2022-11-29 08:46:43 +00:00
|
|
|
package nix2
|
2022-11-28 10:33:28 +00:00
|
|
|
|
|
|
|
import (
|
|
|
|
"context"
|
|
|
|
"fmt"
|
|
|
|
"os"
|
2022-11-28 11:26:41 +00:00
|
|
|
"runtime"
|
|
|
|
"sync"
|
2022-11-28 10:33:28 +00:00
|
|
|
"time"
|
|
|
|
|
2022-11-29 08:51:00 +00:00
|
|
|
"github.com/Alexis211/nomad-driver-exec2/executor"
|
2022-11-28 10:33:28 +00:00
|
|
|
"github.com/hashicorp/consul-template/signals"
|
2022-11-28 11:26:41 +00:00
|
|
|
hclog "github.com/hashicorp/go-hclog"
|
|
|
|
"github.com/hashicorp/nomad/client/lib/cgutil"
|
|
|
|
"github.com/hashicorp/nomad/drivers/shared/capabilities"
|
2022-11-28 10:33:28 +00:00
|
|
|
"github.com/hashicorp/nomad/drivers/shared/eventer"
|
2022-11-28 11:26:41 +00:00
|
|
|
"github.com/hashicorp/nomad/drivers/shared/resolvconf"
|
2022-11-28 11:45:27 +00:00
|
|
|
"github.com/hashicorp/nomad/helper/pluginutils/hclutils"
|
2022-11-28 11:26:41 +00:00
|
|
|
"github.com/hashicorp/nomad/helper/pluginutils/loader"
|
|
|
|
"github.com/hashicorp/nomad/helper/pointer"
|
2022-11-28 10:33:28 +00:00
|
|
|
"github.com/hashicorp/nomad/plugins/base"
|
|
|
|
"github.com/hashicorp/nomad/plugins/drivers"
|
2022-11-28 11:26:41 +00:00
|
|
|
"github.com/hashicorp/nomad/plugins/drivers/utils"
|
2022-11-28 10:33:28 +00:00
|
|
|
"github.com/hashicorp/nomad/plugins/shared/hclspec"
|
2022-11-28 11:26:41 +00:00
|
|
|
pstructs "github.com/hashicorp/nomad/plugins/shared/structs"
|
2022-11-28 10:33:28 +00:00
|
|
|
)
|
|
|
|
|
|
|
|
const (
|
|
|
|
// pluginName is the name of the plugin
|
2022-11-29 08:46:43 +00:00
|
|
|
pluginName = "nix2"
|
2022-11-28 10:33:28 +00:00
|
|
|
|
2022-11-28 11:26:41 +00:00
|
|
|
// fingerprintPeriod is the interval at which the driver will send fingerprint responses
|
2022-11-28 10:33:28 +00:00
|
|
|
fingerprintPeriod = 30 * time.Second
|
|
|
|
|
2022-11-28 11:26:41 +00:00
|
|
|
// taskHandleVersion is the version of task handle which this driver sets
|
|
|
|
// and understands how to decode driver state
|
2022-11-28 10:33:28 +00:00
|
|
|
taskHandleVersion = 1
|
|
|
|
)
|
|
|
|
|
|
|
|
var (
|
2022-11-28 11:26:41 +00:00
|
|
|
// PluginID is the exec plugin metadata registered in the plugin
|
|
|
|
// catalog.
|
|
|
|
PluginID = loader.PluginID{
|
|
|
|
Name: pluginName,
|
|
|
|
PluginType: base.PluginTypeDriver,
|
|
|
|
}
|
|
|
|
|
|
|
|
// pluginInfo is the response returned for the PluginInfo RPC
|
2022-11-28 10:33:28 +00:00
|
|
|
pluginInfo = &base.PluginInfoResponse{
|
|
|
|
Type: base.PluginTypeDriver,
|
|
|
|
PluginApiVersions: []string{drivers.ApiVersion010},
|
2022-11-28 11:26:41 +00:00
|
|
|
PluginVersion: "0.1.0",
|
2022-11-28 10:33:28 +00:00
|
|
|
Name: pluginName,
|
|
|
|
}
|
|
|
|
|
2022-11-28 11:26:41 +00:00
|
|
|
// configSpec is the hcl specification returned by the ConfigSchema RPC
|
2022-11-28 10:33:28 +00:00
|
|
|
configSpec = hclspec.NewObject(map[string]*hclspec.Spec{
|
2022-11-28 11:26:41 +00:00
|
|
|
"no_pivot_root": hclspec.NewDefault(
|
|
|
|
hclspec.NewAttr("no_pivot_root", "bool", false),
|
|
|
|
hclspec.NewLiteral("false"),
|
|
|
|
),
|
|
|
|
"default_pid_mode": hclspec.NewDefault(
|
|
|
|
hclspec.NewAttr("default_pid_mode", "string", false),
|
|
|
|
hclspec.NewLiteral(`"private"`),
|
|
|
|
),
|
|
|
|
"default_ipc_mode": hclspec.NewDefault(
|
|
|
|
hclspec.NewAttr("default_ipc_mode", "string", false),
|
|
|
|
hclspec.NewLiteral(`"private"`),
|
|
|
|
),
|
|
|
|
"allow_caps": hclspec.NewDefault(
|
|
|
|
hclspec.NewAttr("allow_caps", "list(string)", false),
|
|
|
|
hclspec.NewLiteral(capabilities.HCLSpecLiteral),
|
2022-11-28 10:33:28 +00:00
|
|
|
),
|
2022-11-29 08:51:00 +00:00
|
|
|
"allow_bind": hclspec.NewDefault(
|
|
|
|
hclspec.NewAttr("allow_bind", "bool", false),
|
|
|
|
hclspec.NewLiteral("true"),
|
2022-11-28 17:30:33 +00:00
|
|
|
),
|
