Commit graph

215 commits

Author SHA1 Message Date
Antonio Murdaca
27087eacbf
libcontainerd: fix reaper goroutine position
It has observed defunct containerd processes accumulating over
time while dockerd was permanently failing to restart containerd.
Due to a bug in the runContainerdDaemon() function, dockerd does not clean up
its child process if containerd already exits very soon after the (re)start.

The reproducer and analysis below comes from docker 1.12.x but bug
still applies on latest master.

- from libcontainerd/remote_linux.go:

  329 func (r *remote) runContainerdDaemon() error {
   :
   :      // start the containerd child process
   :
  403     if err := cmd.Start(); err != nil {
  404             return err
  405     }
   :
   :      // If containerd exits very soon after (re)start, it is
possible
   :      // that containerd is already in defunct state at the time
when
   :      // dockerd gets here. The setOOMScore() function tries to
write
   :      // to /proc/PID_OF_CONTAINERD/oom_score_adj. However, this
fails
   :      // with errno EINVAL because containerd is defunct. Please see
   :      // snippets of kernel source code and further explanation
below.
   :
  407     if err := setOOMScore(cmd.Process.Pid, r.oomScore); err != nil
{
  408             utils.KillProcess(cmd.Process.Pid)
   :
   :              // Due to the error from write() we return here. As
the
   :              // goroutine that would clean up the child has not
been
   :              // started yet, containerd remains in the defunct
state
   :              // and never gets reaped.
   :
  409             return err
  410     }
   :
  417     go func() {
  418             cmd.Wait()
  419             close(r.daemonWaitCh)
  420     }() // Reap our child when needed
   :
  423 }

This is the kernel function that gets invoked when dockerd tries to
write
to /proc/PID_OF_CONTAINERD/oom_score_adj.

- from fs/proc/base.c:

 1197 static ssize_t oom_score_adj_write(struct file *file, ...
 1198                                         size_t count, loff_t
*ppos)
 1199 {
   :
 1223         task = get_proc_task(file_inode(file));
   :
   :          // The defunct containerd process does not have a virtual
   :          // address space anymore, i.e. task->mm is NULL. Thus the
   :          // following code returns errno EINVAL to dockerd.
   :
 1230         if (!task->mm) {
 1231                 err = -EINVAL;
 1232                 goto err_task_lock;
 1233         }
   :
 1253 err_task_lock:
   :
 1257         return err < 0 ? err : count;
 1258 }

The purpose of the following program is to demonstrate the behavior of
the oom_score_adj_write() function in connection with a defunct process.

$ cat defunct_test.c

\#include <unistd.h>

main()
{
    pid_t pid = fork();

    if (pid == 0)
        // child
        _exit(0);

    // parent
    pause();
}

$ make defunct_test
cc     defunct_test.c   -o defunct_test

$ ./defunct_test &
[1] 3142

$ ps -f | grep defunct_test | grep -v grep
root      3142  2956  0 13:04 pts/0    00:00:00 ./defunct_test
root      3143  3142  0 13:04 pts/0    00:00:00 [defunct_test] <defunct>

$ echo "ps 3143" | crash -s
  PID    PPID  CPU       TASK        ST  %MEM     VSZ    RSS  COMM
  3143   3142   2  ffff880035def300  ZO   0.0       0      0
defunct_test

$ echo "px ((struct task_struct *)0xffff880035def300)->mm" | crash -s
$1 = (struct mm_struct *) 0x0
                          ^^^ task->mm is NULL

$ cat /proc/3143/oom_score_adj
0

$ echo 0 > /proc/3143/oom_score_adj
-bash: echo: write error: Invalid argument"

---

This patch fixes the above issue by making sure we start the reaper
goroutine as soon as possible.

Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2017-05-27 15:13:59 +02:00
John Howard
2f038c2586 Windows: Remove unused SandboxPath
Signed-off-by: John Howard <jhoward@microsoft.com>
2017-05-24 13:44:35 -07:00
Darren Stahl
425973cbb8 Use CpuMaximum instead of CpuPercent for more precision
Signed-off-by: Darren Stahl <darst@microsoft.com>
2017-05-19 12:33:14 -07:00
Tõnis Tiigi
e103125883 Merge pull request #32986 from moypray/containerd_close
fix when rpc reports "transport is closing" error, health check go routine will exit
2017-05-17 17:04:05 -07:00
Kenfe-Mickael Laventure
0ea0b2becf Use containerd Status variable when checking container state
Signed-off-by: Kenfe-Mickael Laventure <mickael.laventure@gmail.com>
2017-05-15 10:53:51 -07:00
Deng Guangxing
9771780a01 fix inconsistent state string with containerd
should be `stopped` according to containerd:
  https://github.com/containerd/containerd/blob/v0.2.x/runtime/runtime.go#L104

Signed-off-by: Deng Guangxing <dengguangxing@huawei.com>
2017-05-15 10:53:51 -07:00
Michael Crosby
005506d36c Update moby to runc and oci 1.0 runtime final rc
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
2017-05-05 13:45:45 -07:00
Wentao Zhang
60742f9a95 fix when rpc reports "transport is closing" error, health check go routine will exit
Signed-off-by: Wentao Zhang <zhangwentao234@huawei.com>
2017-05-04 00:52:10 +08:00
Darren Stahl
dbdc8bbee4 Wait to delete container when restoring on Windows
Signed-off-by: Darren Stahl <darst@microsoft.com>
2017-03-31 10:59:00 -07:00
Tibor Vass
caf8d884aa Merge pull request #31629 from darrenstahlmsft/ShutdownLock
Windows: Stop holding client container lock during shutdown
2017-03-23 18:16:56 -07:00
Vincent Demeester
2fca6526d6 Merge pull request #31503 from Microsoft/jjh/cleanuphcsonrestore
Windows: Cleanup HCS on restore
2017-03-13 13:43:35 +01:00
Kenfe-Mickael Laventure
c458d3bb98 Handle paused container when restoring without live-restore set
Signed-off-by: Kenfe-Mickael Laventure <mickael.laventure@gmail.com>
2017-03-09 13:37:08 -08:00
Darren Stahl
b819ffdb20 Stop holding client container lock during shutdown
Signed-off-by: Darren Stahl <darst@microsoft.com>
2017-03-07 16:24:34 -08:00
John Howard
f59593cbd1 Windows: Cleanup HCS on restore
Signed-off-by: John Howard <jhoward@microsoft.com>

This ensures that any compute processes in HCS are cleanedup
during daemon restore. Note Windows cannot (currently) reconnect
to containers on restore.
2017-03-02 15:13:12 -08:00
Madhan Raj Mookkandy
040afcce8f (*) Support --net:container:<containername/id> for windows
(*) (vdemeester) Removed duplicate code across Windows and Unix wrt Net:Containers
(*) Return unsupported error for network sharing for hyperv isolation containers

Signed-off-by: Madhan Raj Mookkandy <MadhanRaj.Mookkandy@microsoft.com>
2017-02-28 20:03:43 -08:00
John Howard
b7106a92f2 Windows: Remove unused commandLine
Signed-off-by: John Howard <jhoward@microsoft.com>
2017-02-02 11:16:11 -08:00
Vincent Demeester
c0a1d2e0d8 Merge pull request #30117 from msabansal/natfix
Added support for dns-search and fixes #30102
2017-01-31 11:05:29 +01:00
John Howard
f47e417466 Windows: Remove GetPidsForContainer
Signed-off-by: John Howard <jhoward@microsoft.com>
2017-01-18 12:28:52 -08:00
msabansal
e6962481a0 Added support for dns-search and fixes #30102
Signed-off-by: msabansal <sabansal@microsoft.com>
2017-01-13 12:01:10 -08:00
Kenfe-Mickael Laventure
c178700a04 Remove timeout on fifos opening
Instead of a timeout the context is cancelled on error to ensure
proper cleanup of the associated fifos' goroutines.

