Compare commits
No commits in common. "main" and "upstream-exec-driver" have entirely different histories.
main
...
upstream-e
33 changed files with 132 additions and 3796 deletions
4
.gitignore
vendored
4
.gitignore
vendored
|
@ -1,2 +1,2 @@
|
|||
nomad-driver-*
|
||||
*-driver
|
||||
nomad-driver-exec2
|
||||
exec2-driver
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
PLUGIN_BINARY=nix2-driver
|
||||
PLUGIN_BINARY=hello-driver
|
||||
export GO111MODULE=on
|
||||
|
||||
default: build
|
||||
|
|
79
README.md
79
README.md
|
@ -1,33 +1,84 @@
|
|||
Nomad Nix Driver Plugin
|
||||
Nomad Skeleton Driver Plugin
|
||||
==========
|
||||
|
||||
A Nomad driver to run Nix jobs.
|
||||
Uses the same isolation mechanism as the `exec` driver.
|
||||
Partially based on [`nomad-driver-nix`](https://github.com/input-output-hk/nomad-driver-nix)
|
||||
Skeleton project for
|
||||
[Nomad task driver plugins](https://www.nomadproject.io/docs/drivers/index.html).
|
||||
|
||||
This project is intended for bootstrapping development of a new task driver
|
||||
plugin.
|
||||
|
||||
- Website: [https://www.nomadproject.io](https://www.nomadproject.io)
|
||||
- Mailing list: [Google Groups](http://groups.google.com/group/nomad-tool)
|
||||
|
||||
Requirements
|
||||
-------------------
|
||||
|
||||
- [Go](https://golang.org/doc/install) v1.19 or later (to compile the plugin)
|
||||
- [Nomad](https://www.nomadproject.io/downloads.html) v1.3 or later (to run the plugin)
|
||||
- [Nix](https://nixos.org/download.html) v2.11 or later (to run the plugin), either through NixOS or installed in root mode
|
||||
- [Go](https://golang.org/doc/install) v1.18 or later (to compile the plugin)
|
||||
- [Nomad](https://www.nomadproject.io/downloads.html) v0.9+ (to run the plugin)
|
||||
|
||||
Building and using the Nix driver plugin
|
||||
Building the Skeleton Plugin
|
||||
-------------------
|
||||
|
||||
To build the plugin and run a dev agent:
|
||||
[Generate](https://github.com/hashicorp/nomad-skeleton-driver-plugin/generate)
|
||||
a new repository in your account from this template by clicking the `Use this
|
||||
template` button above.
|
||||
|
||||
Clone the repository somewhere in your computer. This project uses
|
||||
[Go modules](https://blog.golang.org/using-go-modules) so you will need to set
|
||||
the environment variable `GO111MODULE=on` or work outside your `GOPATH` if it
|
||||
is set to `auto` or not declared.
|
||||
|
||||
```sh
|
||||
$ git clone git@github.com:<ORG>/<REPO>git
|
||||
```
|
||||
|
||||
Enter the plugin directory and update the paths in `go.mod` and `main.go` to
|
||||
match your repository path.
|
||||
|
||||
```diff
|
||||
// go.mod
|
||||
|
||||
- module github.com/hashicorp/nomad-skeleton-driver-plugin
|
||||
+ module github.com/<ORG>/<REPO>
|
||||
...
|
||||
```
|
||||
|
||||
```diff
|
||||
// main.go
|
||||
|
||||
package main
|
||||
|
||||
import (
|
||||
log "github.com/hashicorp/go-hclog"
|
||||
- "github.com/hashicorp/nomad-skeleton-driver-plugin/hello"
|
||||
+. "github.com/<REPO>/<ORG>/hello"
|
||||
...
|
||||
|
||||
```
|
||||
|
||||
Build the skeleton plugin.
|
||||
|
||||
```sh
|
||||
$ make build
|
||||
```
|
||||
|
||||
## Deploying Driver Plugins in Nomad
|
||||
|
||||
The initial version of the skeleton is a simple task that outputs a greeting.
|
||||
You can try it out by starting a Nomad agent and running the job provided in
|
||||
the `example` folder:
|
||||
|
||||
```sh
|
||||
$ make build
|
||||
$ nomad agent -dev -config=./example/agent.hcl -plugin-dir=$(pwd)
|
||||
|
||||
# in another shell
|
||||
$ nomad run ./example/example-batch.hcl
|
||||
$ nomad run ./example/example-service.hcl
|
||||
$ nomad run ./example/example.nomad
|
||||
$ nomad logs <ALLOCATION ID>
|
||||
```
|
||||
|
||||
Writing Nix job specifications
|
||||
Code Organization
|
||||
-------------------
|
||||
|
||||
See documentation comments in example HCL files.
|
||||
Follow the comments marked with a `TODO` tag to implement your driver's logic.
|
||||
For more information check the
|
||||
[Nomad documentation on plugins](https://www.nomadproject.io/docs/internals/plugins/index.html).
|
||||
|
|
|
@ -1,10 +1,7 @@
|
|||
#log_level = "TRACE"
|
||||
log_level = "TRACE"
|
||||
|
||||
client {
|
||||
}
|
||||
|
||||
plugin "nix2-driver" {
|
||||
plugin "hello-driver" {
|
||||
config {
|
||||
default_nixpkgs = "github:nixos/nixpkgs/nixos-22.05"
|
||||
shell = "bash"
|
||||
}
|
||||
}
|
||||
|
|
|
@ -1,69 +0,0 @@
|
|||
job "nix2-example-batch" {
|
||||
datacenters = ["dc1"]
|
||||
type = "batch"
|
||||
|
||||
group "example" {
|
||||
# Simple example: how to run a binary from a Nixpkgs package
|
||||
# By default, this will use nixpkgs from github:nixos/nixpkgs/nixos-22.05
|
||||
# as a base system, as defined in the agent config file.
|
||||
# This could be overridden by setting nixpkgs = "another flake"
|
||||
# inside the config {} block
|
||||
task "nix-hello" {
|
||||
driver = "nix2"
|
||||
|
||||
config {
|
||||
# Packages contains a list of Nix flakes to include in the environement.
|
||||
# Entries that start with # will be relative to nixpkgs.
|
||||
# Otherwise, they are flake names that are passed directly to Nix build
|
||||
packages = [
|
||||
"#hello" # equivalent to "github:nixos/nixpkgs/nixos-22.05#hello"
|
||||
]
|
||||
command = "hello"
|
||||
}
|
||||
}
|
||||
|
||||
# This example show how to setup root CA certificates so that jobs
|
||||
# can do TLS connections
|
||||
# Here, a Nix profile is built using packages curl and cacert from nixpkgs.
|
||||
# Because the cacert package is included, the ca-bundle.crt file is added to
|
||||
# /etc in that profile. Then, the nix2 driver binds all files from that
|
||||
# profile in the root directory, making ca-bundle.crt available directly under /etc.
|
||||
# Reference: see https://gist.github.com/CMCDragonkai/1ae4f4b5edeb021ca7bb1d271caca999
|
||||
task "nix-curl-ssl" {
|
||||
driver = "nix2"
|
||||
|
||||
config {
|
||||
packages = [
|
||||
"#curl", "#cacert"
|
||||
]
|
||||
command = "curl"
|
||||
args = [
|
||||
"https://nixos.org"
|
||||
]
|
||||
}
|
||||
env = {
|
||||
SSL_CERT_FILE = "/etc/ssl/certs/ca-bundle.crt"
|
||||
}
|
||||
}
|
||||
|
||||
# This example show how to use a flake defined from a file
|
||||
task "nix-hello-flake" {
|
||||
driver = "nix2"
|
||||
|
||||
config {
|
||||
# Packages contains a list of Nix flakes to include in the environement.
|
||||
# Entries that start with # will be relative to nixpkgs.
|
||||
# Otherwise, they are flake names that are passed directly to Nix build
|
||||
packages = [
|
||||
".#hello"
|
||||
]
|
||||
command = "hello"
|
||||
}
|
||||
|
||||
template {
|
||||
data = file("flake.nix")
|
||||
destination = "flake.nix"
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
|
@ -1,36 +0,0 @@
|
|||
job "nix2-example-service" {
|
||||
datacenters = ["dc1"]
|
||||
type = "service"
|
||||
|
||||
group "example" {
|
||||
# This task defines a server that runs a simple python file server on port 8080,
|
||||
# which allows to explore the contents of the filesystem namespace as visible
|
||||
# by processes that run inside the task.
|
||||
# A bunch of utilities are included as well, so that you can exec into the container
|
||||
# and explore what's inside by yourself.
|
||||
task "nix-python-serve-http" {
|
||||
driver = "nix2"
|
||||
|
||||
config {
|
||||
packages = [
|
||||
"#python3",
|
||||
"#bash",
|
||||
"#coreutils",
|
||||
"#curl",
|
||||
"#nix",
|
||||
"#git",
|
||||
"#cacert",
|
||||
"#strace",
|
||||
"#gnugrep",
|
||||
"#findutils",
|
||||
"#mount",
|
||||
]
|
||||
command = "python3"
|
||||
args = [ "-m", "http.server", "8080" ]
|
||||
}
|
||||
env = {
|
||||
SSL_CERT_FILE = "/etc/ssl/certs/ca-bundle.crt"
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
14
example/example.nomad
Normal file
14
example/example.nomad
Normal file
|
@ -0,0 +1,14 @@
|
|||
job "example" {
|
||||
datacenters = ["dc1"]
|
||||
type = "batch"
|
||||
|
||||
group "example" {
|
||||
task "hello-world" {
|
||||
driver = "hello-world-example"
|
||||
|
||||
config {
|
||||
greeting = "hello"
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
|
@ -1,18 +0,0 @@
|
|||
{
|
||||
description = "A very basic flake";
|
||||
|
||||
outputs = { self, nixpkgs }:
|
||||
let
|
||||
pkgs = import nixpkgs { system = "x86_64-linux"; };
|
||||
hello = pkgs.writeScriptBin "hello" ''
|
||||
#!${pkgs.bash}/bin/bash
|
||||
echo "Hello from bash script!"
|
||||
'';
|
||||
in {
|
||||
|
||||
packages.x86_64-linux.hello = hello;
|
||||
|
||||
packages.x86_64-linux.default = self.packages.x86_64-linux.hello;
|
||||
|
||||
};
|
||||
}
|
|
@ -1,4 +1,4 @@
|
|||
package nix2
|
||||
package exec
|
||||
|
||||
import (
|
||||
"context"
|
||||
|
@ -6,18 +6,16 @@ import (
|
|||
"os"
|
||||
"path/filepath"
|
||||
"runtime"
|
||||
"strings"
|
||||
"sync"
|
||||
"time"
|
||||
|
||||
"git.deuxfleurs.fr/Deuxfleurs/nomad-driver-nix2/executor"
|
||||
"github.com/hashicorp/consul-template/signals"
|
||||
hclog "github.com/hashicorp/go-hclog"
|
||||
"github.com/hashicorp/nomad/client/lib/cgutil"
|
||||
"github.com/hashicorp/nomad/drivers/shared/capabilities"
|
||||
"github.com/hashicorp/nomad/drivers/shared/eventer"
|
||||
"github.com/hashicorp/nomad/drivers/shared/executor"
|
||||
"github.com/hashicorp/nomad/drivers/shared/resolvconf"
|
||||
"github.com/hashicorp/nomad/helper/pluginutils/hclutils"
|
||||
"github.com/hashicorp/nomad/helper/pluginutils/loader"
|
||||
"github.com/hashicorp/nomad/helper/pointer"
|
||||
"github.com/hashicorp/nomad/plugins/base"
|
||||
|
@ -29,7 +27,7 @@ import (
|
|||
|
||||
const (
|
||||
// pluginName is the name of the plugin
|
||||
pluginName = "nix2"
|
||||
pluginName = "exec"
|
||||
|
||||
// fingerprintPeriod is the interval at which the driver will send fingerprint responses
|
||||
fingerprintPeriod = 30 * time.Second
|
||||
|
@ -47,6 +45,13 @@ var (
|
|||
PluginType: base.PluginTypeDriver,
|
||||
}
|
||||
|
||||
// PluginConfig is the exec driver factory function registered in the
|
||||
// plugin catalog.