2022-11-28 10:33:28 +00:00
|
|
|
})
|
|
|
|
|
2022-11-28 11:26:41 +00:00
|
|
|
// taskConfigSpec is the hcl specification for the driver config section of
|
|
|
|
// a task within a job. It is returned in the TaskConfigSchema RPC
|
2022-11-28 10:33:28 +00:00
|
|
|
taskConfigSpec = hclspec.NewObject(map[string]*hclspec.Spec{
|
2022-11-28 11:45:27 +00:00
|
|
|
"command": hclspec.NewAttr("command", "string", true),
|
|
|
|
"args": hclspec.NewAttr("args", "list(string)", false),
|
|
|
|
"bind": hclspec.NewAttr("bind", "list(map(string))", false),
|
|
|
|
"bind_read_only": hclspec.NewAttr("bind_read_only", "list(map(string))", false),
|
|
|
|
"pid_mode": hclspec.NewAttr("pid_mode", "string", false),
|
|
|
|
"ipc_mode": hclspec.NewAttr("ipc_mode", "string", false),
|
|
|
|
"cap_add": hclspec.NewAttr("cap_add", "list(string)", false),
|
|
|
|
"cap_drop": hclspec.NewAttr("cap_drop", "list(string)", false),
|
2022-11-28 10:33:28 +00:00
|
|
|
})
|
|
|
|
|
2022-11-28 11:26:41 +00:00
|
|
|
// driverCapabilities represents the RPC response for what features are
|
|
|
|
// implemented by the exec task driver
|
|
|
|
driverCapabilities = &drivers.Capabilities{
|
2022-11-28 10:33:28 +00:00
|
|
|
SendSignals: true,
|
2022-11-28 11:26:41 +00:00
|
|
|
Exec: true,
|
2022-11-28 16:06:00 +00:00
|
|
|
FSIsolation: drivers.FSIsolationNone,
|
2022-11-28 11:26:41 +00:00
|
|
|
NetIsolationModes: []drivers.NetIsolationMode{
|
|
|
|
drivers.NetIsolationModeHost,
|
|
|
|
drivers.NetIsolationModeGroup,
|
|
|
|
},
|
|
|
|
MountConfigs: drivers.MountConfigSupportAll,
|
2022-11-28 10:33:28 +00:00
|
|
|
}
|
|
|
|
)
|
|
|
|
|
2022-11-28 11:26:41 +00:00
|
|
|
// Driver fork/execs tasks using many of the underlying OS's isolation
|
|
|
|
// features where configured.
|
|
|
|
type Driver struct {
|
2022-11-28 10:33:28 +00:00
|
|
|
// eventer is used to handle multiplexing of TaskEvents calls such that an
|
|
|
|
// event can be broadcast to all callers
|
|
|
|
eventer *eventer.Eventer
|
|
|
|
|
2022-11-28 11:26:41 +00:00
|
|
|
// config is the driver configuration set by the SetConfig RPC
|
|
|
|
config Config
|
2022-11-28 10:33:28 +00:00
|
|
|
|
2022-11-28 11:26:41 +00:00
|
|
|
// tasks is the in memory datastore mapping taskIDs to driverHandles
|
2022-11-28 10:33:28 +00:00
|
|
|
tasks *taskStore
|
|
|
|
|
|
|
|
// ctx is the context for the driver. It is passed to other subsystems to
|
|
|
|
// coordinate shutdown
|
|
|
|
ctx context.Context
|
|
|
|
|
2022-11-28 11:37:50 +00:00
|
|
|
// signalShutdown is called when the driver is shutting down and cancels
|
|
|
|
// the ctx passed to any subsystems
|
|
|
|
signalShutdown context.CancelFunc
|
|
|
|
|
2022-11-28 10:33:28 +00:00
|
|
|
// logger will log to the Nomad agent
|
|
|
|
logger hclog.Logger
|
2022-11-28 11:26:41 +00:00
|
|
|
|
|
|
|
// A tri-state boolean to know if the fingerprinting has happened and
|
|
|
|
// whether it has been successful
|
|
|
|
fingerprintSuccess *bool
|
|
|
|
fingerprintLock sync.Mutex
|
2022-11-28 10:33:28 +00:00
|
|
|
}
|
|
|
|
|
2022-11-28 11:26:41 +00:00
|
|
|
// Config is the driver configuration set by the SetConfig RPC call
|
|
|
|
type Config struct {
|
|
|
|
// NoPivotRoot disables the use of pivot_root, useful when the root partition
|
|
|
|
// is on ramdisk
|
|
|
|
NoPivotRoot bool `codec:"no_pivot_root"`
|
|
|
|
|
|
|
|
// DefaultModePID is the default PID isolation set for all tasks using
|
|
|
|
// exec-based task drivers.
|
|
|
|
DefaultModePID string `codec:"default_pid_mode"`
|
|
|
|
|
|
|
|
// DefaultModeIPC is the default IPC isolation set for all tasks using
|
|
|
|
// exec-based task drivers.
|
|
|
|
DefaultModeIPC string `codec:"default_ipc_mode"`
|
|
|
|
|
|
|
|
// AllowCaps configures which Linux Capabilities are enabled for tasks
|
|
|
|
// running on this node.
