageRef, err)
 	}
@@ -825,7 +824,7 @@ func (c *CriManager) ListImages(ctx context.Context, r *runtime.ListImagesReques
 			continue
 		}
 		// NOTE: we should query image cache to get the correct image info.
-		imageInfo, err := c.ImageMgr.GetImage(ctx, strings.TrimPrefix(i.ID, "sha256:"))
+		imageInfo, err := c.ImageMgr.GetImage(ctx, i.ID)
 		if err != nil {
 			continue
 		}
@@ -849,7 +848,7 @@ func (c *CriManager) ImageStatus(ctx context.Context, r *runtime.ImageStatusRequ
 		return nil, err
 	}
 
-	imageInfo, err := c.ImageMgr.GetImage(ctx, strings.TrimPrefix(ref.String(), "sha256:"))
+	imageInfo, err := c.ImageMgr.GetImage(ctx, ref.String())
 	if err != nil {
 		// TODO: separate ErrImageNotFound with others.
 		// Now we just return empty if the error occurred.
@@ -893,7 +892,7 @@ func (c *CriManager) PullImage(ctx context.Context, r *runtime.PullImageRequest)
 
 // RemoveImage removes the image.
 func (c *CriManager) RemoveImage(ctx context.Context, r *runtime.RemoveImageRequest) (*runtime.RemoveImageResponse, error) {
-	imageRef := strings.TrimPrefix(r.GetImage().GetImage(), "sha256:")
+	imageRef := r.GetImage().GetImage()
 
 	if err := c.ImageMgr.RemoveImage(ctx, imageRef, false); err != nil {
 		if errtypes.IsNotfound(err) {

cri/v1alpha2/cri.go

@@ -9,7 +9,6 @@ import (
 	"path"
 	"path/filepath"
 	"reflect"
-	"strings"
 	"time"
 
 	apitypes "github.com/alibaba/pouch/apis/types"
@@ -54,7 +53,7 @@ const (
 	// Address and port of stream server.
 	// TODO: specify them in the parameters of pouchd.
 	streamServerAddress = ""
-	streamServerPort    = "10010"
+	streamServerPort    = "10011"
 
 	namespaceModeHost = "host"
 	namespaceModeNone = "none"
@@ -371,8 +370,8 @@ func (c *CriManager) PodSandboxStatus(ctx context.Context, r *runtime.PodSandbox
 	}
 	labels, annotations := extractLabels(sandbox.Config.Labels)
 
-	securityContext := sandboxMeta.Config.GetLinux().GetSecurityContext()
-	hostNet := securityContext.GetNamespaceOptions().GetNetwork() == runtime.NamespaceMode_NODE
+	nsOpts := sandboxMeta.Config.GetLinux().GetSecurityContext().GetNamespaceOptions()
+	hostNet := nsOpts.GetNetwork() == runtime.NamespaceMode_NODE
 
 	var ip string
 	// No need to get ip for host network mode.
@@ -392,7 +391,15 @@ func (c *CriManager) PodSandboxStatus(ctx context.Context, r *runtime.PodSandbox
 		Labels:      labels,
 		Annotations: annotations,
 		Network:     &runtime.PodSandboxNetworkStatus{Ip: ip},
-		// TODO: linux specific pod status.
+		Linux: &runtime.LinuxPodSandboxStatus{
+			Namespaces: &runtime.Namespace{
+				Options: &runtime.NamespaceOption{
+					Network: nsOpts.GetNetwork(),
+					Pid:     nsOpts.GetPid(),
+					Ipc:     nsOpts.GetIpc(),
+				},
+			},
+		},
 	}
 
 	return &runtime.PodSandboxStatusResponse{Status: status}, nil
@@ -440,8 +447,7 @@ func (c *CriManager) CreateContainer(ctx context.Context, r *runtime.CreateConta
 
 	image := ""
 	if iSpec := config.GetImage(); iSpec != nil {
-		temp := strings.Split(iSpec.Image, ":")
-		image = temp[len(temp)-1]
+		image = iSpec.Image
 	}
 	createConfig := &apitypes.ContainerCreateConfig{
 		ContainerConfig: apitypes.ContainerConfig{
@@ -638,7 +644,7 @@ func (c *CriManager) ContainerStatus(ctx context.Context, r *runtime.ContainerSt
 	labels, annotations := extractLabels(container.Config.Labels)
 