|
||||
PluginConfig = &loader.InternalPluginConfig{
|
||||
Config: map[string]interface{}{},
|
||||
Factory: func(ctx context.Context, l hclog.Logger) interface{} { return NewExecDriver(ctx, l) },
|
||||
}
|
||||
|
||||
// pluginInfo is the response returned for the PluginInfo RPC
|
||||
pluginInfo = &base.PluginInfoResponse{
|
||||
Type: base.PluginTypeDriver,
|
||||
|
@ -69,33 +74,21 @@ var (
|
|||
hclspec.NewAttr("default_ipc_mode", "string", false),
|
||||
hclspec.NewLiteral(`"private"`),
|
||||
),
|
||||
"default_nixpkgs": hclspec.NewDefault(
|
||||
hclspec.NewAttr("default_nixpkgs", "string", false),
|
||||
hclspec.NewLiteral(`"github:nixos/nixpkgs/nixos-23.11"`),
|
||||
),
|
||||
"allow_caps": hclspec.NewDefault(
|
||||
hclspec.NewAttr("allow_caps", "list(string)", false),
|
||||
hclspec.NewLiteral(capabilities.HCLSpecLiteral),
|
||||
),
|
||||
"allow_bind": hclspec.NewDefault(
|
||||
hclspec.NewAttr("allow_bind", "bool", false),
|
||||
hclspec.NewLiteral("true"),
|
||||
),
|
||||
})
|
||||
|
||||
// taskConfigSpec is the hcl specification for the driver config section of
|
||||
// a task within a job. It is returned in the TaskConfigSchema RPC
|
||||
taskConfigSpec = hclspec.NewObject(map[string]*hclspec.Spec{
|
||||
"command": hclspec.NewAttr("command", "string", true),
|
||||
"args": hclspec.NewAttr("args", "list(string)", false),
|
||||
"bind": hclspec.NewAttr("bind", "list(map(string))", false),
|
||||
"bind_read_only": hclspec.NewAttr("bind_read_only", "list(map(string))", false),
|
||||
"pid_mode": hclspec.NewAttr("pid_mode", "string", false),
|
||||
"ipc_mode": hclspec.NewAttr("ipc_mode", "string", false),
|
||||
"cap_add": hclspec.NewAttr("cap_add", "list(string)", false),
|
||||
"cap_drop": hclspec.NewAttr("cap_drop", "list(string)", false),
|
||||
"nixpkgs": hclspec.NewAttr("nixpkgs", "string", false),
|
||||
"packages": hclspec.NewAttr("packages", "list(string)", false),
|
||||
"command": hclspec.NewAttr("command", "string", true),
|
||||
"args": hclspec.NewAttr("args", "list(string)", false),
|
||||
"pid_mode": hclspec.NewAttr("pid_mode", "string", false),
|
||||
"ipc_mode": hclspec.NewAttr("ipc_mode", "string", false),
|
||||
"cap_add": hclspec.NewAttr("cap_add", "list(string)", false),
|
||||
"cap_drop": hclspec.NewAttr("cap_drop", "list(string)", false),
|
||||
})
|
||||
|
||||
// driverCapabilities represents the RPC response for what features are
|
||||
|
@ -103,7 +96,7 @@ var (
|
|||
driverCapabilities = &drivers.Capabilities{
|
||||
SendSignals: true,
|
||||
Exec: true,
|
||||
FSIsolation: drivers.FSIsolationNone,
|
||||
FSIsolation: drivers.FSIsolationChroot,
|
||||
NetIsolationModes: []drivers.NetIsolationMode{
|
||||
drivers.NetIsolationModeHost,
|
||||
drivers.NetIsolationModeGroup,
|
||||
|
@ -132,10 +125,6 @@ type Driver struct {
|
|||
// coordinate shutdown
|
||||
ctx context.Context
|
||||
|
||||
// signalShutdown is called when the driver is shutting down and cancels
|
||||
// the ctx passed to any subsystems
|
||||
signalShutdown context.CancelFunc
|
||||
|
||||
// logger will log to the Nomad agent
|
||||
logger hclog.Logger
|
||||
|
||||
|
@ -159,15 +148,9 @@ type Config struct {
|
|||
// exec-based task drivers.
|
||||
DefaultModeIPC string `codec:"default_ipc_mode"`
|
||||
|
||||
// Nixpkgs flake to use
|
||||
DefaultNixpkgs string `codec:"default_nixpkgs"`
|
||||
|
||||
// AllowCaps configures which Linux Capabilities are enabled for tasks
|
||||
// running on this node.
|
||||
AllowCaps []string `codec:"allow_caps"`
|
||||
|
||||
// AllowBind defines whether users may bind host directories
|
||||
AllowBind bool `codec:"allow_bind"`
|
||||
}
|
||||
|
||||
func (c *Config) validate() error {
|
||||
|
@ -199,12 +182,6 @@ type TaskConfig struct {
|
|||
// Args are passed along to Command.
|
||||
Args []string `codec:"args"`
|
||||
|
||||
// Paths to bind for read-write acess
|
||||
Bind hclutils.MapStrStr `codec:"bind"`
|
||||
|
||||
// Paths to bind for read-only acess
|
||||
BindReadOnly hclutils.MapStrStr `codec:"bind_read_only"`
|
||||
|
||||
// ModePID indicates whether PID namespace isolation is enabled for the task.
|
||||
// Must be "private" or "host" if set.
|
||||
ModePID string `codec:"pid_mode"`
|
||||
|
@ -213,20 +190,14 @@ type TaskConfig struct {
|
|||
// Must be "private" or "host" if set.
|
||||
ModeIPC string `codec:"ipc_mode"`
|
||||
|
||||
// Nixpkgs flake to use
|
||||
Nixpkgs string `codec:"nixpkgs"`
|
||||
|
||||
// CapAdd is a set of linux capabilities to enable.
|
||||
CapAdd []string `codec:"cap_add"`
|
||||
|
||||
// CapDrop is a set of linux capabilities to disable.
|
||||
CapDrop []string `codec:"cap_drop"`
|
||||
|
||||
// List of Nix packages to add to environment
|
||||
Packages []string `codec:"packages"`
|
||||
}
|
||||
|
||||
func (tc *TaskConfig) validate(dc *Config) error {
|
||||
func (tc *TaskConfig) validate() error {
|
||||
switch tc.ModePID {
|
||||
case "", executor.IsolationModePrivate, executor.IsolationModeHost:
|
||||
default:
|
||||
|
@ -249,12 +220,6 @@ func (tc *TaskConfig) validate(dc *Config) error {
|
|||
return fmt.Errorf("cap_drop configured with capabilities not supported by system: %s", badDrops)
|
||||
}
|
||||
|
||||
if !dc.AllowBind {
|
||||
if len(tc.Bind) > 0 || len(tc.BindReadOnly) > 0 {
|
||||
return fmt.Errorf("bind and bind_read_only are deactivated for the %s driver", pluginName)
|
||||
}
|
||||
}
|
||||
|
||||
return nil
|
||||
}
|
||||
|
||||
|
@ -268,16 +233,14 @@ type TaskState struct {
|
|||
StartedAt time.Time
|
||||
}
|
||||
|
||||
// NewPlugin returns a new DrivePlugin implementation
|
||||
func NewPlugin(logger hclog.Logger) drivers.DriverPlugin {
|
||||
ctx, cancel := context.WithCancel(context.Background())
|
||||
// NewExecDriver returns a new DrivePlugin implementation
|
||||
func NewExecDriver(ctx context.Context, logger hclog.Logger) drivers.DriverPlugin {
|
||||
logger = logger.Named(pluginName)
|
||||
return &Driver{
|
||||
eventer: eventer.NewEventer(ctx, logger),
|
||||
tasks: newTaskStore(),
|
||||
ctx: ctx,
|
||||
signalShutdown: cancel,
|
||||
logger: logger,
|
||||
eventer: eventer.NewEventer(ctx, logger),
|
||||
tasks: newTaskStore(),
|
||||
ctx: ctx,
|
||||
logger: logger,
|
||||
}
|
||||
}
|
||||
|
||||
|
@ -322,7 +285,6 @@ func (d *Driver) SetConfig(cfg *base.Config) error {
|
|||
if err := config.validate(); err != nil {
|
||||
return err
|
||||
}
|
||||
d.logger.Info("Got config", "driver_config", hclog.Fmt("%+v", config))
|
||||
d.config = config
|
||||
|
||||
if cfg != nil && cfg.AgentConfig != nil {
|
||||
|
@ -469,14 +431,8 @@ func (d *Driver) StartTask(cfg *drivers.TaskConfig) (*drivers.TaskHandle, *drive
|
|||
if err := cfg.DecodeDriverConfig(&driverConfig); err != nil {
|
||||
return nil, nil, fmt.Errorf("failed to decode driver config: %v", err)
|
||||
}
|
||||
if driverConfig.Bind == nil {
|
||||
driverConfig.Bind = make(hclutils.MapStrStr)
|
||||
}
|
||||
if driverConfig.BindReadOnly == nil {
|
||||
driverConfig.BindReadOnly = make(hclutils.MapStrStr)
|
||||
}
|
||||
|
||||
if err := driverConfig.validate(&d.config); err != nil {
|
||||
if err := driverConfig.validate(); err != nil {
|
||||
return nil, nil, fmt.Errorf("failed driver config validation: %v", err)
|
||||
}
|
||||
|
||||
|
@ -503,104 +459,18 @@ func (d *Driver) StartTask(cfg *drivers.TaskConfig) (*drivers.TaskHandle, *drive
|
|||
user = "nobody"
|
||||
}
|
||||
|
||||
// Determine the nixpkgs version to use.
|
||||
nixpkgs := driverConfig.Nixpkgs
|
||||
if nixpkgs == "" {
|
||||
nixpkgs = d.config.DefaultNixpkgs
|
||||
}
|
||||
// Use that repo for all packages not specified from a flake already.
|
||||
for i := range driverConfig.Packages {
|
||||
if strings.HasPrefix(driverConfig.Packages[i], "#") {
|
||||
driverConfig.Packages[i] = nixpkgs + driverConfig.Packages[i]
|
||||
}
|
||||
}
|
||||
|
||||
// Prepare NixOS packages and setup a bunch of read-only mounts
|
||||
// for system stuff and required NixOS packages
|
||||
d.eventer.EmitEvent(&drivers.TaskEvent{
|
||||
TaskID: cfg.ID,
|
||||
AllocID: cfg.AllocID,
|
||||
TaskName: cfg.Name,
|
||||
Timestamp: time.Now(),
|
||||
Message: fmt.Sprintf(
|
||||
"Building Nix packages and preparing NixOS state (using nixpkgs from flake: %s)",
|
||||
nixpkgs,
|
||||
),
|
||||
Annotations: map[string]string{
|
||||
"packages": strings.Join(driverConfig.Packages, " "),
|
||||
},
|
||||
})
|
||||
taskDirs := cfg.TaskDir()
|
||||
systemMounts, err := prepareNixPackages(taskDirs.Dir, driverConfig.Packages, nixpkgs)
|
||||
if err != nil {
|
||||
return nil, nil, err
|
||||
}
|
||||
|
||||
// Some files are necessary and should be taken from outside if not present already
|
||||
etcpaths := []string{
|
||||
"/etc/nsswitch.conf", // Necessary for many things
|
||||
"/etc/passwd", // Necessary for username/UID lookup
|
||||
}
|
||||
|
||||
if cfg.DNS != nil {
|
||||
dnsMount, err := resolvconf.GenerateDNSMount(cfg.TaskDir().Dir, cfg.DNS)
|
||||
if err != nil {
|
||||
return nil, nil, fmt.Errorf("failed to build mount for resolv.conf: %v", err)
|
||||
}
|
||||
cfg.Mounts = append(cfg.Mounts, dnsMount)
|
||||
} else {
|
||||
// Inherit nameserver configuration from host
|
||||
etcpaths = append(etcpaths, "/etc/resolv.conf")
|
||||
}
|
||||
|
||||
for _, f := range etcpaths {
|
||||
if _, ok := systemMounts[f]; !ok {
|
||||
systemMounts[f] = f
|
||||
}
|
||||
}
|
||||
|
||||
d.logger.Info("adding RO system mounts for Nix stuff / system stuff", "system_mounts", hclog.Fmt("%+v", systemMounts))
|
||||
|
||||
for host, task := range systemMounts {
|
||||
mount_config := drivers.MountConfig{
|
||||
TaskPath: task,
|
||||
HostPath: host,
|
||||
Readonly: true,
|
||||
PropagationMode: "private",
|
||||
}
|
||||
cfg.Mounts = append(cfg.Mounts, &mount_config)
|
||||
}
|
||||
|
||||
// Set PATH to /bin
|
||||
cfg.Env["PATH"] = "/bin"
|
||||
|
||||
// Bind mounts specified in task config
|
||||
for host, task := range driverConfig.Bind {
|
||||
mount_config := drivers.MountConfig{
|
||||
TaskPath: task,
|
||||
HostPath: host,
|
||||
Readonly: false,
|
||||
PropagationMode: "private",
|
||||
}
|
||||
d.logger.Info("adding RW mount from task spec", "mount_config", hclog.Fmt("%+v", mount_config))
|
||||
cfg.Mounts = append(cfg.Mounts, &mount_config)
|
||||
}
|
||||
for host, task := range driverConfig.BindReadOnly {
|
||||
mount_config := drivers.MountConfig{
|
||||
TaskPath: task,
|
||||
HostPath: host,
|
||||
Readonly: true,
|
||||
PropagationMode: "private",
|
||||
}
|
||||
d.logger.Info("adding RO mount from task spec", "mount_config", hclog.Fmt("%+v", mount_config))
|
||||
cfg.Mounts = append(cfg.Mounts, &mount_config)
|
||||
}
|
||||
|
||||
caps, err := capabilities.Calculate(
|
||||
capabilities.NomadDefaults(), d.config.AllowCaps, driverConfig.CapAdd, driverConfig.CapDrop,
|
||||
)
|
||||
if err != nil {
|
||||
pluginClient.Kill()
|
||||
return nil, nil, err
|
||||
}
|
||||
d.logger.Debug("task capabilities", "capabilities", caps)
|
||||
|
@ -624,8 +494,6 @@ func (d *Driver) StartTask(cfg *drivers.TaskConfig) (*drivers.TaskHandle, *drive
|
|||
Capabilities: caps,
|
||||
}
|
||||
|
||||
d.logger.Info("launching with", "exec_cmd", hclog.Fmt("%+v", execCmd))
|
||||
|
||||
ps, err := exec.Launch(execCmd)
|
||||
if err != nil {
|
||||
pluginClient.Kill()
|
|
@ -1,4 +1,4 @@
|
|||
package nix2
|
||||
package exec
|
||||
|
||||
import (
|
||||
"context"
|
||||
|
@ -6,9 +6,9 @@ import (
|
|||
"sync"
|
||||
"time"
|
||||
|
||||
"git.deuxfleurs.fr/Deuxfleurs/nomad-driver-nix2/executor"
|
||||
hclog "github.com/hashicorp/go-hclog"
|
||||
plugin "github.com/hashicorp/go-plugin"
|
||||
"github.com/hashicorp/nomad/drivers/shared/executor"
|
||||
"github.com/hashicorp/nomad/plugins/drivers"
|
||||
)
|
||||
|
|
@ -1,4 +1,4 @@
|
|||
package nix2
|
||||
package exec
|
||||
|
||||
import (
|
||||
"sync"
|
|
@ -1,285 +0,0 @@
|
|||
package executor
|
||||
|
||||
import (
|
||||
"context"
|
||||
"fmt"
|
||||
"io"
|
||||
"os"
|
||||
"os/exec"
|
||||
"sync"
|
||||
"syscall"
|
||||
|
||||
hclog "github.com/hashicorp/go-hclog"
|
||||
"github.com/hashicorp/nomad/plugins/drivers"
|
||||
dproto "github.com/hashicorp/nomad/plugins/drivers/proto"
|
||||
)
|
||||
|
||||
// execHelper is a convenient wrapper for starting and executing commands, and handling their output
|
||||
type execHelper struct {
|
||||
logger hclog.Logger
|
||||
|
||||
// newTerminal function creates a tty appropriate for the command
|
||||
// The returned pty end of tty function is to be called after process start.