|
|
|
|
AllowCaps []string `codec:"allow_caps"`
|
2022-11-28 17:30:33 +00:00
|
|
|
|
2022-11-29 08:51:00 +00:00
|
|
|
// AllowBind defines whether users may bind host directories
|
|
|
|
AllowBind bool `codec:"allow_bind"`
|
2022-11-28 11:26:41 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
func (c *Config) validate() error {
|
|
|
|
switch c.DefaultModePID {
|
|
|
|
case executor.IsolationModePrivate, executor.IsolationModeHost:
|
|
|
|
default:
|
|
|
|
return fmt.Errorf("default_pid_mode must be %q or %q, got %q", executor.IsolationModePrivate, executor.IsolationModeHost, c.DefaultModePID)
|
|
|
|
}
|
|
|
|
|
|
|
|
switch c.DefaultModeIPC {
|
|
|
|
case executor.IsolationModePrivate, executor.IsolationModeHost:
|
|
|
|
default:
|
|
|
|
return fmt.Errorf("default_ipc_mode must be %q or %q, got %q", executor.IsolationModePrivate, executor.IsolationModeHost, c.DefaultModeIPC)
|
|
|
|
}
|
|
|
|
|
|
|
|
badCaps := capabilities.Supported().Difference(capabilities.New(c.AllowCaps))
|
|
|
|
if !badCaps.Empty() {
|
|
|
|
return fmt.Errorf("allow_caps configured with capabilities not supported by system: %s", badCaps)
|
|
|
|
}
|
|
|
|
|
|
|
|
return nil
|
|
|
|
}
|
|
|
|
|
|
|
|
// TaskConfig is the driver configuration of a task within a job
|
|
|
|
type TaskConfig struct {
|
|
|
|
// Command is the thing to exec.
|
|
|
|
Command string `codec:"command"`
|
|
|
|
|
|
|
|
// Args are passed along to Command.
|
|
|
|
Args []string `codec:"args"`
|
|
|
|
|
2022-11-28 11:45:27 +00:00
|
|
|
// Paths to bind for read-write acess
|
|
|
|
Bind hclutils.MapStrStr `codec:"bind"`
|
|
|
|
|
|
|
|
// Paths to bind for read-only acess
|
|
|
|
BindReadOnly hclutils.MapStrStr `codec:"bind_read_only"`
|
|
|
|
|
2022-11-28 11:26:41 +00:00
|
|
|
// ModePID indicates whether PID namespace isolation is enabled for the task.
|
|
|
|
// Must be "private" or "host" if set.
|
|
|
|
ModePID string `codec:"pid_mode"`
|
|
|
|
|
|
|
|
// ModeIPC indicates whether IPC namespace isolation is enabled for the task.
|
|
|
|
// Must be "private" or "host" if set.
|
|
|
|
ModeIPC string `codec:"ipc_mode"`
|
|
|
|
|
|
|
|
// CapAdd is a set of linux capabilities to enable.
|
|
|
|
CapAdd []string `codec:"cap_add"`
|
|
|
|
|
|
|
|
// CapDrop is a set of linux capabilities to disable.
|
|
|
|
CapDrop []string `codec:"cap_drop"`
|
|
|
|
}
|
|
|
|
|
|
|
|
func (tc *TaskConfig) validate() error {
|
|
|
|
switch tc.ModePID {
|
|
|
|
case "", executor.IsolationModePrivate, executor.IsolationModeHost:
|
|
|
|
default:
|
|
|
|
return fmt.Errorf("pid_mode must be %q or %q, got %q", executor.IsolationModePrivate, executor.IsolationModeHost, tc.ModePID)
|
|
|
|
}
|
|
|
|
|
|
|
|
switch tc.ModeIPC {
|
|
|
|
case "", executor.IsolationModePrivate, executor.IsolationModeHost:
|
|
|
|
default:
|
|
|
|
return fmt.Errorf("ipc_mode must be %q or %q, got %q", executor.IsolationModePrivate, executor.IsolationModeHost, tc.ModeIPC)
|
|
|
|
}
|
|
|
|
|
|
|
|
supported := capabilities.Supported()
|
|
|
|
badAdds := supported.Difference(capabilities.New(tc.CapAdd))
|
|
|
|
if !badAdds.Empty() {
|
|
|
|
return fmt.Errorf("cap_add configured with capabilities not supported by system: %s", badAdds)
|
|
|
|
}
|
|
|
|
badDrops := supported.Difference(capabilities.New(tc.CapDrop))
|
|
|
|
if !badDrops.Empty() {
|
|
|
|
return fmt.Errorf("cap_drop configured with capabilities not supported by system: %s", badDrops)
|
|
|
|
}
|
2022-11-28 10:33:28 +00:00
|
|
|
|
2022-11-28 11:26:41 +00:00
|
|
|
return nil
|
|
|
|
}
|
|
|
|
|
|
|
|
// TaskState is the state which is encoded in the handle returned in
|
|
|
|
// StartTask. This information is needed to rebuild the task state and handler
|
|
|
|
// during recovery.