Signed-off-by: Kenfe-Mickael Laventure <mickael.laventure@gmail.com>
2017-01-13 11:46:48 -08:00
Aaron.L.Xu
39a24019e3 fix typo in libcontainerd/client.go
Signed-off-by: Aaron.L.Xu <likexu@harmonycloud.cn>
2017-01-11 23:10:02 +08:00
Sebastiaan van Stijn
b9ee31ae02 Merge pull request #29314 from vdemeester/no-more-utils
Remove the utils package
2016-12-22 15:21:05 +01:00
lixiaobing10051267
f385846d6f fix some typos in libcontainer\types_windows.go
Signed-off-by: lixiaobing10051267 <li.xiaobing1@zte.com.cn>
2016-12-14 16:33:03 +08:00
Vincent Demeester
8c1ac81665
Move process functions to pkg/system
Signed-off-by: Vincent Demeester <vincent@sbr.pm>
2016-12-12 09:28:41 +01:00
Lei Jitang
267422e4d0 Fix docker restart panic on machine ungracefully shutdown
Machine ungracefully shutdown leaves a lot of container has a
Running=true state.

```
$ cat config.v2.json | jq .

    "Running": true,
    "Paused": false,
    "Restarting": false,

```

And the next docker start will fail with panic.

```

time="2016-12-01T01:54:45.086446715-05:00" level=warning msg="libcontainerd: client is out of sync, restore was called on a fully synced container (49f41ad5ca0be860622d9190673b5816d012022fb2c1794560ec4851e7cfec6a)."
time="2016-12-01T01:54:45.087046004-05:00" level=warning msg="libcontainerd: failed to retrieve container 49f41ad5ca0be860622d9190673b5816d012022fb2c1794560ec4851e7cfec6a state: rpc error: code = 2 desc = containerd: container not found"
panic: runtime error: invalid memory address or nil pointer dereference
[signal SIGSEGV: segmentation violation code=0x1 addr=0x8 pc=0x5db7f3]

goroutine 57 [running]:
panic(0x16a8e60, 0xc420010130)
        /usr/local/go/src/runtime/panic.go:500 +0x1a1
github.com/docker/docker/libcontainerd.(*client).Restore(0xc4202e1a40, 0xc420415000, 0x40, 0xc42015a0b0, 0x0, 0x0, 0x0, 0x0, 0x0)
        /go/src/github.com/docker/docker/libcontainerd/client_linux.go:457 +0x553
github.com/docker/docker/daemon.(*Daemon).restore.func1(0xc4201c46f0, 0xc4202581e0, 0xc4201c46e8, 0xc42047bfb0, 0xc42047bf80, 0xc42047bf50, 0xc42024ba10, 0xc420512c00)
        /go/src/github.com/docker/docker/daemon/daemon.go:205 +0x198
created by github.com/docker/docker/daemon.(*Daemon).restore
        /go/src/github.com/docker/docker/daemon/daemon.go:260 +0x7bb