 	imageRef := container.Image
-	imageInfo, err := c.ImageMgr.GetImage(ctx, strings.TrimPrefix(imageRef, "sha256:"))
+	imageInfo, err := c.ImageMgr.GetImage(ctx, imageRef)
 	if err != nil {
 		return nil, fmt.Errorf("failed to get image %s: %v", imageRef, err)
 	}
@@ -689,23 +695,7 @@ func (c *CriManager) UpdateContainerResources(ctx context.Context, r *runtime.Up
 // to either create a new log file and return nil, or return an error.
 // Once it returns error, new container log file MUST NOT be created.
 func (c *CriManager) ReopenContainerLog(ctx context.Context, r *runtime.ReopenContainerLogRequest) (*runtime.ReopenContainerLogResponse, error) {
-	containerID := r.GetContainerId()
-	container, err := c.ContainerMgr.Get(ctx, containerID)
-	if err != nil {
-		return nil, fmt.Errorf("failed to get container of %q: %v", containerID, err)
-	}
-	if container.State.Status != apitypes.StatusRunning {
-		return nil, fmt.Errorf("container %q is not running", containerID)
-	}
-	c.ContainerMgr.(*mgr.ContainerManager).IOs.Remove(containerID)
-	if container.LogPath != "" {
-		logPath := container.LogPath
-		err := c.attachLog(logPath, containerID)
-		if err != nil {
-			return nil, err
-		}
-	}
-	return &runtime.ReopenContainerLogResponse{}, nil
+	return nil, fmt.Errorf("UpdateContainerResources Not Implemented Yet")
 }
 
 // ExecSync executes a command in the container, and returns the stdout output.
@@ -840,7 +830,7 @@ func (c *CriManager) ListImages(ctx context.Context, r *runtime.ListImagesReques
 			continue
 		}
 		// NOTE: we should query image cache to get the correct image info.
-		imageInfo, err := c.ImageMgr.GetImage(ctx, strings.TrimPrefix(i.ID, "sha256:"))
+		imageInfo, err := c.ImageMgr.GetImage(ctx, i.ID)
 		if err != nil {
 			continue
 		}
@@ -864,7 +854,7 @@ func (c *CriManager) ImageStatus(ctx context.Context, r *runtime.ImageStatusRequ
 		return nil, err
 	}
 
-	imageInfo, err := c.ImageMgr.GetImage(ctx, strings.TrimPrefix(ref.String(), "sha256:"))
+	imageInfo, err := c.ImageMgr.GetImage(ctx, ref.String())
 	if err != nil {
 		// TODO: separate ErrImageNotFound with others.
 		// Now we just return empty if the error occurred.
@@ -908,7 +898,7 @@ func (c *CriManager) PullImage(ctx context.Context, r *runtime.PullImageRequest)
 
 // RemoveImage removes the image.
 func (c *CriManager) RemoveImage(ctx context.Context, r *runtime.RemoveImageRequest) (*runtime.RemoveImageResponse, error) {
-	imageRef := strings.TrimPrefix(r.GetImage().GetImage(), "sha256:")
+	imageRef := r.GetImage().GetImage()
 
 	if err := c.ImageMgr.RemoveImage(ctx, imageRef, false); err != nil {
 		if errtypes.IsNotfound(err) {

cri/v1alpha2/cri_utils.go

@@ -451,9 +451,9 @@ func modifyContainerNamespaceOptions(nsOpts *runtime.NamespaceOption, podSandbox
 		if n.hostMode {
 			*n.nsMode = namespaceModeHost
 		} else {
-			if n.nsMode == &hostConfig.PidMode && nsOpts.GetPid() == runtime.NamespaceMode_CONTAINER {
-				continue
-			}
+			//if n.nsMode == &hostConfig.PidMode && nsOpts.GetPid() == runtime.NamespaceMode_CONTAINER {
+			//	continue
+			//}
 			*n.nsMode = sandboxNSMode
 		}
 	}

daemon/mgr/container.go

@@ -36,7 +36,6 @@ import (
 	"github.com/go-openapi/strfmt"
 	"github.com/imdario/mergo"
 	"github.com/magiconair/properties"
-	digest "github.com/opencontainers/go-digest"
 	ocispec "github.com/opencontainers/image-spec/specs-go/v1"
 	"github.com/pkg/errors"
 	"github.com/sirupsen/logrus"
@@ -1919,7 +1918,7 @@ func (mgr *ContainerManager) getMountPointFromImage(ctx context.Context, meta *C
 	var err error
 
 	// parse volumes from image
-	image, err := mgr.ImageMgr.GetImage(ctx, strings.TrimPrefix(meta.Image, digest.Canonical.String()+":"))
+	image, err := mgr.ImageMgr.GetImage(ctx, meta.Image)
 	if err != nil {
 		return errors.Wrapf(err, "failed to get image: %s", meta.Image)
 	}

daemon/mgr/image.go

@@ -4,6 +4,7 @@ import (
 	"context"
 	"fmt"
 	"io"
+	"strings"
 	"time"
 
 	"github.com/alibaba/pouch/apis/types"
@@ -178,8 +179,11 @@ func (mgr *ImageManager) RemoveImage(ctx context.Context, idOrRef string, force
 		return err
 	}
 