|
||||
newTerminal func() (pty func() (*os.File, error), tty *os.File, err error)
|
||||
|
||||
// setTTY is a callback to configure the command with slave end of the tty of the terminal, when tty is enabled
|
||||
setTTY func(tty *os.File) error
|
||||
|
||||
// setTTY is a callback to configure the command with std{in|out|err}, when tty is disabled
|
||||
setIO func(stdin io.Reader, stdout, stderr io.Writer) error
|
||||
|
||||
// processStart starts the process, like `exec.Cmd.Start()`
|
||||
processStart func() error
|
||||
|
||||
// processWait blocks until command terminates and returns its final state
|
||||
processWait func() (*os.ProcessState, error)
|
||||
}
|
||||
|
||||
func (e *execHelper) run(ctx context.Context, tty bool, stream drivers.ExecTaskStream) error {
|
||||
if tty {
|
||||
return e.runTTY(ctx, stream)
|
||||
}
|
||||
return e.runNoTTY(ctx, stream)
|
||||
}
|
||||
|
||||
func (e *execHelper) runTTY(ctx context.Context, stream drivers.ExecTaskStream) error {
|
||||
ptyF, tty, err := e.newTerminal()
|
||||
if err != nil {
|
||||
return fmt.Errorf("failed to open a tty: %v", err)
|
||||
}
|
||||
defer tty.Close()
|
||||
|
||||
if err := e.setTTY(tty); err != nil {
|
||||
return fmt.Errorf("failed to set command tty: %v", err)
|
||||
}
|
||||
if err := e.processStart(); err != nil {
|
||||
return fmt.Errorf("failed to start command: %v", err)
|
||||
}
|
||||
|
||||
var wg sync.WaitGroup
|
||||
errCh := make(chan error, 3)
|
||||
|
||||
pty, err := ptyF()
|
||||
if err != nil {
|
||||
return fmt.Errorf("failed to get pty: %v", err)
|
||||
}
|
||||
|
||||
defer pty.Close()
|
||||
wg.Add(1)
|
||||
go handleStdin(e.logger, pty, stream, errCh)
|
||||
// when tty is on, stdout and stderr point to the same pty so only read once
|
||||
go handleStdout(e.logger, pty, &wg, stream.Send, errCh)
|
||||
|
||||
ps, err := e.processWait()
|
||||
|
||||
// force close streams to close out the stream copying goroutines
|
||||
tty.Close()
|
||||
|
||||
// wait until we get all process output
|
||||
wg.Wait()
|
||||
|
||||
// wait to flush out output
|
||||
stream.Send(cmdExitResult(ps, err))
|
||||
|
||||
select {
|
||||
case cerr := <-errCh:
|
||||
return cerr
|
||||
default:
|
||||
return nil
|
||||
}
|
||||
}
|
||||
|
||||
func (e *execHelper) runNoTTY(ctx context.Context, stream drivers.ExecTaskStream) error {
|
||||
var sendLock sync.Mutex
|
||||
send := func(v *drivers.ExecTaskStreamingResponseMsg) error {
|
||||
sendLock.Lock()
|
||||
defer sendLock.Unlock()
|
||||
|
||||
return stream.Send(v)
|
||||
}
|
||||
|
||||
stdinPr, stdinPw := io.Pipe()
|
||||
stdoutPr, stdoutPw := io.Pipe()
|
||||
stderrPr, stderrPw := io.Pipe()
|
||||
|
||||
defer stdoutPw.Close()
|
||||
defer stderrPw.Close()
|
||||
|
||||
if err := e.setIO(stdinPr, stdoutPw, stderrPw); err != nil {
|
||||
return fmt.Errorf("failed to set command io: %v", err)
|
||||
}
|
||||
|
||||
if err := e.processStart(); err != nil {
|
||||
return fmt.Errorf("failed to start command: %v", err)
|
||||
}
|
||||
|
||||
var wg sync.WaitGroup
|
||||
errCh := make(chan error, 3)
|
||||
|
||||
wg.Add(2)
|
||||
go handleStdin(e.logger, stdinPw, stream, errCh)
|
||||
go handleStdout(e.logger, stdoutPr, &wg, send, errCh)
|
||||
go handleStderr(e.logger, stderrPr, &wg, send, errCh)
|
||||
|
||||
ps, err := e.processWait()
|
||||
|
||||
// force close streams to close out the stream copying goroutines
|
||||
stdinPr.Close()
|
||||
stdoutPw.Close()
|
||||
stderrPw.Close()
|
||||
|
||||
// wait until we get all process output
|
||||
wg.Wait()
|
||||
|
||||
// wait to flush out output
|
||||
stream.Send(cmdExitResult(ps, err))
|
||||
|
||||
select {
|
||||
case cerr := <-errCh:
|
||||
return cerr
|
||||
default:
|
||||
return nil
|
||||
}
|
||||
}
|
||||
func cmdExitResult(ps *os.ProcessState, err error) *drivers.ExecTaskStreamingResponseMsg {
|
||||
exitCode := -1
|
||||
|
||||
if ps == nil {
|
||||
if ee, ok := err.(*exec.ExitError); ok {
|
||||
ps = ee.ProcessState
|
||||
}
|
||||
}
|
||||
|
||||
if ps == nil {
|
||||
exitCode = -2
|
||||
} else if status, ok := ps.Sys().(syscall.WaitStatus); ok {
|
||||
exitCode = status.ExitStatus()
|
||||
if status.Signaled() {
|
||||
const exitSignalBase = 128
|
||||
signal := int(status.Signal())
|
||||
exitCode = exitSignalBase + signal
|
||||
}
|
||||
}
|
||||
|
||||
return &drivers.ExecTaskStreamingResponseMsg{
|
||||
Exited: true,
|
||||
Result: &dproto.ExitResult{
|
||||
ExitCode: int32(exitCode),
|
||||
},
|
||||
}
|
||||
}
|
||||
|
||||
func handleStdin(logger hclog.Logger, stdin io.WriteCloser, stream drivers.ExecTaskStream, errCh chan<- error) {
|
||||
for {
|
||||
m, err := stream.Recv()
|
||||
if isClosedError(err) {
|
||||
return
|
||||
} else if err != nil {
|
||||
errCh <- err
|
||||
return
|
||||
}
|
||||
|
||||
if m.Stdin != nil {
|
||||
if len(m.Stdin.Data) != 0 {
|
||||
_, err := stdin.Write(m.Stdin.Data)
|
||||
if err != nil {
|
||||
errCh <- err
|
||||
return
|
||||
}
|
||||
}
|
||||
if m.Stdin.Close {
|
||||
stdin.Close()
|
||||
}
|
||||
} else if m.TtySize != nil {
|
||||
err := setTTYSize(stdin, m.TtySize.Height, m.TtySize.Width)
|
||||
if err != nil {
|
||||
errCh <- fmt.Errorf("failed to resize tty: %v", err)
|
||||
return
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
func handleStdout(logger hclog.Logger, reader io.Reader, wg *sync.WaitGroup, send func(*drivers.ExecTaskStreamingResponseMsg) error, errCh chan<- error) {
|
||||
defer wg.Done()
|
||||
|
||||
buf := make([]byte, 4096)
|
||||
for {
|
||||
n, err := reader.Read(buf)
|
||||
// always send output first if we read something
|
||||
if n > 0 {
|
||||
if err := send(&drivers.ExecTaskStreamingResponseMsg{
|
||||
Stdout: &dproto.ExecTaskStreamingIOOperation{
|
||||
Data: buf[:n],
|
||||
},
|
||||
}); err != nil {
|
||||
errCh <- err
|
||||
return
|
||||
}
|
||||
}
|
||||
|
||||
// then process error
|
||||
if isClosedError(err) {
|
||||
if err := send(&drivers.ExecTaskStreamingResponseMsg{
|
||||
Stdout: &dproto.ExecTaskStreamingIOOperation{
|
||||
Close: true,
|
||||
},
|
||||
}); err != nil {
|
||||
errCh <- err
|
||||
return
|
||||
}
|
||||
return
|
||||
} else if err != nil {
|
||||
errCh <- err
|
||||
return
|
||||
}
|
||||
|
||||
}
|
||||
}
|
||||
|
||||
func handleStderr(logger hclog.Logger, reader io.Reader, wg *sync.WaitGroup, send func(*drivers.ExecTaskStreamingResponseMsg) error, errCh chan<- error) {
|
||||
defer wg.Done()
|
||||
|
||||
buf := make([]byte, 4096)
|
||||
for {
|
||||
n, err := reader.Read(buf)
|
||||
// always send output first if we read something
|
||||
if n > 0 {
|
||||
if err := send(&drivers.ExecTaskStreamingResponseMsg{
|
||||
Stderr: &dproto.ExecTaskStreamingIOOperation{
|
||||
Data: buf[:n],
|
||||
},
|
||||
}); err != nil {
|
||||
errCh <- err
|
||||
return
|
||||
}
|
||||
}
|
||||
|
||||
// then process error
|
||||
if isClosedError(err) {
|
||||
if err := send(&drivers.ExecTaskStreamingResponseMsg{
|
||||
Stderr: &dproto.ExecTaskStreamingIOOperation{
|
||||
Close: true,
|
||||
},
|
||||
}); err != nil {
|
||||
errCh <- err
|
||||
return
|
||||
}
|
||||
return
|
||||
} else if err != nil {
|
||||
errCh <- err
|
||||
return
|
||||
}
|
||||
|
||||
}
|
||||
}
|
||||
|
||||
func isClosedError(err error) bool {
|
||||
if err == nil {
|
||||
return false
|
||||
}
|
||||
|
||||
return err == io.EOF ||
|
||||
err == io.ErrClosedPipe ||
|
||||
isUnixEIOErr(err)
|
||||
}
|
|
@ -1,722 +0,0 @@
|
|||
package executor
|
||||
|
||||
import (
|
||||
"context"
|
||||
"fmt"
|
||||
"io"
|
||||
"io/ioutil"
|
||||
"os"
|
||||
"os/exec"
|
||||
"path/filepath"
|
||||
"runtime"
|
||||
"strings"
|
||||
"syscall"
|
||||
"time"
|
||||
|
||||
"github.com/armon/circbuf"
|
||||
"github.com/creack/pty"
|
||||
"github.com/hashicorp/consul-template/signals"
|
||||
hclog "github.com/hashicorp/go-hclog"
|
||||
multierror "github.com/hashicorp/go-multierror"
|
||||
"github.com/hashicorp/nomad/client/allocdir"
|
||||
"github.com/hashicorp/nomad/client/lib/fifo"
|
||||
"github.com/hashicorp/nomad/client/lib/resources"
|
||||
"github.com/hashicorp/nomad/client/stats"
|
||||
cstructs "github.com/hashicorp/nomad/client/structs"
|
||||
shelpers "github.com/hashicorp/nomad/helper/stats"
|
||||
"github.com/hashicorp/nomad/plugins/drivers"
|
||||
"github.com/syndtr/gocapability/capability"
|
||||
)
|
||||
|
||||
const (
|
||||
// ExecutorVersionLatest is the current and latest version of the executor
|
||||
ExecutorVersionLatest = "2.0.0"
|
||||
|
||||
// ExecutorVersionPre0_9 is the version of executor use prior to the release
|
||||
// of 0.9.x
|
||||
ExecutorVersionPre0_9 = "1.1.0"
|
||||
|
||||
// IsolationModePrivate represents the private isolation mode for a namespace
|
||||
IsolationModePrivate = "private"
|
||||
|
||||
// IsolationModeHost represents the host isolation mode for a namespace
|
||||
IsolationModeHost = "host"
|
||||
)
|
||||
|
||||
var (
|
||||
// The statistics the basic executor exposes
|
||||
ExecutorBasicMeasuredMemStats = []string{"RSS", "Swap"}
|
||||
ExecutorBasicMeasuredCpuStats = []string{"System Mode", "User Mode", "Percent"}
|
||||
)
|
||||
|
||||
// Executor is the interface which allows a driver to launch and supervise
|
||||
// a process
|
||||
type Executor interface {
|
||||
// Launch a user process configured by the given ExecCommand
|
||||
Launch(launchCmd *ExecCommand) (*ProcessState, error)
|
||||
|
||||
// Wait blocks until the process exits or an error occures
|
||||
Wait(ctx context.Context) (*ProcessState, error)
|
||||
|
||||
// Shutdown will shutdown the executor by stopping the user process,
|
||||
// cleaning up and resources created by the executor. The shutdown sequence
|
||||
// will first send the given signal to the process. This defaults to "SIGINT"
|
||||
// if not specified. The executor will then wait for the process to exit
|
||||
// before cleaning up other resources. If the executor waits longer than the
|
||||
// given grace period, the process is forcefully killed.
|
||||
//
|
||||
// To force kill the user process, gracePeriod can be set to 0.
|
||||
Shutdown(signal string, gracePeriod time.Duration) error
|
||||
|
||||
// UpdateResources updates any resource isolation enforcement with new
|
||||
// constraints if supported.
|
||||
UpdateResources(*drivers.Resources) error
|
||||
|
||||
// Version returns the executor API version
|
||||
Version() (*ExecutorVersion, error)
|
||||
|
||||
// Returns a channel of stats. Stats are collected and
|
||||
// pushed to the channel on the given interval
|
||||
Stats(context.Context, time.Duration) (<-chan *cstructs.TaskResourceUsage, error)
|
||||
|
||||
// Signal sends the given signal to the user process
|
||||
Signal(os.Signal) error
|
||||
|
||||
// Exec executes the given command and args inside the executor context
|
||||
// and returns the output and exit code.