```

Signed-off-by: Lei Jitang <leijitang@huawei.com>
2016-12-01 02:25:24 -05:00
Kenfe-Mickael Laventure
9fff9bb761 Fix race with containerd events stream on restore
Signed-off-by: Kenfe-Mickael Laventure <mickael.laventure@gmail.com>
2016-11-30 10:15:39 -08:00
Lei Jitang
9aedaf5b3a Ignore "failed to close stdin" if container or process not found
Signed-off-by: Lei Jitang <leijitang@huawei.com>
2016-11-29 20:41:39 -05:00
Tonis Tiigi
4e262f6387 Fix race on sending stdin close event
Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
2016-11-21 17:43:01 -08:00
Darren Stahl
8b50324273 Shutdown instead of terminate process on Windows
Signed-off-by: Darren Stahl <darst@microsoft.com>
2016-11-18 12:05:08 -08:00
Akshay Karle
2d08a76421 fix a typo
Signed-off-by: Akshay Karle <akshay.a.karle@gmail.com>
2016-11-17 16:51:37 -05:00
Victor Vieux
0427afa409 Merge pull request #27955 from mlaventure/runc-docker-info
Add external binaries version to docker info
2016-11-10 21:27:14 -08:00
Darren Stahl
0ed00b36ff Adding more strict resource checks on Windows
Signed-off-by: Darren Stahl <darst@microsoft.com>
2016-11-09 16:29:54 -08:00
Victor Vieux
f67d4b897a Merge pull request #28184 from Microsoft/jjh/user
Windows: Plumb through user
2016-11-09 11:32:42 -08:00
Kenfe-Mickael Laventure
2790ac68b3 Add expected 3rd party binaries commit ids to info
Signed-off-by: Kenfe-Mickael Laventure <mickael.laventure@gmail.com>
2016-11-09 07:42:44 -08:00
Darren Stahl
ae35c0f70e Stop returning errors that should be ignored while closing stdin
Signed-off-by: Darren Stahl <darst@microsoft.com>
2016-11-08 18:25:43 -08:00
John Howard
5207ff7202 Windows: Plumb through user
Signed-off-by: John Howard <jhoward@microsoft.com>
2016-11-08 17:41:56 -08:00
Tonis Tiigi
ee9d28bd3f Don’t warn on missing fifo
Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
2016-11-08 09:59:49 -08:00
Amit Krishnan
934328d8ea Add functional support for Docker sub commands on Solaris
Signed-off-by: Amit Krishnan <krish.amit@gmail.com>

Signed-off-by: Alexander Morozov <lk4d4@docker.com>
2016-11-07 09:06:34 -08:00
Darren Stahl
4e15420b9b Windows: Add cpu count option
Signed-off-by: Darren Stahl <darst@microsoft.com>
2016-11-04 13:38:50 -07:00
Yanqiang Miao
1ad989559f Clean up the constants in 'libcontainerd' that are no longer in use
Signed-off-by: Yanqiang Miao <miao.yanqiang@zte.com.cn>

update

Signed-off-by: Yanqiang Miao <miao.yanqiang@zte.com.cn>
2016-10-28 13:39:04 +08:00
Tonis Tiigi
aa01ee4ac5 Fix logging formatting
Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
2016-10-25 18:34:35 -07:00
Tonis Tiigi
37a3be2449 Move stdio attach from libcontainerd backend to callback
Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
2016-10-24 00:20:36 -07:00
Tonis Tiigi
6f2658fb8c Refactor stdin closing
Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
2016-10-20 17:10:15 -07:00
Tonis Tiigi
6d26464502 Fix issues with fifos blocking on open
Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
2016-10-20 17:02:02 -07:00
Antonio Murdaca
1808348136
record pid of exec'd process
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2016-10-20 17:06:11 +02:00
Jonh Wendell
e03bf1221e Exec: Add ability to set environment variables
Keeping the current behavior for exec, i.e., inheriting
variables from main process. New variables will be added
to current ones. If there's already a variable with that
name it will be overwritten.

Example of usage: docker exec -it -e TERM=vt100 <container> top

Closes #24355.

Signed-off-by: Jonh Wendell <jonh.wendell@redhat.com>
2016-10-19 12:39:25 -02:00
Sebastiaan van Stijn
dd383898cd Merge pull request #26795 from darrenstahlmsft/PauseResume
Implement Pause Resume support for Windows
2016-10-13 18:08:11 -07:00
John Howard
e736b9a172 Merge pull request #27310 from swernli/servicing-error-reporting
Fixing error reporting on servicing failure
2016-10-12 08:47:54 -07:00
Stefan J. Wernli
f65647463e Fixing error reporting on servicing failure
The code that handles waiting for the servicing container to complete correctly grabs the exit code and logs a failure, but doesn't return that failure to the caller, mistakenly causing servicing operations to look successful when they really failed during processing.

Signed-off-by: Stefan J. Wernli <swernli@microsoft.com>
2016-10-11 17:11:56 -07:00
Darren Stahl
69985e85d3 Implement Pause Resume support for Windows
Signed-off-by: Darren Stahl <darst@microsoft.com>
2016-10-11 16:23:35 -07:00