|
|
|
|
type TaskState struct {
|
2022-11-29 08:51:00 +00:00
|
|
|
TaskConfig *drivers.TaskConfig
|
|
|
|
Pid int
|
|
|
|
StartedAt time.Time
|
2022-11-28 11:26:41 +00:00
|
|
|
}
|
|
|
|
|
2022-11-28 11:37:50 +00:00
|
|
|
// NewPlugin returns a new DrivePlugin implementation
|
|
|
|
func NewPlugin(logger hclog.Logger) drivers.DriverPlugin {
|
|
|
|
ctx, cancel := context.WithCancel(context.Background())
|
2022-11-28 11:26:41 +00:00
|
|
|
logger = logger.Named(pluginName)
|
|
|
|
return &Driver{
|
2022-11-28 11:45:27 +00:00
|
|
|
eventer: eventer.NewEventer(ctx, logger),
|
|
|
|
tasks: newTaskStore(),
|
|
|
|
ctx: ctx,
|
2022-11-28 11:37:50 +00:00
|
|
|
signalShutdown: cancel,
|
2022-11-28 11:45:27 +00:00
|
|
|
logger: logger,
|
2022-11-28 10:33:28 +00:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2022-11-28 11:26:41 +00:00
|
|
|
// setFingerprintSuccess marks the driver as having fingerprinted successfully
|
|
|
|
func (d *Driver) setFingerprintSuccess() {
|
|
|
|
d.fingerprintLock.Lock()
|
|
|
|
d.fingerprintSuccess = pointer.Of(true)
|
|
|
|
d.fingerprintLock.Unlock()
|
|
|
|
}
|
|
|
|
|
|
|
|
// setFingerprintFailure marks the driver as having failed fingerprinting
|
|
|
|
func (d *Driver) setFingerprintFailure() {
|
|
|
|
d.fingerprintLock.Lock()
|
|
|
|
d.fingerprintSuccess = pointer.Of(false)
|
|
|
|
d.fingerprintLock.Unlock()
|
|
|
|
}
|
|
|
|
|
|
|
|
// fingerprintSuccessful returns true if the driver has
|
|
|
|
// never fingerprinted or has successfully fingerprinted
|
|
|
|
func (d *Driver) fingerprintSuccessful() bool {
|
|
|
|
d.fingerprintLock.Lock()
|
|
|
|
defer d.fingerprintLock.Unlock()
|
|
|
|
return d.fingerprintSuccess == nil || *d.fingerprintSuccess
|
|
|
|
}
|
|
|
|
|
|
|
|
func (d *Driver) PluginInfo() (*base.PluginInfoResponse, error) {
|
2022-11-28 10:33:28 +00:00
|
|
|
return pluginInfo, nil
|
|
|
|
}
|
|
|
|
|
2022-11-28 11:26:41 +00:00
|
|
|
func (d *Driver) ConfigSchema() (*hclspec.Spec, error) {
|
2022-11-28 10:33:28 +00:00
|
|
|
return configSpec, nil
|
|
|
|
}
|
|
|
|
|
2022-11-28 11:26:41 +00:00
|
|
|
func (d *Driver) SetConfig(cfg *base.Config) error {
|
|
|
|
// unpack, validate, and set agent plugin config
|
2022-11-28 10:33:28 +00:00
|
|
|
var config Config
|
|
|
|
if len(cfg.PluginConfig) != 0 {
|
|
|
|
if err := base.MsgPackDecode(cfg.PluginConfig, &config); err != nil {
|
|
|
|
return err
|
|
|
|
}
|
|
|
|
}
|
2022-11-28 11:26:41 +00:00
|
|
|
if err := config.validate(); err != nil {
|
|
|
|
return err
|
2022-11-28 10:33:28 +00:00
|
|
|
}
|
2022-11-28 17:30:33 +00:00
|
|
|
d.logger.Info("Got config", "driver_config", hclog.Fmt("%+v", config))
|
2022-11-28 11:26:41 +00:00
|
|
|
d.config = config
|
2022-11-28 10:33:28 +00:00
|
|
|
|
|
|
|
return nil
|
|
|
|
}
|
|
|
|
|
2022-11-28 11:26:41 +00:00
|
|
|
func (d *Driver) TaskConfigSchema() (*hclspec.Spec, error) {
|
2022-11-28 10:33:28 +00:00
|
|
|
return taskConfigSpec, nil
|
|
|
|
}
|
|
|
|
|
2022-11-28 11:26:41 +00:00
|
|
|
// Capabilities is returned by the Capabilities RPC and indicates what
|
|
|
|
// optional features this driver supports
|
|
|
|
func (d *Driver) Capabilities() (*drivers.Capabilities, error) {
|
|
|
|
return driverCapabilities, nil
|
2022-11-28 10:33:28 +00:00
|
|
|
}
|
|
|
|
|
2022-11-28 11:26:41 +00:00
|
|
|
func (d *Driver) Fingerprint(ctx context.Context) (<-chan *drivers.Fingerprint, error) {
|
2022-11-28 10:33:28 +00:00
|
|
|
ch := make(chan *drivers.Fingerprint)
|
|
|
|
go d.handleFingerprint(ctx, ch)
|
|
|
|
return ch, nil
|
|
|
|
|
2022-11-28 11:26:41 +00:00
|
|
|
}
|
|
|
|
func (d *Driver) handleFingerprint(ctx context.Context, ch chan<- *drivers.Fingerprint) {
|
2022-11-28 10:33:28 +00:00
|
|
|
defer close(ch)
|
|
|
|
ticker := time.NewTimer(0)
|
|
|
|
for {
|
|
|
|
select {