|
||||
Exec(deadline time.Time, cmd string, args []string) ([]byte, int, error)
|
||||
|
||||
ExecStreaming(ctx context.Context, cmd []string, tty bool,
|
||||
stream drivers.ExecTaskStream) error
|
||||
}
|
||||
|
||||
// ExecCommand holds the user command, args, and other isolation related
|
||||
// settings.
|
||||
//
|
||||
// Important (!): when adding fields, make sure to update the RPC methods in
|
||||
// grpcExecutorClient.Launch and grpcExecutorServer.Launch. Number of hours
|
||||
// spent tracking this down: too many.
|
||||
type ExecCommand struct {
|
||||
// Cmd is the command that the user wants to run.
|
||||
Cmd string
|
||||
|
||||
// Args is the args of the command that the user wants to run.
|
||||
Args []string
|
||||
|
||||
// Resources defined by the task
|
||||
Resources *drivers.Resources
|
||||
|
||||
// StdoutPath is the path the process stdout should be written to
|
||||
StdoutPath string
|
||||
stdout io.WriteCloser
|
||||
|
||||
// StderrPath is the path the process stderr should be written to
|
||||
StderrPath string
|
||||
stderr io.WriteCloser
|
||||
|
||||
// Env is the list of KEY=val pairs of environment variables to be set
|
||||
Env []string
|
||||
|
||||
// User is the user which the executor uses to run the command.
|
||||
User string
|
||||
|
||||
// TaskDir is the directory path on the host where for the task
|
||||
TaskDir string
|
||||
|
||||
// ResourceLimits determines whether resource limits are enforced by the
|
||||
// executor.
|
||||
ResourceLimits bool
|
||||
|
||||
// Cgroup marks whether we put the process in a cgroup. Setting this field
|
||||
// doesn't enforce resource limits. To enforce limits, set ResourceLimits.
|
||||
// Using the cgroup does allow more precise cleanup of processes.
|
||||
BasicProcessCgroup bool
|
||||
|
||||
// NoPivotRoot disables using pivot_root for isolation, useful when the root
|
||||
// partition is on a ramdisk which does not support pivot_root,
|
||||
// see man 2 pivot_root
|
||||
NoPivotRoot bool
|
||||
|
||||
// Mounts are the host paths to be be made available inside rootfs
|
||||
Mounts []*drivers.MountConfig
|
||||
|
||||
// Devices are the the device nodes to be created in isolation environment
|
||||
Devices []*drivers.DeviceConfig
|
||||
|
||||
// NetworkIsolation is the network isolation configuration.
|
||||
NetworkIsolation *drivers.NetworkIsolationSpec
|
||||
|
||||
// ModePID is the PID isolation mode (private or host).
|
||||
ModePID string
|
||||
|
||||
// ModeIPC is the IPC isolation mode (private or host).
|
||||
ModeIPC string
|
||||
|
||||
// Capabilities are the linux capabilities to be enabled by the task driver.
|
||||
Capabilities []string
|
||||
}
|
||||
|
||||
// SetWriters sets the writer for the process stdout and stderr. This should
|
||||
// not be used if writing to a file path such as a fifo file. SetStdoutWriter
|
||||
// is mainly used for unit testing purposes.
|
||||
func (c *ExecCommand) SetWriters(out io.WriteCloser, err io.WriteCloser) {
|
||||
c.stdout = out
|
||||
c.stderr = err
|
||||
}
|
||||
|
||||
// GetWriters returns the unexported io.WriteCloser for the stdout and stderr
|
||||
// handles. This is mainly used for unit testing purposes.
|
||||
func (c *ExecCommand) GetWriters() (stdout io.WriteCloser, stderr io.WriteCloser) {
|
||||
return c.stdout, c.stderr
|
||||
}
|
||||
|
||||
type nopCloser struct {
|
||||
io.Writer
|
||||
}
|
||||
|
||||
func (nopCloser) Close() error { return nil }
|
||||
|
||||
// Stdout returns a writer for the configured file descriptor
|
||||
func (c *ExecCommand) Stdout() (io.WriteCloser, error) {
|
||||
if c.stdout == nil {
|
||||
if c.StdoutPath != "" {
|
||||
f, err := fifo.OpenWriter(c.StdoutPath)
|
||||
if err != nil {
|
||||
return nil, fmt.Errorf("failed to create stdout: %v", err)
|
||||
}
|
||||
c.stdout = f
|
||||
} else {
|
||||
c.stdout = nopCloser{ioutil.Discard}
|
||||
}
|
||||
}
|
||||
return c.stdout, nil
|
||||
}
|
||||
|
||||
// Stderr returns a writer for the configured file descriptor
|
||||
func (c *ExecCommand) Stderr() (io.WriteCloser, error) {
|
||||
if c.stderr == nil {
|
||||
if c.StderrPath != "" {
|
||||
f, err := fifo.OpenWriter(c.StderrPath)
|
||||
if err != nil {
|
||||
return nil, fmt.Errorf("failed to create stderr: %v", err)
|
||||
}
|
||||
c.stderr = f
|
||||
} else {
|
||||
c.stderr = nopCloser{ioutil.Discard}
|
||||
}
|
||||
}
|
||||
return c.stderr, nil
|
||||
}
|
||||
|
||||
func (c *ExecCommand) Close() {
|
||||
if c.stdout != nil {
|
||||
c.stdout.Close()
|
||||
}
|
||||
if c.stderr != nil {
|
||||
c.stderr.Close()
|
||||
}
|
||||
}
|
||||
|
||||
// ProcessState holds information about the state of a user process.
|
||||
type ProcessState struct {
|
||||
Pid int
|
||||
ExitCode int
|
||||
Signal int
|
||||
Time time.Time
|
||||
}
|
||||
|
||||
// ExecutorVersion is the version of the executor
|
||||
type ExecutorVersion struct {
|
||||
Version string
|
||||
}
|
||||
|
||||
func (v *ExecutorVersion) GoString() string {
|
||||
return v.Version
|
||||
}
|
||||
|
||||
// UniversalExecutor is an implementation of the Executor which launches and
|
||||
// supervises processes. In addition to process supervision it provides resource
|
||||
// and file system isolation
|
||||
type UniversalExecutor struct {
|
||||
childCmd exec.Cmd
|
||||
commandCfg *ExecCommand
|
||||
|
||||
exitState *ProcessState
|
||||
processExited chan interface{}
|
||||
|
||||
// containment is used to cleanup resources created by the executor
|
||||
// currently only used for killing pids via freezer cgroup on linux
|
||||
containment resources.Containment
|
||||
|
||||
totalCpuStats *stats.CpuStats
|
||||
userCpuStats *stats.CpuStats
|
||||
systemCpuStats *stats.CpuStats
|
||||
pidCollector *pidCollector
|
||||
|
||||
logger hclog.Logger
|
||||
}
|
||||
|
||||
// NewExecutor returns an Executor
|
||||
func NewExecutor(logger hclog.Logger) Executor {
|
||||
logger = logger.Named("executor")
|
||||
if err := shelpers.Init(); err != nil {
|
||||
logger.Error("unable to initialize stats", "error", err)
|
||||
}
|
||||
|
||||
return &UniversalExecutor{
|
||||
logger: logger,
|
||||
processExited: make(chan interface{}),
|
||||
totalCpuStats: stats.NewCpuStats(),
|
||||
userCpuStats: stats.NewCpuStats(),
|
||||
systemCpuStats: stats.NewCpuStats(),
|
||||
pidCollector: newPidCollector(logger),
|
||||
}
|
||||
}
|
||||
|
||||
// Version returns the api version of the executor
|
||||
func (e *UniversalExecutor) Version() (*ExecutorVersion, error) {
|
||||
return &ExecutorVersion{Version: ExecutorVersionLatest}, nil
|
||||
}
|
||||
|
||||
// Launch launches the main process and returns its state. It also
|
||||
// configures an applies isolation on certain platforms.
|
||||
func (e *UniversalExecutor) Launch(command *ExecCommand) (*ProcessState, error) {
|
||||
e.logger.Trace("preparing to launch command", "command", command.Cmd, "args", strings.Join(command.Args, " "))
|
||||
|
||||
e.commandCfg = command
|
||||
|
||||
// setting the user of the process
|
||||
if command.User != "" {
|
||||
e.logger.Debug("running command as user", "user", command.User)
|
||||
if err := setCmdUser(&e.childCmd, command.User); err != nil {
|
||||
return nil, err
|
||||
}
|
||||
}
|
||||
|
||||
// set the task dir as the working directory for the command
|
||||
e.childCmd.Dir = e.commandCfg.TaskDir
|
||||
|
||||
// start command in separate process group
|
||||
if err := e.setNewProcessGroup(); err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
// Maybe setup containment (for now, cgroups only only on linux)
|
||||
if e.commandCfg.ResourceLimits || e.commandCfg.BasicProcessCgroup {
|
||||
pid := os.Getpid()
|
||||
if err := e.configureResourceContainer(pid); err != nil {
|
||||
e.logger.Error("failed to configure resource container", "pid", pid, "error", err)
|
||||
return nil, err
|
||||
}
|
||||
}
|
||||
|
||||
stdout, err := e.commandCfg.Stdout()
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
stderr, err := e.commandCfg.Stderr()
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
e.childCmd.Stdout = stdout
|
||||
e.childCmd.Stderr = stderr
|
||||
|
||||
// Look up the binary path and make it executable
|
||||
absPath, err := lookupBin(command.TaskDir, command.Cmd)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
if err := makeExecutable(absPath); err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
path := absPath
|
||||
|
||||
// Set the commands arguments
|
||||
e.childCmd.Path = path
|
||||
e.childCmd.Args = append([]string{e.childCmd.Path}, command.Args...)
|
||||
e.childCmd.Env = e.commandCfg.Env
|
||||
|
||||
// Start the process
|
||||
if err = withNetworkIsolation(e.childCmd.Start, command.NetworkIsolation); err != nil {
|
||||
return nil, fmt.Errorf("failed to start command path=%q --- args=%q: %v", path, e.childCmd.Args, err)
|
||||
}
|
||||
|
||||
go e.pidCollector.collectPids(e.processExited, e.getAllPids)
|
||||
go e.wait()
|
||||
return &ProcessState{Pid: e.childCmd.Process.Pid, ExitCode: -1, Time: time.Now()}, nil
|
||||
}
|
||||
|
||||
// Exec a command inside a container for exec and java drivers.
|
||||
func (e *UniversalExecutor) Exec(deadline time.Time, name string, args []string) ([]byte, int, error) {
|
||||
ctx, cancel := context.WithDeadline(context.Background(), deadline)
|
||||
defer cancel()
|
||||
return ExecScript(ctx, e.childCmd.Dir, e.commandCfg.Env, e.childCmd.SysProcAttr, e.commandCfg.NetworkIsolation, name, args)
|
||||
}
|
||||
|
||||
// ExecScript executes cmd with args and returns the output, exit code, and
|
||||
// error. Output is truncated to drivers/shared/structs.CheckBufSize
|
||||
func ExecScript(ctx context.Context, dir string, env []string, attrs *syscall.SysProcAttr,
|
||||
netSpec *drivers.NetworkIsolationSpec, name string, args []string) ([]byte, int, error) {
|
||||
|
||||
cmd := exec.CommandContext(ctx, name, args...)
|
||||
|
||||
// Copy runtime environment from the main command
|
||||
cmd.SysProcAttr = attrs
|
||||
cmd.Dir = dir
|
||||
cmd.Env = env
|
||||
|
||||
// Capture output
|
||||
buf, _ := circbuf.NewBuffer(int64(drivers.CheckBufSize))
|
||||
cmd.Stdout = buf
|
||||
cmd.Stderr = buf
|
||||
|
||||
if err := withNetworkIsolation(cmd.Run, netSpec); err != nil {
|
||||
exitErr, ok := err.(*exec.ExitError)
|
||||
if !ok {
|
||||
// Non-exit error, return it and let the caller treat
|
||||
// it as a critical failure
|
||||
return nil, 0, err
|
||||
}
|
||||
|
||||
// Some kind of error happened; default to critical
|
||||
exitCode := 2
|
||||
if status, ok := exitErr.Sys().(syscall.WaitStatus); ok {
|
||||
exitCode = status.ExitStatus()
|
||||
}
|
||||
|
||||
// Don't return the exitError as the caller only needs the
|
||||
// output and code.
|
||||
return buf.Bytes(), exitCode, nil
|
||||
}
|
||||
return buf.Bytes(), 0, nil
|
||||
}
|
||||
|
||||
func (e *UniversalExecutor) ExecStreaming(ctx context.Context, command []string, tty bool,
|
||||
stream drivers.ExecTaskStream) error {
|
||||
|
||||
if len(command) == 0 {
|
||||
return fmt.Errorf("command is required")
|
||||
}
|
||||
|
||||
cmd := exec.CommandContext(ctx, command[0], command[1:]...)