-	// should remove all the references if the reference is Named Only
-	if reference.IsNamedOnly(namedRef) {
+	// should remove all the references if the reference is ID (Named Only)
+	// or Digest ID (Tagged Named)
+	if reference.IsNamedOnly(namedRef) ||
+		strings.HasPrefix(id.String(), namedRef.String()) {
+
 		// NOTE: the user maybe use the following references to pull one image
 		//
 		//	busybox:1.25
@@ -257,9 +261,11 @@ func (mgr *ImageManager) CheckReference(ctx context.Context, idOrRef string) (ac
 		}
 	}
 
-	// NOTE: if the actualRef is short ID or ID, the primaryRef is first one of
-	// primary reference
-	if reference.IsNamedOnly(actualRef) {
+	// NOTE: if the actualRef is ID (Named Only) or Digest ID (Tagged Named)
+	// the primaryRef is first one of primary reference
+	if reference.IsNamedOnly(actualRef) ||
+		strings.HasPrefix(actualID.String(), actualRef.String()) {
+
 		refs := mgr.localStore.GetPrimaryReferences(actualID)
 		if len(refs) == 0 {
 			err = errtypes.ErrNotfound

daemon/mgr/image_store.go

@@ -1,6 +1,8 @@
 package mgr
 
 import (
+	"fmt"
+	"strings"
 	"sync"
 
 	"github.com/alibaba/pouch/pkg/errtypes"
@@ -141,34 +143,41 @@ func (store *imageStore) Search(ref reference.Named) (digest.Digest, reference.N
 
 	// if the reference is short ID or ID
 	//
-	// NOTE: by default, use the sha256 as the digest algorithm
-	id, err := store.searchIDs(digest.Canonical.String(), ref.String())
+	// NOTE: by default, use the sha256 as the digest algorithm if missing
+	// algorithm header.
+	id, err := store.searchIDs(ref.String())
 	if err != nil {
 		return "", nil, err
 	}
 	return id, ref, nil
 }
 
-func (store *imageStore) searchIDs(algo string, prefixID string) (digest.Digest, error) {
+func (store *imageStore) searchIDs(refID string) (digest.Digest, error) {
 	var ids []digest.Digest
+	var id string
+
+	id = refID
+	if !strings.HasPrefix(refID, digest.Canonical.String()) {
+		id = fmt.Sprintf("%s:%s", digest.Canonical.String(), refID)
+	}
 
 	fn := func(_ patricia.Prefix, item patricia.Item) error {
 		if got, ok := item.(digest.Digest); ok {
 			ids = append(ids, got)
 		}
 
 		if len(ids) > 1 {
-			return pkgerrors.Wrap(errtypes.ErrTooMany, "image: "+prefixID)
+			return pkgerrors.Wrap(errtypes.ErrTooMany, "image: "+refID)
 		}
 		return nil
 	}
 
-	if err := store.idSet.VisitSubtree(patricia.Prefix(algo+":"+prefixID), fn); err != nil {
+	if err := store.idSet.VisitSubtree(patricia.Prefix(id), fn); err != nil {
 		return "", err
 	}
 
 	if len(ids) == 0 {
-		return "", pkgerrors.Wrap(errtypes.ErrNotfound, "image: "+prefixID)
+		return "", pkgerrors.Wrap(errtypes.ErrNotfound, "image: "+refID)
 	}
 	return ids[0], nil
 }

daemon/mgr/image_store_test.go

@@ -112,7 +112,7 @@ func TestSearch(t *testing.T) {
 
 	// search
 	{
-		// should return id if the reference is id
+		// should return id if the reference is id without algorithm header
 		{
 			namedStr := id.Hex()
 
@@ -127,6 +127,21 @@ func TestSearch(t *testing.T) {
 			assert.Equal(t, gotRef.String(), namedRef.String())
 		}
 
+		// should return id if the reference is digest id
+		{
+			namedStr := id.String()
+
+			namedRef, err := reference.Parse(namedStr)
+			if err != nil {
+				t.Fatalf("unexpected error during parse reference %v: %v", namedStr, err)
+			}
+
+			gotID, gotRef, err := store.Search(namedRef)
+			assert.Equal(t, err, nil)
+			assert.Equal(t, gotID.String(), id.String())
+			assert.Equal(t, gotRef.String(), namedRef.String())
+		}
+
 		// should return busybox:latest if the reference is busybox
 		{
 			namedStr := "busybox"
@@ -202,7 +217,7 @@ func TestSearch(t *testing.T) {
 
 		// should return ErrTooMany if the reference is commonPart
 		{
-			namedStr := id.Hex()[:20]
+			namedStr := id.String()[:20]
 
 			namedRef, err := reference.Parse(namedStr)
 			if err != nil {