|
|
|
|
case <-ctx.Done():
|
|
|
|
return
|
|
|
|
case <-d.ctx.Done():
|
|
|
|
return
|
|
|
|
case <-ticker.C:
|
|
|
|
ticker.Reset(fingerprintPeriod)
|
|
|
|
ch <- d.buildFingerprint()
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2022-11-28 11:26:41 +00:00
|
|
|
func (d *Driver) buildFingerprint() *drivers.Fingerprint {
|
|
|
|
if runtime.GOOS != "linux" {
|
|
|
|
d.setFingerprintFailure()
|
|
|
|
return &drivers.Fingerprint{
|
|
|
|
Health: drivers.HealthStateUndetected,
|
|
|
|
HealthDescription: "exec driver unsupported on client OS",
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2022-11-28 10:33:28 +00:00
|
|
|
fp := &drivers.Fingerprint{
|
2022-11-28 11:26:41 +00:00
|
|
|
Attributes: map[string]*pstructs.Attribute{},
|
2022-11-28 10:33:28 +00:00
|
|
|
Health: drivers.HealthStateHealthy,
|
|
|
|
HealthDescription: drivers.DriverHealthy,
|
|
|
|
}
|
|
|
|
|
2022-11-28 11:26:41 +00:00
|
|
|
if !utils.IsUnixRoot() {
|
|
|
|
fp.Health = drivers.HealthStateUndetected
|
|
|
|
fp.HealthDescription = drivers.DriverRequiresRootMessage
|
|
|
|
d.setFingerprintFailure()
|
|
|
|
return fp
|
2022-11-28 10:33:28 +00:00
|
|
|
}
|
|
|
|
|
2022-11-28 11:26:41 +00:00
|
|
|
mount, err := cgutil.FindCgroupMountpointDir()
|
|
|
|
if err != nil {
|
|
|
|
fp.Health = drivers.HealthStateUnhealthy
|
|
|
|
fp.HealthDescription = drivers.NoCgroupMountMessage
|
|
|
|
if d.fingerprintSuccessful() {
|
|
|
|
d.logger.Warn(fp.HealthDescription, "error", err)
|
|
|
|
}
|
|
|
|
d.setFingerprintFailure()
|
|
|
|
return fp
|
|
|
|
}
|
2022-11-28 10:33:28 +00:00
|
|
|
|
2022-11-28 11:26:41 +00:00
|
|
|
if mount == "" {
|
|
|
|
fp.Health = drivers.HealthStateUnhealthy
|
|
|
|
fp.HealthDescription = drivers.CgroupMountEmpty
|
|
|
|
d.setFingerprintFailure()
|
|
|
|
return fp
|
2022-11-28 10:33:28 +00:00
|
|
|
}
|
|
|
|
|
2022-11-28 11:26:41 +00:00
|
|
|
fp.Attributes["driver.exec"] = pstructs.NewBoolAttribute(true)
|
|
|
|
d.setFingerprintSuccess()
|
2022-11-28 10:33:28 +00:00
|
|
|
return fp
|
|
|
|
}
|
|
|
|
|
2022-11-28 11:26:41 +00:00
|
|
|
func (d *Driver) RecoverTask(handle *drivers.TaskHandle) error {
|
|
|
|
if handle == nil {
|
|
|
|
return fmt.Errorf("handle cannot be nil")
|
|
|
|
}
|
|
|
|
|
|
|
|
// If already attached to handle there's nothing to recover.
|
|
|
|
if _, ok := d.tasks.Get(handle.Config.ID); ok {
|
|
|
|
d.logger.Trace("nothing to recover; task already exists",
|
|
|
|
"task_id", handle.Config.ID,
|
|
|
|
"task_name", handle.Config.Name,
|
|
|
|
)
|
|
|
|
return nil
|
|
|
|
}
|
|
|
|
|
|
|
|
// Handle doesn't already exist, try to reattach
|
|
|
|
var taskState TaskState
|
|
|
|
if err := handle.GetDriverState(&taskState); err != nil {
|
|
|
|
d.logger.Error("failed to decode task state from handle", "error", err, "task_id", handle.Config.ID)
|
|
|
|
return fmt.Errorf("failed to decode task state from handle: %v", err)
|
|
|
|
}
|
|
|
|
|
2022-11-28 16:06:00 +00:00
|
|
|
// Create new executor
|
|
|
|
exec := executor.NewExecutorWithIsolation(
|
2022-11-29 08:51:00 +00:00
|
|
|
d.logger.With("task_name", handle.Config.Name, "alloc_id", handle.Config.AllocID))
|
2022-11-28 11:26:41 +00:00
|
|
|
|
|
|
|
h := &taskHandle{
|
2022-11-29 08:51:00 +00:00
|
|
|
exec: exec,
|
|
|
|
pid: taskState.Pid,
|
|
|
|
taskConfig: taskState.TaskConfig,
|
|
|
|
procState: drivers.TaskStateRunning,
|
|
|
|
startedAt: taskState.StartedAt,
|
|
|
|
exitResult: &drivers.ExitResult{},
|
|
|
|
logger: d.logger,
|
2022-11-28 11:26:41 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
d.tasks.Set(taskState.TaskConfig.ID, h)
|
|
|
|
|
|
|
|
go h.run()
|
|
|
|
return nil
|
|
|
|
}
|
|
|
|
|
|
|
|
func (d *Driver) StartTask(cfg *drivers.TaskConfig) (*drivers.TaskHandle, *drivers.DriverNetwork, error) {
|