|
||||
|
||||
cmd.Dir = "/"
|
||||
cmd.Env = e.childCmd.Env
|
||||
|
||||
execHelper := &execHelper{
|
||||
logger: e.logger,
|
||||
|
||||
newTerminal: func() (func() (*os.File, error), *os.File, error) {
|
||||
pty, tty, err := pty.Open()
|
||||
if err != nil {
|
||||
return nil, nil, err
|
||||
}
|
||||
|
||||
return func() (*os.File, error) { return pty, nil }, tty, err
|
||||
},
|
||||
setTTY: func(tty *os.File) error {
|
||||
cmd.SysProcAttr = sessionCmdAttr(tty)
|
||||
|
||||
cmd.Stdin = tty
|
||||
cmd.Stdout = tty
|
||||
cmd.Stderr = tty
|
||||
return nil
|
||||
},
|
||||
setIO: func(stdin io.Reader, stdout, stderr io.Writer) error {
|
||||
cmd.Stdin = stdin
|
||||
cmd.Stdout = stdout
|
||||
cmd.Stderr = stderr
|
||||
return nil
|
||||
},
|
||||
processStart: func() error {
|
||||
if u := e.commandCfg.User; u != "" {
|
||||
if err := setCmdUser(cmd, u); err != nil {
|
||||
return err
|
||||
}
|
||||
}
|
||||
|
||||
return withNetworkIsolation(cmd.Start, e.commandCfg.NetworkIsolation)
|
||||
},
|
||||
processWait: func() (*os.ProcessState, error) {
|
||||
err := cmd.Wait()
|
||||
return cmd.ProcessState, err
|
||||
},
|
||||
}
|
||||
|
||||
return execHelper.run(ctx, tty, stream)
|
||||
}
|
||||
|
||||
// Wait waits until a process has exited and returns it's exitcode and errors
|
||||
func (e *UniversalExecutor) Wait(ctx context.Context) (*ProcessState, error) {
|
||||
select {
|
||||
case <-ctx.Done():
|
||||
return nil, ctx.Err()
|
||||
case <-e.processExited:
|
||||
return e.exitState, nil
|
||||
}
|
||||
}
|
||||
|
||||
func (e *UniversalExecutor) UpdateResources(resources *drivers.Resources) error {
|
||||
return nil
|
||||
}
|
||||
|
||||
func (e *UniversalExecutor) wait() {
|
||||
defer close(e.processExited)
|
||||
defer e.commandCfg.Close()
|
||||
pid := e.childCmd.Process.Pid
|
||||
err := e.childCmd.Wait()
|
||||
if err == nil {
|
||||
e.exitState = &ProcessState{Pid: pid, ExitCode: 0, Time: time.Now()}
|
||||
return
|
||||
}
|
||||
|
||||
exitCode := 1
|
||||
var signal int
|
||||
if exitErr, ok := err.(*exec.ExitError); ok {
|
||||
if status, ok := exitErr.Sys().(syscall.WaitStatus); ok {
|
||||
exitCode = status.ExitStatus()
|
||||
if status.Signaled() {
|
||||
// bash(1) uses the lower 7 bits of a uint8
|
||||
// to indicate normal program failure (see
|
||||
// <sysexits.h>). If a process terminates due
|
||||
// to a signal, encode the signal number to
|
||||
// indicate which signal caused the process
|
||||
// to terminate. Mirror this exit code
|
||||
// encoding scheme.
|
||||
const exitSignalBase = 128
|
||||
signal = int(status.Signal())
|
||||
exitCode = exitSignalBase + signal
|
||||
}
|
||||
}
|
||||
} else {
|
||||
e.logger.Warn("unexpected Cmd.Wait() error type", "error", err)
|
||||
}
|
||||
|
||||
e.exitState = &ProcessState{Pid: pid, ExitCode: exitCode, Signal: signal, Time: time.Now()}
|
||||
}
|
||||
|
||||
var (
|
||||
// finishedErr is the error message received when trying to kill and already
|
||||
// exited process.
|
||||
finishedErr = "os: process already finished"
|
||||
|
||||
// noSuchProcessErr is the error message received when trying to kill a non
|
||||
// existing process (e.g. when killing a process group).
|
||||
noSuchProcessErr = "no such process"
|
||||
)
|
||||
|
||||
// Shutdown cleans up the alloc directory, destroys resource container and
|
||||
// kills the user process.
|
||||
func (e *UniversalExecutor) Shutdown(signal string, grace time.Duration) error {
|
||||
e.logger.Debug("shutdown requested", "signal", signal, "grace_period_ms", grace.Round(time.Millisecond))
|
||||
var merr multierror.Error
|
||||
|
||||
// If the executor did not launch a process, return.
|
||||
if e.commandCfg == nil {
|
||||
return nil
|
||||
}
|
||||
|
||||
// If there is no process we can't shutdown
|
||||
if e.childCmd.Process == nil {
|
||||
e.logger.Warn("failed to shutdown due to missing process", "error", "no process found")
|
||||
return fmt.Errorf("executor failed to shutdown error: no process found")
|
||||
}
|
||||
|
||||
proc, err := os.FindProcess(e.childCmd.Process.Pid)
|
||||
if err != nil {
|
||||
err = fmt.Errorf("executor failed to find process: %v", err)
|
||||
e.logger.Warn("failed to shutdown due to inability to find process", "pid", e.childCmd.Process.Pid, "error", err)
|
||||
return err
|
||||
}
|
||||
|
||||
// If grace is 0 then skip shutdown logic
|
||||
if grace > 0 {
|
||||
// Default signal to SIGINT if not set
|
||||
if signal == "" {
|
||||
signal = "SIGINT"
|
||||
}
|
||||
|
||||
sig, ok := signals.SignalLookup[signal]
|
||||
if !ok {
|
||||
err = fmt.Errorf("error unknown signal given for shutdown: %s", signal)
|
||||
e.logger.Warn("failed to shutdown", "error", err)
|
||||
return err
|
||||
}
|
||||
|
||||
if err := e.shutdownProcess(sig, proc); err != nil {
|
||||
e.logger.Warn("failed to shutdown process", "pid", proc.Pid, "error", err)
|
||||
return err
|
||||
}
|
||||
|
||||
select {
|
||||
case <-e.processExited:
|
||||
case <-time.After(grace):
|
||||
proc.Kill()
|
||||
}
|
||||
} else {
|
||||
proc.Kill()
|
||||
}
|
||||
|
||||
// Wait for process to exit
|
||||
select {
|
||||
case <-e.processExited:
|
||||
case <-time.After(time.Second * 15):
|
||||
e.logger.Warn("process did not exit after 15 seconds")
|
||||
merr.Errors = append(merr.Errors, fmt.Errorf("process did not exit after 15 seconds"))
|
||||
}
|
||||
|
||||
// prefer killing the process via platform-dependent resource containment
|
||||
killByContainment := e.commandCfg.ResourceLimits || e.commandCfg.BasicProcessCgroup
|
||||
|
||||
if !killByContainment {
|
||||
// there is no containment, so kill the group the old fashioned way by sending
|
||||
// SIGKILL to the negative pid
|
||||
if cleanupChildrenErr := e.killProcessTree(proc); cleanupChildrenErr != nil && cleanupChildrenErr.Error() != finishedErr {
|
||||
merr.Errors = append(merr.Errors,
|
||||
fmt.Errorf("can't kill process with pid %d: %v", e.childCmd.Process.Pid, cleanupChildrenErr))
|
||||
}
|
||||
} else {
|
||||
// there is containment available (e.g. cgroups) so defer to that implementation
|
||||
// for killing the processes
|
||||
if cleanupErr := e.containment.Cleanup(); cleanupErr != nil {
|
||||
e.logger.Warn("containment cleanup failed", "error", cleanupErr)
|
||||
merr.Errors = append(merr.Errors, cleanupErr)
|
||||
}
|
||||
}
|
||||
|
||||
if err = merr.ErrorOrNil(); err != nil {
|
||||
e.logger.Warn("failed to shutdown due to some error", "error", err.Error())
|
||||
return err
|
||||
}
|
||||
|
||||
return nil
|
||||
}
|
||||
|
||||
// Signal sends the passed signal to the task
|
||||
func (e *UniversalExecutor) Signal(s os.Signal) error {
|
||||
if e.childCmd.Process == nil {
|
||||
return fmt.Errorf("Task not yet run")
|
||||
}
|
||||
|
||||
e.logger.Debug("sending signal to PID", "signal", s, "pid", e.childCmd.Process.Pid)
|
||||
err := e.childCmd.Process.Signal(s)
|
||||
if err != nil {
|
||||
e.logger.Error("sending signal failed", "signal", s, "error", err)
|
||||
return err
|
||||
}
|
||||
|
||||
return nil
|
||||
}
|
||||
|
||||
func (e *UniversalExecutor) Stats(ctx context.Context, interval time.Duration) (<-chan *cstructs.TaskResourceUsage, error) {
|
||||
ch := make(chan *cstructs.TaskResourceUsage)
|
||||
go e.handleStats(ch, ctx, interval)
|
||||
return ch, nil
|
||||
}
|
||||
|
||||
func (e *UniversalExecutor) handleStats(ch chan *cstructs.TaskResourceUsage, ctx context.Context, interval time.Duration) {
|
||||
defer close(ch)
|
||||
timer := time.NewTimer(0)
|
||||
for {
|
||||
select {
|
||||
case <-ctx.Done():
|
||||
return
|
||||
|
||||
case <-timer.C:
|
||||
timer.Reset(interval)
|
||||
}
|
||||
|
||||
pidStats, err := e.pidCollector.pidStats()
|
||||
if err != nil {
|
||||
e.logger.Warn("error collecting stats", "error", err)
|
||||
return
|
||||
}
|
||||
|
||||
select {
|
||||
case <-ctx.Done():
|
||||
return
|
||||
case ch <- aggregatedResourceUsage(e.systemCpuStats, pidStats):
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
// lookupBin looks for path to the binary to run by looking for the binary in
|
||||
// the following locations, in-order:
|
||||
// task/local/, task/, on the host file system, in host $PATH
|
||||
// The return path is absolute.
|
||||
func lookupBin(taskDir string, bin string) (string, error) {
|
||||
// Check in the local directory
|
||||
local := filepath.Join(taskDir, allocdir.TaskLocal, bin)
|
||||
if _, err := os.Stat(local); err == nil {
|
||||
return local, nil
|
||||
}
|
||||
|
||||
// Check at the root of the task's directory
|
||||
root := filepath.Join(taskDir, bin)
|
||||
if _, err := os.Stat(root); err == nil {
|
||||
return root, nil
|
||||
}
|
||||
|
||||
// when checking host paths, check with Stat first if path is absolute
|
||||
// as exec.LookPath only considers files already marked as executable
|
||||
// and only consider this for absolute paths to avoid depending on
|
||||
// current directory of nomad which may cause unexpected behavior
|
||||
if _, err := os.Stat(bin); err == nil && filepath.IsAbs(bin) {
|
||||
return bin, nil
|
||||
}
|
||||
|
||||
// Check the $PATH
|
||||
if host, err := exec.LookPath(bin); err == nil {
|
||||
return host, nil
|
||||
}
|
||||
|
||||
return "", fmt.Errorf("binary %q could not be found", bin)
|
||||
}
|
||||
|
||||
// makeExecutable makes the given file executable for root,group,others.
|
||||
func makeExecutable(binPath string) error {
|
||||
if runtime.GOOS == "windows" {
|
||||
return nil
|
||||
}
|
||||
|
||||
fi, err := os.Stat(binPath)
|
||||
if err != nil {
|
||||
if os.IsNotExist(err) {
|
||||
return fmt.Errorf("binary %q does not exist", binPath)
|
||||
}
|
||||
return fmt.Errorf("specified binary is invalid: %v", err)
|
||||
}
|
||||
|
||||
// If it is not executable, make it so.
|
||||
perm := fi.Mode().Perm()
|
||||
req := os.FileMode(0555)
|
||||
if perm&req != req {
|
||||
if err := os.Chmod(binPath, perm|req); err != nil {
|
||||
return fmt.Errorf("error making %q executable: %s", binPath, err)
|
||||
}
|
||||
}
|
||||
return nil
|
||||
}
|
||||
|
||||
// SupportedCaps returns a list of all supported capabilities in kernel.
|
||||
func SupportedCaps(allowNetRaw bool) []string {
|
||||
var allCaps []string
|
||||
last := capability.CAP_LAST_CAP
|
||||
// workaround for RHEL6 which has no /proc/sys/kernel/cap_last_cap
|
||||
if last == capability.Cap(63) {
|
||||
last = capability.CAP_BLOCK_SUSPEND
|
||||
}
|
||||
for _, cap := range capability.List() {
|
||||
if cap > last {
|
||||
continue
|
||||
}
|
||||
if !allowNetRaw && cap == capability.CAP_NET_RAW {
|
||||
continue
|
||||
}
|
||||
allCaps = append(allCaps, fmt.Sprintf("CAP_%s", strings.ToUpper(cap.String())))
|
||||
}
|
||||
return allCaps
|
||||
}
|
|
@ -1,33 +0,0 @@
|
|||
//go:build !linux
|
||||
|
||||
package executor
|
||||
|
||||
import (
|
||||
"os/exec"
|
||||
|
||||
hclog "github.com/hashicorp/go-hclog"
|
||||
"github.com/hashicorp/nomad/client/lib/resources"
|
||||
"github.com/hashicorp/nomad/plugins/drivers"
|
||||
)
|
||||
|
||||
func NewExecutorWithIsolation(logger hclog.Logger) Executor {
|
||||
logger = logger.Named("executor")
|
||||
logger.Error("isolation executor is not supported on this platform, using default")
|
||||
return NewExecutor(logger)
|
||||
}
|
||||
|
||||
func (e *UniversalExecutor) configureResourceContainer(_ int) error { return nil }
|
||||
|
||||
func (e *UniversalExecutor) getAllPids() (resources.PIDs, error) {
|
||||
return getAllPidsByScanning()
|
||||
}
|
||||
|
||||
func (e *UniversalExecutor) start(command *ExecCommand) error {
|
||||
return e.childCmd.Start()
|
||||
}
|
||||
|
||||
func withNetworkIsolation(f func() error, _ *drivers.NetworkIsolationSpec) error {
|
||||
return f()
|
||||
}
|
||||
|
||||
func setCmdUser(*exec.Cmd, string) error { return nil }
|
|
@ -1,926 +0,0 @@
|
|||
//go:build linux
|
||||
|
||||
package executor
|
||||
|
||||
import (
|
||||
"context"
|
||||
"errors"
|
||||
"fmt"
|
||||
"io"
|
||||
"io/fs"
|
||||
"os"
|
||||
"os/exec"
|
||||
"path"
|
||||
"path/filepath"
|
||||
"strings"
|
||||
"syscall"
|
||||
"time"
|
||||
|
||||
"github.com/armon/circbuf"
|
||||
"github.com/hashicorp/consul-template/signals"
|
||||
hclog "github.com/hashicorp/go-hclog"
|
||||
"github.com/hashicorp/nomad/client/allocdir"
|
||||
"github.com/hashicorp/nomad/client/lib/cgutil"
|
||||
"github.com/hashicorp/nomad/client/lib/resources"
|
||||
"github.com/hashicorp/nomad/client/stats"
|
||||
cstructs "github.com/hashicorp/nomad/client/structs"
|
||||
"github.com/hashicorp/nomad/drivers/shared/capabilities"
|
||||
shelpers "github.com/hashicorp/nomad/helper/stats"
|
||||
"github.com/hashicorp/nomad/helper/uuid"
|
||||
"github.com/hashicorp/nomad/nomad/structs"
|
||||
"github.com/hashicorp/nomad/plugins/drivers"
|
||||
"github.com/opencontainers/runc/libcontainer"
|
||||
"github.com/opencontainers/runc/libcontainer/cgroups"
|
||||
lconfigs "github.com/opencontainers/runc/libcontainer/configs"
|
||||
"github.com/opencontainers/runc/libcontainer/devices"
|
||||
ldevices "github.com/opencontainers/runc/libcontainer/devices"
|
||||
"github.com/opencontainers/runc/libcontainer/specconv"
|
||||
lutils "github.com/opencontainers/runc/libcontainer/utils"
|
||||
"github.com/opencontainers/runtime-spec/specs-go"
|
||||
"golang.org/x/sys/unix"
|
||||
)
|
||||
|
||||
var (
|
||||
// ExecutorCgroupV1MeasuredMemStats is the list of memory stats captured by the executor with cgroup-v1
|
||||
ExecutorCgroupV1MeasuredMemStats = []string{"RSS", "Cache", "Swap", "Usage", "Max Usage", "Kernel Usage", "Kernel Max Usage"}
|
||||
|
||||
// ExecutorCgroupV2MeasuredMemStats is the list of memory stats captured by the executor with cgroup-v2. cgroup-v2 exposes different memory stats and no longer reports rss or max usage.
|
||||
ExecutorCgroupV2MeasuredMemStats = []string{"Cache", "Swap", "Usage"}
|
||||
|
||||
// ExecutorCgroupMeasuredCpuStats is the list of CPU stats captures by the executor
|
||||
ExecutorCgroupMeasuredCpuStats = []string{"System Mode", "User Mode", "Throttled Periods", "Throttled Time", "Percent"}
|
||||
)
|
||||
|
||||
// LibcontainerExecutor implements an Executor with the runc/libcontainer api
|
||||
type LibcontainerExecutor struct {
|
||||
id string
|
||||
command *ExecCommand
|
||||
|
||||
logger hclog.Logger
|
||||
|
||||
totalCpuStats *stats.CpuStats
|
||||
userCpuStats *stats.CpuStats
|
||||
systemCpuStats *stats.CpuStats
|
||||
pidCollector *pidCollector
|
||||
|
||||
container libcontainer.Container
|
||||
userProc *libcontainer.Process
|
||||
userProcExited chan interface{}
|
||||
exitState *ProcessState
|
||||
}
|
||||
|
||||
func NewExecutorWithIsolation(logger hclog.Logger) Executor {
|
||||
logger = logger.Named("isolated_executor")
|
||||
if err := shelpers.Init(); err != nil {
|
||||
logger.Error("unable to initialize stats", "error", err)
|
||||
}
|
||||
return &LibcontainerExecutor{
|
||||
id: strings.ReplaceAll(uuid.Generate(), "-", "_"),
|
||||
logger: logger,
|
||||
totalCpuStats: stats.NewCpuStats(),
|
||||
userCpuStats: stats.NewCpuStats(),
|
||||
systemCpuStats: stats.NewCpuStats(),
|
||||
pidCollector: newPidCollector(logger),
|
||||
}
|
||||
}
|
||||
|
||||
// Launch creates a new container in libcontainer and starts a new process with it
|
||||
func (l *LibcontainerExecutor) Launch(command *ExecCommand) (*ProcessState, error) {
|
||||
l.logger.Trace("preparing to launch command", "command", command.Cmd, "args", strings.Join(command.Args, " "))
|
||||
|
||||
if command.Resources == nil {
|
||||
command.Resources = &drivers.Resources{
|
||||
NomadResources: &structs.AllocatedTaskResources{},
|
||||
}
|
||||
}
|
||||
|
||||
l.command = command
|
||||
|
||||
// create a new factory which will store the container state in the allocDir
|
||||
factory, err := libcontainer.New(
|
||||
path.Join(command.TaskDir, "../alloc/container"),
|
||||
// note that os.Args[0] refers to the executor shim typically
|
||||
// and first args arguments is ignored now due
|
||||
// until https://github.com/opencontainers/runc/pull/1888 is merged
|
||||
libcontainer.InitArgs(os.Args[0], "libcontainer-shim"),
|
||||
)
|
||||
if err != nil {
|
||||
return nil, fmt.Errorf("failed to create factory: %v", err)
|
||||
}
|
||||
|
||||
// A container groups processes under the same isolation enforcement
|
||||
containerCfg, err := newLibcontainerConfig(command)
|
||||
if err != nil {
|
||||
return nil, fmt.Errorf("failed to configure container(%s): %v", l.id, err)
|
||||
}
|
||||
|
||||
container, err := factory.Create(l.id, containerCfg)
|
||||
if err != nil {
|
||||
return nil, fmt.Errorf("failed to create container(%s): %v", l.id, err)
|
||||
}
|
||||
l.container = container
|
||||
|
||||
// Look up the binary path and make it executable
|
||||
taskPath, hostPath, err := lookupTaskBin(command)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
if err := makeExecutable(hostPath); err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
combined := append([]string{taskPath}, command.Args...)
|
||||
stdout, err := command.Stdout()
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
stderr, err := command.Stderr()
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
l.logger.Debug("launching", "command", command.Cmd, "args", strings.Join(command.Args, " "))
|
||||
|
||||
// the task process will be started by the container
|
||||
process := &libcontainer.Process{
|
||||
Args: combined,
|
||||
Env: command.Env,
|
||||
Stdout: stdout,
|
||||
Stderr: stderr,
|
||||
Init: true,
|
||||
}
|
||||
|
||||
if command.User != "" {
|
||||
process.User = command.User
|
||||
}
|
||||
l.userProc = process
|
||||
|
||||
l.totalCpuStats = stats.NewCpuStats()
|
||||
l.userCpuStats = stats.NewCpuStats()
|
||||
l.systemCpuStats = stats.NewCpuStats()
|
||||
|
||||
// Starts the task
|
||||
if err := container.Run(process); err != nil {
|
||||
container.Destroy()
|
||||
return nil, err
|
||||
}
|
||||
|
||||
pid, err := process.Pid()
|
||||
if err != nil {
|
||||
container.Destroy()
|
||||
return nil, err
|
||||
}
|
||||
|
||||
// start a goroutine to wait on the process to complete, so Wait calls can
|
||||
// be multiplexed
|
||||
l.userProcExited = make(chan interface{})
|
||||
go l.pidCollector.collectPids(l.userProcExited, l.getAllPids)
|
||||
go l.wait()
|
||||
|
||||
return &ProcessState{
|
||||
Pid: pid,
|
||||
ExitCode: -1,
|
||||
Time: time.Now(),
|
||||
}, nil
|
||||
}
|
||||
|
||||
func (l *LibcontainerExecutor) getAllPids() (resources.PIDs, error) {
|
||||
pids, err := l.container.Processes()
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
m := make(resources.PIDs, 1)
|
||||
for _, pid := range pids {
|
||||
m[pid] = resources.NewPID(pid)
|
||||
}
|
||||
return m, nil
|
||||
}
|
||||
|
||||
// Wait waits until a process has exited and returns it's exitcode and errors
|
||||
func (l *LibcontainerExecutor) Wait(ctx context.Context) (*ProcessState, error) {
|
||||
select {
|
||||
case <-ctx.Done():
|
||||
return nil, ctx.Err()
|
||||
case <-l.userProcExited:
|
||||
return l.exitState, nil
|
||||
}
|
||||
}
|
||||
|
||||
func (l *LibcontainerExecutor) wait() {
|
||||
defer close(l.userProcExited)
|
||||
|
||||
ps, err := l.userProc.Wait()
|
||||
if err != nil {
|
||||
// If the process has exited before we called wait an error is returned
|
||||
// the process state is embedded in the error
|
||||
if exitErr, ok := err.(*exec.ExitError); ok {
|
||||
ps = exitErr.ProcessState
|
||||
} else {
|
||||
l.logger.Error("failed to call wait on user process", "error", err)
|
||||
l.exitState = &ProcessState{Pid: 0, ExitCode: 1, Time: time.Now()}
|
||||
return
|
||||
}
|
||||
}
|
||||
|
||||
l.command.Close()
|
||||
|
||||
exitCode := 1
|
||||
var signal int
|
||||
if status, ok := ps.Sys().(syscall.WaitStatus); ok {
|
||||
exitCode = status.ExitStatus()
|
||||
if status.Signaled() {
|
||||
const exitSignalBase = 128
|
||||
signal = int(status.Signal())
|
||||
exitCode = exitSignalBase + signal
|
||||
}
|
||||
}
|
||||
|
||||
l.exitState = &ProcessState{
|
||||
Pid: ps.Pid(),
|
||||
ExitCode: exitCode,
|
||||
Signal: signal,
|
||||
Time: time.Now(),
|
||||
}
|
||||
}
|
||||
|
||||
// Shutdown stops all processes started and cleans up any resources
|
||||
// created (such as mountpoints, devices, etc).
|
||||
func (l *LibcontainerExecutor) Shutdown(signal string, grace time.Duration) error {
|
||||
if l.container == nil {
|
||||
return nil
|
||||
}
|
||||
|
||||
status, err := l.container.Status()
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
defer l.container.Destroy()
|
||||
|
||||
if status == libcontainer.Stopped {
|
||||
return nil
|
||||
}
|
||||
|
||||
if grace > 0 {
|
||||
if signal == "" {
|
||||
signal = "SIGINT"
|
||||
}
|
||||
|
||||
sig, ok := signals.SignalLookup[signal]
|
||||
if !ok {
|
||||
return fmt.Errorf("error unknown signal given for shutdown: %s", signal)
|
||||
}
|
||||
|
||||
// Signal initial container processes only during graceful
|
||||
// shutdown; hence `false` arg.
|
||||
err = l.container.Signal(sig, false)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
select {
|
||||
case <-l.userProcExited:
|
||||
return nil
|
||||
case <-time.After(grace):
|
||||
// Force kill all container processes after grace period,
|
||||
// hence `true` argument.
|
||||
if err := l.container.Signal(os.Kill, true); err != nil {
|
||||
return err
|
||||
}
|
||||
}
|
||||
} else {
|
||||
err := l.container.Signal(os.Kill, true)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
}
|
||||
|
||||
select {
|
||||
case <-l.userProcExited:
|
||||
return nil
|
||||
case <-time.After(time.Second * 15):
|
||||
return fmt.Errorf("process failed to exit after 15 seconds")
|
||||
}
|
||||
}
|
||||
|
||||
// UpdateResources updates the resource isolation with new values to be enforced
|
||||
func (l *LibcontainerExecutor) UpdateResources(resources *drivers.Resources) error {
|
||||
return nil
|
||||
}
|
||||
|
||||
// Version returns the api version of the executor
|
||||
func (l *LibcontainerExecutor) Version() (*ExecutorVersion, error) {
|
||||
return &ExecutorVersion{Version: ExecutorVersionLatest}, nil
|
||||
}
|
||||
|
||||
// Stats returns the resource statistics for processes managed by the executor
|
||||
func (l *LibcontainerExecutor) Stats(ctx context.Context, interval time.Duration) (<-chan *cstructs.TaskResourceUsage, error) {
|
||||
ch := make(chan *cstructs.TaskResourceUsage)
|
||||
go l.handleStats(ch, ctx, interval)
|
||||
return ch, nil
|
||||
|
||||
}
|
||||
|
||||
func (l *LibcontainerExecutor) handleStats(ch chan *cstructs.TaskResourceUsage, ctx context.Context, interval time.Duration) {
|
||||
defer close(ch)
|
||||
timer := time.NewTimer(0)
|
||||
|
||||
measuredMemStats := ExecutorCgroupV1MeasuredMemStats
|
||||
if cgroups.IsCgroup2UnifiedMode() {
|
||||
measuredMemStats = ExecutorCgroupV2MeasuredMemStats
|
||||
}
|
||||
|
||||
for {
|
||||
select {
|
||||
case <-ctx.Done():
|
||||
return
|
||||
|
||||
case <-timer.C:
|
||||
timer.Reset(interval)
|
||||
}
|
||||
|
||||
lstats, err := l.container.Stats()
|
||||
if err != nil {
|
||||
l.logger.Warn("error collecting stats", "error", err)
|
||||
return
|
||||
}
|
||||
|
||||
pidStats, err := l.pidCollector.pidStats()
|
||||
if err != nil {
|
||||
l.logger.Warn("error collecting stats", "error", err)
|
||||
return
|
||||
}
|
||||
|
||||
ts := time.Now()
|
||||
stats := lstats.CgroupStats
|
||||
|
||||
// Memory Related Stats
|
||||
swap := stats.MemoryStats.SwapUsage
|
||||
maxUsage := stats.MemoryStats.Usage.MaxUsage
|
||||
rss := stats.MemoryStats.Stats["rss"]
|
||||
cache := stats.MemoryStats.Stats["cache"]
|
||||
mapped_file := stats.MemoryStats.Stats["mapped_file"]
|
||||
ms := &cstructs.MemoryStats{
|
||||
RSS: rss,
|
||||
Cache: cache,
|
||||
Swap: swap.Usage,
|
||||
MappedFile: mapped_file,
|
||||
Usage: stats.MemoryStats.Usage.Usage,
|
||||
MaxUsage: maxUsage,
|
||||
KernelUsage: stats.MemoryStats.KernelUsage.Usage,
|
||||
KernelMaxUsage: stats.MemoryStats.KernelUsage.MaxUsage,
|
||||
Measured: measuredMemStats,
|
||||
}
|
||||
|
||||
// CPU Related Stats
|
||||
totalProcessCPUUsage := float64(stats.CpuStats.CpuUsage.TotalUsage)
|
||||
userModeTime := float64(stats.CpuStats.CpuUsage.UsageInUsermode)
|
||||
kernelModeTime := float64(stats.CpuStats.CpuUsage.UsageInKernelmode)
|
||||
|
||||
totalPercent := l.totalCpuStats.Percent(totalProcessCPUUsage)
|
||||
cs := &cstructs.CpuStats{
|
||||
SystemMode: l.systemCpuStats.Percent(kernelModeTime),
|
||||
UserMode: l.userCpuStats.Percent(userModeTime),
|
||||
Percent: totalPercent,
|
||||
ThrottledPeriods: stats.CpuStats.ThrottlingData.ThrottledPeriods,
|
||||
ThrottledTime: stats.CpuStats.ThrottlingData.ThrottledTime,
|
||||
TotalTicks: l.systemCpuStats.TicksConsumed(totalPercent),
|
||||
Measured: ExecutorCgroupMeasuredCpuStats,
|
||||
}
|
||||
taskResUsage := cstructs.TaskResourceUsage{
|
||||
ResourceUsage: &cstructs.ResourceUsage{
|
||||
MemoryStats: ms,
|
||||
CpuStats: cs,
|
||||
},
|
||||
Timestamp: ts.UTC().UnixNano(),
|
||||
Pids: pidStats,
|
||||
}
|
||||
|
||||
select {
|
||||
case <-ctx.Done():
|
||||
return
|
||||
case ch <- &taskResUsage:
|
||||
}
|
||||
|
||||
}
|
||||
}
|
||||
|
||||
// Signal sends a signal to the process managed by the executor
|
||||
func (l *LibcontainerExecutor) Signal(s os.Signal) error {
|
||||
return l.userProc.Signal(s)
|
||||
}
|
||||
|
||||
// Exec starts an additional process inside the container
|
||||
func (l *LibcontainerExecutor) Exec(deadline time.Time, cmd string, args []string) ([]byte, int, error) {
|
||||
combined := append([]string{cmd}, args...)