2022-11-28 10:33:28 +00:00
|
|
|
if _, ok := d.tasks.Get(cfg.ID); ok {
|
|
|
|
return nil, nil, fmt.Errorf("task with ID %q already started", cfg.ID)
|
|
|
|
}
|
|
|
|
|
|
|
|
var driverConfig TaskConfig
|
|
|
|
if err := cfg.DecodeDriverConfig(&driverConfig); err != nil {
|
|
|
|
return nil, nil, fmt.Errorf("failed to decode driver config: %v", err)
|
|
|
|
}
|
|
|
|
|
2022-11-28 11:26:41 +00:00
|
|
|
if err := driverConfig.validate(); err != nil {
|
|
|
|
return nil, nil, fmt.Errorf("failed driver config validation: %v", err)
|
|
|
|
}
|
|
|
|
|
2022-11-28 10:33:28 +00:00
|
|
|
d.logger.Info("starting task", "driver_cfg", hclog.Fmt("%+v", driverConfig))
|
|
|
|
handle := drivers.NewTaskHandle(taskHandleVersion)
|
|
|
|
handle.Config = cfg
|
|
|
|
|
2022-11-28 16:06:00 +00:00
|
|
|
exec := executor.NewExecutorWithIsolation(
|
2022-11-29 08:51:00 +00:00
|
|
|
d.logger.With("task_name", handle.Config.Name, "alloc_id", handle.Config.AllocID))
|
2022-11-28 10:33:28 +00:00
|
|
|
|
2022-11-28 11:26:41 +00:00
|
|
|
user := cfg.User
|
|
|
|
if user == "" {
|
2022-11-28 17:08:02 +00:00
|
|
|
user = "0"
|
2022-11-28 11:26:41 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
if cfg.DNS != nil {
|
|
|
|
dnsMount, err := resolvconf.GenerateDNSMount(cfg.TaskDir().Dir, cfg.DNS)
|
|
|
|
if err != nil {
|
|
|
|
return nil, nil, fmt.Errorf("failed to build mount for resolv.conf: %v", err)
|
|
|
|
}
|
|
|
|
cfg.Mounts = append(cfg.Mounts, dnsMount)
|
|
|
|
}
|
|
|
|
|
2022-11-28 17:30:33 +00:00
|
|
|
// Bind mounts specified in driver config
|
|
|
|
|
|
|
|
// Bind mounts specified in task config
|
2022-11-29 08:51:00 +00:00
|
|
|
if d.config.AllowBind {
|
|
|
|
if driverConfig.Bind != nil {
|
|
|
|
for host, task := range driverConfig.Bind {
|
|
|
|
mount_config := drivers.MountConfig{
|
|
|
|
TaskPath: task,
|
|
|
|
HostPath: host,
|
|
|
|
Readonly: false,
|
|
|
|
PropagationMode: "private",
|
|
|
|
}
|
|
|
|
d.logger.Info("adding RW mount from task spec", "mount_config", hclog.Fmt("%+v", mount_config))
|
|
|
|
cfg.Mounts = append(cfg.Mounts, &mount_config)
|
2022-11-28 16:06:00 +00:00
|
|
|
}
|
2022-11-28 11:45:27 +00:00
|
|
|
}
|
2022-11-29 08:51:00 +00:00
|
|
|
if driverConfig.BindReadOnly != nil {
|
|
|
|
for host, task := range driverConfig.BindReadOnly {
|
|
|
|
mount_config := drivers.MountConfig{
|
|
|
|
TaskPath: task,
|
|
|
|
HostPath: host,
|
|
|
|
Readonly: true,
|
|
|
|
PropagationMode: "private",
|
|
|
|
}
|
|
|
|
d.logger.Info("adding RO mount from task spec", "mount_config", hclog.Fmt("%+v", mount_config))
|
|
|
|
cfg.Mounts = append(cfg.Mounts, &mount_config)
|
2022-11-28 16:06:00 +00:00
|
|
|
}
|
2022-11-29 08:51:00 +00:00
|
|
|
}
|
|
|
|
} else {
|
|
|
|
if len(driverConfig.Bind) > 0 || len(driverConfig.BindReadOnly) > 0 {
|
|
|
|
return nil, nil, fmt.Errorf("bind and bind_read_only are deactivated for the %s driver", pluginName)
|
2022-11-28 11:45:27 +00:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2022-11-28 11:26:41 +00:00
|
|
|
caps, err := capabilities.Calculate(
|
|
|
|
capabilities.NomadDefaults(), d.config.AllowCaps, driverConfig.CapAdd, driverConfig.CapDrop,
|
|
|
|
)
|
|
|
|
if err != nil {
|
|
|
|
return nil, nil, err
|
|
|
|
}
|
|
|
|
d.logger.Debug("task capabilities", "capabilities", caps)
|
|
|
|
|
2022-11-28 10:33:28 +00:00
|
|
|
execCmd := &executor.ExecCommand{
|
2022-11-28 11:26:41 +00:00
|
|
|
Cmd: driverConfig.Command,
|
|
|
|
Args: driverConfig.Args,
|
|
|
|
Env: cfg.EnvList(),
|
|
|
|
User: user,
|
|
|
|
ResourceLimits: true,
|
|
|
|
NoPivotRoot: d.config.NoPivotRoot,
|
|
|
|
Resources: cfg.Resources,
|
|
|
|
TaskDir: cfg.TaskDir().Dir,
|
|
|
|
StdoutPath: cfg.StdoutPath,
|
|
|
|
StderrPath: cfg.StderrPath,
|
|
|
|
Mounts: cfg.Mounts,
|
|
|
|
Devices: cfg.Devices,
|
|
|