|
||||
// Capture output
|
||||
buf, _ := circbuf.NewBuffer(int64(drivers.CheckBufSize))
|
||||
|
||||
process := &libcontainer.Process{
|
||||
Args: combined,
|
||||
Env: l.command.Env,
|
||||
Stdout: buf,
|
||||
Stderr: buf,
|
||||
}
|
||||
|
||||
err := l.container.Run(process)
|
||||
if err != nil {
|
||||
return nil, 0, err
|
||||
}
|
||||
|
||||
waitCh := make(chan *waitResult)
|
||||
defer close(waitCh)
|
||||
go l.handleExecWait(waitCh, process)
|
||||
|
||||
select {
|
||||
case result := <-waitCh:
|
||||
ps := result.ps
|
||||
if result.err != nil {
|
||||
if exitErr, ok := result.err.(*exec.ExitError); ok {
|
||||
ps = exitErr.ProcessState
|
||||
} else {
|
||||
return nil, 0, result.err
|
||||
}
|
||||
}
|
||||
var exitCode int
|
||||
if status, ok := ps.Sys().(syscall.WaitStatus); ok {
|
||||
exitCode = status.ExitStatus()
|
||||
}
|
||||
return buf.Bytes(), exitCode, nil
|
||||
|
||||
case <-time.After(time.Until(deadline)):
|
||||
process.Signal(os.Kill)
|
||||
return nil, 0, context.DeadlineExceeded
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
func (l *LibcontainerExecutor) newTerminalSocket() (pty func() (*os.File, error), tty *os.File, err error) {
|
||||
parent, child, err := lutils.NewSockPair("socket")
|
||||
if err != nil {
|
||||
return nil, nil, fmt.Errorf("failed to create terminal: %v", err)
|
||||
}
|
||||
|
||||
return func() (*os.File, error) { return lutils.RecvFd(parent) }, child, err
|
||||
|
||||
}
|
||||
|
||||
func (l *LibcontainerExecutor) ExecStreaming(ctx context.Context, cmd []string, tty bool,
|
||||
stream drivers.ExecTaskStream) error {
|
||||
|
||||
// the task process will be started by the container
|
||||
process := &libcontainer.Process{
|
||||
Args: cmd,
|
||||
Env: l.userProc.Env,
|
||||
User: l.userProc.User,
|
||||
Init: false,
|
||||
Cwd: "/",
|
||||
}
|
||||
|
||||
execHelper := &execHelper{
|
||||
logger: l.logger,
|
||||
|
||||
newTerminal: l.newTerminalSocket,
|
||||
setTTY: func(tty *os.File) error {
|
||||
process.ConsoleSocket = tty
|
||||
return nil
|
||||
},
|
||||
setIO: func(stdin io.Reader, stdout, stderr io.Writer) error {
|
||||
process.Stdin = stdin
|
||||
process.Stdout = stdout
|
||||
process.Stderr = stderr
|
||||
return nil
|
||||
},
|
||||
|
||||
processStart: func() error { return l.container.Run(process) },
|
||||
processWait: func() (*os.ProcessState, error) {
|
||||
return process.Wait()
|
||||
},
|
||||
}
|
||||
|
||||
return execHelper.run(ctx, tty, stream)
|
||||
|
||||
}
|
||||
|
||||
type waitResult struct {
|
||||
ps *os.ProcessState
|
||||
err error
|
||||
}
|
||||
|
||||
func (l *LibcontainerExecutor) handleExecWait(ch chan *waitResult, process *libcontainer.Process) {
|
||||
ps, err := process.Wait()
|
||||
ch <- &waitResult{ps, err}
|
||||
}
|
||||
|
||||
func configureCapabilities(cfg *lconfigs.Config, command *ExecCommand) {
|
||||
switch command.User {
|
||||
case "root":
|
||||
// when running as root, use the legacy set of system capabilities, so
|
||||
// that we do not break existing nomad clusters using this "feature"
|
||||
legacyCaps := capabilities.LegacySupported().Slice(true)
|
||||
cfg.Capabilities = &lconfigs.Capabilities{
|
||||
Bounding: legacyCaps,
|
||||
Permitted: legacyCaps,
|
||||
Effective: legacyCaps,
|
||||
Ambient: nil,
|
||||
Inheritable: nil,
|
||||
}
|
||||
default:
|
||||
// otherwise apply the plugin + task capability configuration
|
||||
cfg.Capabilities = &lconfigs.Capabilities{
|
||||
Bounding: command.Capabilities,
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
func configureNamespaces(pidMode, ipcMode string) lconfigs.Namespaces {
|
||||
namespaces := lconfigs.Namespaces{{Type: lconfigs.NEWNS}}
|
||||
if pidMode == IsolationModePrivate {
|
||||
namespaces = append(namespaces, lconfigs.Namespace{Type: lconfigs.NEWPID})
|
||||
}
|
||||
if ipcMode == IsolationModePrivate {
|
||||
namespaces = append(namespaces, lconfigs.Namespace{Type: lconfigs.NEWIPC})
|
||||
}
|
||||
return namespaces
|
||||
}
|
||||
|
||||
// configureIsolation prepares the isolation primitives of the container.
|
||||
// The process runs in a container configured with the following:
|
||||
//
|
||||
// * the task directory as the chroot
|
||||
// * dedicated mount points namespace, but shares the PID, User, domain, network namespaces with host
|
||||
// * small subset of devices (e.g. stdout/stderr/stdin, tty, shm, pts); default to using the same set of devices as Docker
|
||||
// * some special filesystems: `/proc`, `/sys`. Some case is given to avoid exec escaping or setting malicious values through them.
|
||||
func configureIsolation(cfg *lconfigs.Config, command *ExecCommand) error {
|
||||
defaultMountFlags := syscall.MS_NOEXEC | syscall.MS_NOSUID | syscall.MS_NODEV
|
||||
|
||||
// set the new root directory for the container
|
||||
cfg.Rootfs = command.TaskDir
|
||||
|
||||
// disable pivot_root if set in the driver's configuration
|
||||
cfg.NoPivotRoot = command.NoPivotRoot
|
||||
|
||||
// set up default namespaces as configured
|
||||
cfg.Namespaces = configureNamespaces(command.ModePID, command.ModeIPC)
|
||||
|
||||
if command.NetworkIsolation != nil {
|
||||
cfg.Namespaces = append(cfg.Namespaces, lconfigs.Namespace{
|
||||
Type: lconfigs.NEWNET,
|
||||
Path: command.NetworkIsolation.Path,
|
||||
})
|
||||
}
|
||||
|
||||
// paths to mask using a bind mount to /dev/null to prevent reading
|
||||
cfg.MaskPaths = []string{
|
||||
"/proc/kcore",
|
||||
"/sys/firmware",
|
||||
}
|
||||
|
||||
// paths that should be remounted as readonly inside the container
|
||||
cfg.ReadonlyPaths = []string{
|
||||
"/proc/sys", "/proc/sysrq-trigger", "/proc/irq", "/proc/bus",
|
||||
}
|
||||
|
||||
cfg.Devices = specconv.AllowedDevices
|
||||
if len(command.Devices) > 0 {
|
||||
devs, err := cmdDevices(command.Devices)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
cfg.Devices = append(cfg.Devices, devs...)
|
||||
}
|
||||
|
||||
cfg.Mounts = []*lconfigs.Mount{
|
||||
{
|
||||
Source: "tmpfs",
|
||||
Destination: "/dev",
|
||||
Device: "tmpfs",
|
||||
Flags: syscall.MS_NOSUID | syscall.MS_STRICTATIME,
|
||||
Data: "mode=755",
|
||||
},
|
||||
{
|
||||
Source: "proc",
|
||||
Destination: "/proc",
|
||||
Device: "proc",
|
||||
Flags: defaultMountFlags,
|
||||
},
|
||||
{
|
||||
Source: "devpts",
|
||||
Destination: "/dev/pts",
|
||||
Device: "devpts",
|
||||
Flags: syscall.MS_NOSUID | syscall.MS_NOEXEC,
|
||||
Data: "newinstance,ptmxmode=0666,mode=0620,gid=5",
|
||||
},
|
||||
{
|
||||
Device: "tmpfs",
|
||||
Source: "shm",
|
||||
Destination: "/dev/shm",
|
||||
Data: "mode=1777,size=65536k",
|
||||
Flags: defaultMountFlags,
|
||||
},
|
||||
{
|
||||
Source: "mqueue",
|
||||
Destination: "/dev/mqueue",
|
||||
Device: "mqueue",
|
||||
Flags: defaultMountFlags,
|
||||
},
|
||||
{
|
||||
Source: "sysfs",
|
||||
Destination: "/sys",
|
||||
Device: "sysfs",
|
||||
Flags: defaultMountFlags | syscall.MS_RDONLY,
|
||||
},
|
||||
}
|
||||
|
||||
if len(command.Mounts) > 0 {
|
||||
cfg.Mounts = append(cfg.Mounts, cmdMounts(command.Mounts)...)
|
||||
}
|
||||
|
||||
return nil
|
||||
}
|
||||
|
||||
func configureCgroups(cfg *lconfigs.Config, command *ExecCommand) error {
|
||||
// If resources are not limited then manually create cgroups needed
|
||||
if !command.ResourceLimits {
|
||||
return cgutil.ConfigureBasicCgroups(cfg)
|
||||
}
|
||||
|
||||
// set cgroups path
|
||||
if cgutil.UseV2 {
|
||||
// in v2, the cgroup must have been created by the client already,
|
||||
// which breaks a lot of existing tests that run drivers without a client
|
||||
if command.Resources == nil || command.Resources.LinuxResources == nil || command.Resources.LinuxResources.CpusetCgroupPath == "" {
|
||||
return errors.New("cgroup path must be set")
|
||||
}
|
||||
parent, cgroup := cgutil.SplitPath(command.Resources.LinuxResources.CpusetCgroupPath)
|
||||
cfg.Cgroups.Path = filepath.Join("/", parent, cgroup)
|
||||
} else {
|
||||
// in v1, the cgroup is created using /nomad, which is a bug because it
|
||||
// does not respect the cgroup_parent client configuration
|
||||
// (but makes testing easy)
|
||||
id := uuid.Generate()
|
||||
cfg.Cgroups.Path = filepath.Join("/", cgutil.DefaultCgroupV1Parent, id)
|
||||
}
|
||||
|
||||
if command.Resources == nil || command.Resources.NomadResources == nil {
|
||||
return nil
|
||||
}
|
||||
|
||||
// Total amount of memory allowed to consume
|
||||
res := command.Resources.NomadResources
|
||||
memHard, memSoft := res.Memory.MemoryMaxMB, res.Memory.MemoryMB
|
||||
if memHard <= 0 {
|
||||
memHard = res.Memory.MemoryMB
|
||||
memSoft = 0
|
||||
}
|
||||
|
||||
if memHard > 0 {
|
||||
cfg.Cgroups.Resources.Memory = memHard * 1024 * 1024
|
||||
cfg.Cgroups.Resources.MemoryReservation = memSoft * 1024 * 1024
|
||||
|
||||
// Disable swap to avoid issues on the machine
|
||||
var memSwappiness uint64
|
||||
cfg.Cgroups.Resources.MemorySwappiness = &memSwappiness
|
||||
}
|
||||
|
||||
cpuShares := res.Cpu.CpuShares
|
||||
if cpuShares < 2 {
|
||||
return fmt.Errorf("resources.Cpu.CpuShares must be equal to or greater than 2: %v", cpuShares)
|
||||
}
|
||||
|
||||
// Set the relative CPU shares for this cgroup, and convert for cgroupv2
|
||||
cfg.Cgroups.Resources.CpuShares = uint64(cpuShares)
|
||||
cfg.Cgroups.Resources.CpuWeight = cgroups.ConvertCPUSharesToCgroupV2Value(uint64(cpuShares))
|
||||
|
||||
if command.Resources.LinuxResources != nil && command.Resources.LinuxResources.CpusetCgroupPath != "" {
|
||||
cfg.Hooks = lconfigs.Hooks{
|
||||
lconfigs.CreateRuntime: lconfigs.HookList{
|
||||
newSetCPUSetCgroupHook(command.Resources.LinuxResources.CpusetCgroupPath),
|
||||
},
|
||||
}
|
||||
}
|
||||
|
||||
return nil
|
||||
}
|
||||
|
||||
func newLibcontainerConfig(command *ExecCommand) (*lconfigs.Config, error) {
|
||||
cfg := &lconfigs.Config{
|
||||
Cgroups: &lconfigs.Cgroup{
|
||||
Resources: &lconfigs.Resources{
|
||||
MemorySwappiness: nil,
|
||||
},
|
||||
},
|
||||
Version: "1.0.0",
|
||||
}
|
||||
|
||||
for _, device := range specconv.AllowedDevices {
|
||||
cfg.Cgroups.Resources.Devices = append(cfg.Cgroups.Resources.Devices, &device.Rule)
|
||||
}
|
||||
|
||||
configureCapabilities(cfg, command)
|
||||
|
||||
// children should not inherit Nomad agent oom_score_adj value
|
||||
oomScoreAdj := 0
|
||||
cfg.OomScoreAdj = &oomScoreAdj
|
||||
|
||||
if err := configureIsolation(cfg, command); err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
if err := configureCgroups(cfg, command); err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
return cfg, nil
|
||||
}
|
||||
|
||||
// cmdDevices converts a list of driver.DeviceConfigs into excutor.Devices.