|
NetworkIsolation: cfg.NetworkIsolation,
|
|
|
|
ModePID: executor.IsolationMode(d.config.DefaultModePID, driverConfig.ModePID),
|
|
|
|
ModeIPC: executor.IsolationMode(d.config.DefaultModeIPC, driverConfig.ModeIPC),
|
|
|
|
Capabilities: caps,
|
2022-11-28 10:33:28 +00:00
|
|
|
}
|
2022-11-29 08:51:00 +00:00
|
|
|
|
2022-11-28 16:06:00 +00:00
|
|
|
d.logger.Info("launching with", "exec_cmd", hclog.Fmt("%+v", execCmd))
|
2022-11-28 10:33:28 +00:00
|
|
|
|
|
|
|
ps, err := exec.Launch(execCmd)
|
|
|
|
if err != nil {
|
|
|
|
return nil, nil, fmt.Errorf("failed to launch command with executor: %v", err)
|
|
|
|
}
|
|
|
|
|
|
|
|
h := &taskHandle{
|
2022-11-29 08:51:00 +00:00
|
|
|
exec: exec,
|
|
|
|
pid: ps.Pid,
|
|
|
|
taskConfig: cfg,
|
|
|
|
procState: drivers.TaskStateRunning,
|
|
|
|
startedAt: time.Now().Round(time.Millisecond),
|
|
|
|
logger: d.logger,
|
2022-11-28 10:33:28 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
driverState := TaskState{
|
2022-11-29 08:51:00 +00:00
|
|
|
Pid: ps.Pid,
|
|
|
|
TaskConfig: cfg,
|
|
|
|
StartedAt: h.startedAt,
|
2022-11-28 10:33:28 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
if err := handle.SetDriverState(&driverState); err != nil {
|
2022-11-28 11:26:41 +00:00
|
|
|
d.logger.Error("failed to start task, error setting driver state", "error", err)
|
|
|
|
_ = exec.Shutdown("", 0)
|
2022-11-28 10:33:28 +00:00
|
|
|
return nil, nil, fmt.Errorf("failed to set driver state: %v", err)
|
|
|
|
}
|
|
|
|
|
|
|
|
d.tasks.Set(cfg.ID, h)
|
|
|
|
go h.run()
|
|
|
|
return handle, nil, nil
|
|
|
|
}
|
|
|
|
|
2022-11-28 11:26:41 +00:00
|
|
|
func (d *Driver) WaitTask(ctx context.Context, taskID string) (<-chan *drivers.ExitResult, error) {
|
2022-11-28 10:33:28 +00:00
|
|
|
handle, ok := d.tasks.Get(taskID)
|
|
|
|
if !ok {
|
|
|
|
return nil, drivers.ErrTaskNotFound
|
|
|
|
}
|
|
|
|
|
|
|
|
ch := make(chan *drivers.ExitResult)
|
|
|
|
go d.handleWait(ctx, handle, ch)
|
2022-11-28 11:26:41 +00:00
|
|
|
|
2022-11-28 10:33:28 +00:00
|
|
|
return ch, nil
|
|
|
|
}
|
|
|
|
|
2022-11-28 11:26:41 +00:00
|
|
|
func (d *Driver) handleWait(ctx context.Context, handle *taskHandle, ch chan *drivers.ExitResult) {
|
2022-11-28 10:33:28 +00:00
|
|
|
defer close(ch)
|
|
|
|
var result *drivers.ExitResult
|
|
|
|
ps, err := handle.exec.Wait(ctx)
|
|
|
|
if err != nil {
|
|
|
|
result = &drivers.ExitResult{
|
|
|
|
Err: fmt.Errorf("executor: error waiting on process: %v", err),
|
|
|
|
}
|
|
|
|
} else {
|
|
|
|
result = &drivers.ExitResult{
|
|
|
|
ExitCode: ps.ExitCode,
|
|
|
|
Signal: ps.Signal,
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2022-11-28 11:26:41 +00:00
|
|
|
select {
|
|
|
|
case <-ctx.Done():
|
|
|
|
return
|
|
|
|
case <-d.ctx.Done():
|
|
|
|
return
|
|
|
|
case ch <- result:
|
2022-11-28 10:33:28 +00:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2022-11-28 11:26:41 +00:00
|
|
|
func (d *Driver) StopTask(taskID string, timeout time.Duration, signal string) error {
|
2022-11-28 10:33:28 +00:00
|
|
|
handle, ok := d.tasks.Get(taskID)
|
|
|
|
if !ok {
|
|
|
|
return drivers.ErrTaskNotFound
|
|
|
|
}
|
|
|
|
|
|
|
|
if err := handle.exec.Shutdown(signal, timeout); err != nil {
|
|
|
|
return fmt.Errorf("executor Shutdown failed: %v", err)
|
|
|
|
}
|
|
|
|
|
|
|
|
return nil
|
|
|
|
}
|
|
|
|
|
2022-11-28 11:26:41 +00:00
|
|
|
// resetCgroup will re-create the v2 cgroup for the task after the task has been
|
|
|
|
// destroyed by libcontainer. In the case of a task restart we call DestroyTask
|
|
|
|
// which removes the cgroup - but we still need it!
|
|
|
|
//
|
|
|
|
// Ideally the cgroup management would be more unified - and we could do the creation
|
|
|
|
// on a task runner pre-start hook, eliminating the need for this hack.
|
|
|
|
func (d *Driver) resetCgroup(handle *taskHandle) {
|
|
|
|
if cgutil.UseV2 {
|
|
|
|
if handle.taskConfig.Resources != nil &&
|
|
|
|
handle.taskConfig.Resources.LinuxResources != nil &&
|
|
|
|
handle.taskConfig.Resources.LinuxResources.CpusetCgroupPath != "" {
|
|
|
|
err := os.Mkdir(handle.taskConfig.Resources.LinuxResources.CpusetCgroupPath, 0755)
|
|
|
|
if err != nil {
|
|
|
|
d.logger.Trace("failed to reset cgroup", "path", handle.taskConfig.Resources.LinuxResources.CpusetCgroupPath)
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
func (d *Driver) DestroyTask(taskID string, force bool) error {
|
2022-11-28 10:33:28 +00:00
|
|
|
handle, ok := d.tasks.Get(taskID)
|
|
|
|
if !ok {
|
|
|
|
return drivers.ErrTaskNotFound
|
|
|
|
}
|
|
|
|
|
|
|
|
if handle.IsRunning() && !force {
|
2022-11-28 11:26:41 +00:00
|
|
|
return fmt.Errorf("cannot destroy running task")
|
2022-11-28 10:33:28 +00:00
|
|
|
}
|
|
|
|
|
2022-11-28 16:06:00 +00:00
|
|
|
if err := handle.exec.Shutdown("", 0); err != nil {
|
|
|
|
handle.logger.Error("destroying executor failed", "error", err)
|
2022-11-28 10:33:28 +00:00
|
|
|
}
|
|
|
|
|
2022-11-28 11:26:41 +00:00
|
|
|
// workaround for the case where DestroyTask was issued on task restart
|
|
|
|
d.resetCgroup(handle)
|
|
|
|
|
2022-11-28 10:33:28 +00:00
|
|
|
d.tasks.Delete(taskID)
|
|
|
|
return nil
|
|
|
|
}
|
|
|
|
|
2022-11-28 11:26:41 +00:00
|
|
|
func (d *Driver) InspectTask(taskID string) (*drivers.TaskStatus, error) {
|
2022-11-28 10:33:28 +00:00
|
|
|
handle, ok := d.tasks.Get(taskID)
|
|
|
|
if !ok {
|
|
|
|
return nil, drivers.ErrTaskNotFound
|
|
|
|
}
|
|
|
|
|
|
|
|
return handle.TaskStatus(), nil
|
|
|
|
}
|
|
|
|
|
2022-11-28 11:26:41 +00:00
|
|
|
func (d *Driver) TaskStats(ctx context.Context, taskID string, interval time.Duration) (<-chan *drivers.TaskResourceUsage, error) {
|
2022-11-28 10:33:28 +00:00
|
|
|
handle, ok := d.tasks.Get(taskID)
|
|
|
|
if !ok {
|
|
|
|
return nil, drivers.ErrTaskNotFound
|
|
|
|
}
|
|
|
|
|
|
|
|
return handle.exec.Stats(ctx, interval)
|
|
|
|
}
|
|
|
|
|
2022-11-28 11:26:41 +00:00
|
|
|
func (d *Driver) TaskEvents(ctx context.Context) (<-chan *drivers.TaskEvent, error) {
|
2022-11-28 10:33:28 +00:00
|
|
|
return d.eventer.TaskEvents(ctx)
|
|
|
|
}
|
|
|
|
|
2022-11-28 11:26:41 +00:00
|
|
|
func (d *Driver) SignalTask(taskID string, signal string) error {
|
2022-11-28 10:33:28 +00:00
|
|
|
handle, ok := d.tasks.Get(taskID)
|
|
|
|
if !ok {
|
|
|
|
return drivers.ErrTaskNotFound
|
|
|
|
}
|
|
|
|
|
|
|
|
sig := os.Interrupt
|
|
|
|
if s, ok := signals.SignalLookup[signal]; ok {
|
|
|
|
sig = s
|
|
|
|
} else {
|
|
|
|
d.logger.Warn("unknown signal to send to task, using SIGINT instead", "signal", signal, "task_id", handle.taskConfig.ID)
|
|
|
|
|
|
|
|
}
|
|
|
|
return handle.exec.Signal(sig)
|
|
|
|
}
|
|
|
|
|
2022-11-28 11:26:41 +00:00
|
|
|
func (d *Driver) ExecTask(taskID string, cmd []string, timeout time.Duration) (*drivers.ExecTaskResult, error) {
|
|
|
|
if len(cmd) == 0 {
|
|
|
|
return nil, fmt.Errorf("error cmd must have at least one value")
|
|
|
|
}
|
|
|
|
handle, ok := d.tasks.Get(taskID)
|
|
|
|
if !ok {
|
|
|
|
return nil, drivers.ErrTaskNotFound
|
|
|
|
}
|
|
|
|
|
|
|
|
args := []string{}
|
|
|
|
if len(cmd) > 1 {
|
|
|
|
args = cmd[1:]
|
|
|
|
}
|
|
|
|
|
|
|
|
out, exitCode, err := handle.exec.Exec(time.Now().Add(timeout), cmd[0], args)
|
|
|
|
if err != nil {
|
|
|
|
return nil, err
|
|
|
|
}
|
|
|
|
|
|
|
|
return &drivers.ExecTaskResult{
|
|
|
|
Stdout: out,
|
|
|
|
ExitResult: &drivers.ExitResult{
|
|
|
|
ExitCode: exitCode,
|
|
|
|
},
|
|
|
|
}, nil
|
|
|
|
}
|
|
|
|
|
|
|
|
var _ drivers.ExecTaskStreamingRawDriver = (*Driver)(nil)
|
|
|
|
|
|
|
|
func (d *Driver) ExecTaskStreamingRaw(ctx context.Context,
|
|
|
|
taskID string,
|
|
|
|
command []string,
|
|
|
|
tty bool,
|
|
|
|
stream drivers.ExecTaskStream) error {
|
|
|
|
|
|
|
|
if len(command) == 0 {
|
|
|
|
return fmt.Errorf("error cmd must have at least one value")
|
|
|
|
}
|
|
|
|
handle, ok := d.tasks.Get(taskID)
|
|
|
|
if !ok {
|
|
|
|
return drivers.ErrTaskNotFound
|
|
|
|
}
|
|
|
|
|
|
|
|
return handle.exec.ExecStreaming(ctx, command, tty, stream)
|
2022-11-28 10:33:28 +00:00
|
|
|
}
|