|
||||
func cmdDevices(driverDevices []*drivers.DeviceConfig) ([]*devices.Device, error) {
|
||||
if len(driverDevices) == 0 {
|
||||
return nil, nil
|
||||
}
|
||||
|
||||
r := make([]*devices.Device, len(driverDevices))
|
||||
|
||||
for i, d := range driverDevices {
|
||||
ed, err := ldevices.DeviceFromPath(d.HostPath, d.Permissions)
|
||||
if err != nil {
|
||||
return nil, fmt.Errorf("failed to make device out for %s: %v", d.HostPath, err)
|
||||
}
|
||||
ed.Path = d.TaskPath
|
||||
r[i] = ed
|
||||
}
|
||||
|
||||
return r, nil
|
||||
}
|
||||
|
||||
var userMountToUnixMount = map[string]int{
|
||||
// Empty string maps to `rprivate` for backwards compatibility in restored
|
||||
// older tasks, where mount propagation will not be present.
|
||||
"": unix.MS_PRIVATE | unix.MS_REC, // rprivate
|
||||
structs.VolumeMountPropagationPrivate: unix.MS_PRIVATE | unix.MS_REC, // rprivate
|
||||
structs.VolumeMountPropagationHostToTask: unix.MS_SLAVE | unix.MS_REC, // rslave
|
||||
structs.VolumeMountPropagationBidirectional: unix.MS_SHARED | unix.MS_REC, // rshared
|
||||
}
|
||||
|
||||
// cmdMounts converts a list of driver.MountConfigs into excutor.Mounts.
|
||||
func cmdMounts(mounts []*drivers.MountConfig) []*lconfigs.Mount {
|
||||
if len(mounts) == 0 {
|
||||
return nil
|
||||
}
|
||||
|
||||
r := make([]*lconfigs.Mount, len(mounts))
|
||||
|
||||
for i, m := range mounts {
|
||||
flags := unix.MS_BIND
|
||||
if m.Readonly {
|
||||
flags |= unix.MS_RDONLY
|
||||
}
|
||||
|
||||
r[i] = &lconfigs.Mount{
|
||||
Source: m.HostPath,
|
||||
Destination: m.TaskPath,
|
||||
Device: "bind",
|
||||
Flags: flags,
|
||||
PropagationFlags: []int{userMountToUnixMount[m.PropagationMode]},
|
||||
}
|
||||
}
|
||||
|
||||
return r
|
||||
}
|
||||
|
||||
// lookupTaskBin finds the file `bin`, searching in order:
|
||||
// - taskDir/local
|
||||
// - taskDir
|
||||
// - each mount, in order listed in the jobspec
|
||||
// - a PATH-like search of usr/local/bin/, usr/bin/, and bin/ inside the taskDir
|
||||
//
|
||||
// Returns an absolute path inside the container that will get passed as arg[0]
|
||||
// to the launched process, and the absolute path to that binary as seen by the
|
||||
// host (these will be identical for binaries that don't come from mounts).
|
||||
//
|
||||
// See also executor.lookupBin for a version used by non-isolated drivers.
|
||||
func lookupTaskBin(command *ExecCommand) (string, string, error) {
|
||||
cmd := command.Cmd
|
||||
|
||||
taskPath, hostPath, err := lookupBinFile(command, cmd)
|
||||
if err == nil {
|
||||
return taskPath, hostPath, nil
|
||||
}
|
||||
|
||||
if !strings.Contains(cmd, "/") {
|
||||
// Look up also in /bin
|
||||
bin := filepath.Join("/bin", cmd)
|
||||
taskPath, hostPath, err = lookupBinFile(command, bin)
|
||||
if err == nil {
|
||||
return taskPath, hostPath, nil
|
||||
}
|
||||
|
||||
return "", "", fmt.Errorf("file %s not found in task dir or in mounts, even when looking up /bin", cmd)
|
||||
} else {
|
||||
// If there's a / in the binary's path, we can't fallback to a PATH search
|
||||
return "", "", fmt.Errorf("file %s not found in task dir or in mounts", cmd)
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
func lookupBinFile(command *ExecCommand, bin string) (string, string, error) {
|
||||
taskDir := command.TaskDir
|
||||
|
||||
// Check in the local directory
|
||||
localDir := filepath.Join(taskDir, allocdir.TaskLocal)
|
||||
taskPath, hostPath, err := getPathInTaskDir(taskDir, localDir, bin)
|
||||
if err == nil {
|
||||
return taskPath, hostPath, nil
|
||||
}
|
||||
|
||||
// Check at the root of the task's directory
|
||||
taskPath, hostPath, err = getPathInTaskDir(taskDir, taskDir, bin)
|
||||
if err == nil {
|
||||
return taskPath, hostPath, nil
|
||||
}
|
||||
|
||||
// Check in our mounts
|
||||
for _, mount := range command.Mounts {
|
||||
taskPath, hostPath, err = getPathInMount(mount.HostPath, mount.TaskPath, bin)
|
||||
if err == nil {
|
||||
return taskPath, hostPath, nil
|
||||
}
|
||||
}
|
||||
|
||||
return "", "", fmt.Errorf("file %s not found in task dir or in mounts", bin)
|
||||
}
|
||||
|
||||
// getPathInTaskDir searches for the binary in the task directory and nested
|
||||
// search directory. It returns the absolute path rooted inside the container
|
||||
// and the absolute path on the host.
|
||||
func getPathInTaskDir(taskDir, searchDir, bin string) (string, string, error) {
|
||||
|
||||
hostPath := filepath.Join(searchDir, bin)
|
||||
err := filepathIsRegular(hostPath)
|
||||
if err != nil {
|
||||
return "", "", err
|
||||
}
|
||||
|
||||
// Find the path relative to the task directory
|
||||
rel, err := filepath.Rel(taskDir, hostPath)
|
||||
if rel == "" || err != nil {
|
||||
return "", "", fmt.Errorf(
|
||||
"failed to determine relative path base=%q target=%q: %v",
|
||||
taskDir, hostPath, err)
|
||||
}
|
||||
|
||||
// Turn relative-to-taskdir path into re-rooted absolute path to avoid
|
||||
// libcontainer trying to resolve the binary using $PATH.
|
||||
// Do *not* use filepath.Join as it will translate ".."s returned by
|
||||
// filepath.Rel. Prepending "/" will cause the path to be rooted in the
|
||||
// chroot which is the desired behavior.
|
||||
return filepath.Clean("/" + rel), hostPath, nil
|
||||
}
|
||||
|
||||
// getPathInMount for the binary in the mount's host path, constructing the path
|
||||
// considering that the bin path is rooted in the mount's task path and not its
|
||||
// host path. It returns the absolute path rooted inside the container and the
|
||||
// absolute path on the host.
|
||||
func getPathInMount(mountHostPath, mountTaskPath, bin string) (string, string, error) {
|
||||
|
||||
// Find the path relative to the mount point in the task so that we can
|
||||
// trim off any shared prefix when we search on the host path
|
||||
mountRel, err := filepath.Rel(mountTaskPath, bin)
|
||||
if mountRel == "" || err != nil {
|
||||
return "", "", fmt.Errorf("path was not relative to the mount task path")
|
||||
}
|
||||
|
||||
hostPath := filepath.Join(mountHostPath, mountRel)
|
||||
|
||||
err = filepathIsRegular(hostPath)
|
||||
if err != nil {
|
||||
return "", "", err
|
||||
}
|
||||
|
||||
// Turn relative-to-taskdir path into re-rooted absolute path to avoid
|
||||
// libcontainer trying to resolve the binary using $PATH.
|
||||
// Do *not* use filepath.Join as it will translate ".."s returned by
|
||||
// filepath.Rel. Prepending "/" will cause the path to be rooted in the
|
||||
// chroot which is the desired behavior.
|
||||
return filepath.Clean("/" + bin), hostPath, nil
|
||||
}
|
||||
|
||||
// filepathIsRegular verifies that a filepath is a regular file (i.e. not a
|
||||
// directory, socket, device, etc.)
|
||||
func filepathIsRegular(path string) error {
|
||||
f, err := os.Stat(path)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
if !(f.Mode().Type().IsRegular() || f.Mode().Type() & fs.ModeType == fs.ModeSymlink) {
|
||||
return fmt.Errorf("path was not a regular file")
|
||||
}
|
||||
return nil
|
||||
}
|
||||
|
||||
func newSetCPUSetCgroupHook(cgroupPath string) lconfigs.Hook {
|
||||
return lconfigs.NewFunctionHook(func(state *specs.State) error {
|
||||
return cgroups.WriteCgroupProc(cgroupPath, state.Pid)
|
||||
})
|
||||
}
|
|
@ -1,34 +0,0 @@
|
|||
package executor
|
||||
|
||||
import (
|
||||
"context"
|
||||
|
||||
hclog "github.com/hashicorp/go-hclog"
|
||||
plugin "github.com/hashicorp/go-plugin"
|
||||
"github.com/hashicorp/nomad/drivers/shared/executor/proto"
|
||||
"google.golang.org/grpc"
|
||||
)
|
||||
|
||||
type ExecutorPlugin struct {
|
||||
// TODO: support backwards compatibility with pre 0.9 NetRPC plugin
|
||||
plugin.NetRPCUnsupportedPlugin
|
||||
logger hclog.Logger
|
||||
fsIsolation bool
|
||||
}
|
||||
|
||||
func (p *ExecutorPlugin) GRPCServer(broker *plugin.GRPCBroker, s *grpc.Server) error {
|
||||
if p.fsIsolation {
|
||||
proto.RegisterExecutorServer(s, &grpcExecutorServer{impl: NewExecutorWithIsolation(p.logger)})
|
||||
} else {
|
||||
proto.RegisterExecutorServer(s, &grpcExecutorServer{impl: NewExecutor(p.logger)})
|
||||
}
|
||||
return nil
|
||||
}
|
||||
|
||||
func (p *ExecutorPlugin) GRPCClient(ctx context.Context, broker *plugin.GRPCBroker, c *grpc.ClientConn) (interface{}, error) {
|
||||
return &grpcExecutorClient{
|
||||
client: proto.NewExecutorClient(c),
|
||||
doneCtx: ctx,
|
||||
logger: p.logger,
|
||||
}, nil
|
||||
}
|
|
@ -1,154 +0,0 @@
|
|||
package executor
|
||||
|
||||
import (
|
||||
"fmt"
|
||||
"os/exec"
|
||||
"path/filepath"
|
||||
"strconv"
|
||||
"strings"
|
||||
"syscall"
|
||||
|
||||
"github.com/containernetworking/plugins/pkg/ns"
|
||||
"github.com/hashicorp/nomad/client/lib/cgutil"
|
||||
"github.com/hashicorp/nomad/client/lib/resources"
|
||||
"github.com/hashicorp/nomad/client/taskenv"
|
||||
"github.com/hashicorp/nomad/helper/users"
|
||||
"github.com/hashicorp/nomad/plugins/drivers"
|
||||
"github.com/opencontainers/runc/libcontainer/configs"
|
||||
"github.com/opencontainers/runc/libcontainer/specconv"
|
||||
)
|
||||
|
||||
// setCmdUser takes a user id as a string and looks up the user, and sets the command
|
||||
// to execute as that user.
|
||||
func setCmdUser(cmd *exec.Cmd, userid string) error {
|
||||
u, err := users.Lookup(userid)
|
||||
if err != nil {
|
||||
return fmt.Errorf("failed to identify user %v: %v", userid, err)
|
||||
}
|
||||
|
||||
// Get the groups the user is a part of
|
||||
gidStrings, err := u.GroupIds()
|
||||
if err != nil {
|
||||
return fmt.Errorf("unable to lookup user's group membership: %v", err)
|
||||
}
|
||||
|
||||
gids := make([]uint32, len(gidStrings))
|
||||
for _, gidString := range gidStrings {
|
||||
u, err := strconv.ParseUint(gidString, 10, 32)
|
||||
if err != nil {
|
||||
return fmt.Errorf("unable to convert user's group to uint32 %s: %v", gidString, err)
|
||||
}
|
||||
|
||||
gids = append(gids, uint32(u))
|
||||
}
|
||||
|
||||
// Convert the uid and gid
|
||||
uid, err := strconv.ParseUint(u.Uid, 10, 32)
|
||||
if err != nil {
|
||||
return fmt.Errorf("unable to convert userid to uint32: %s", err)
|
||||
}
|
||||
gid, err := strconv.ParseUint(u.Gid, 10, 32)
|
||||
if err != nil {
|
||||
return fmt.Errorf("unable to convert groupid to uint32: %s", err)
|
||||
}
|
||||
|
||||
// Set the command to run as that user and group.
|
||||
if cmd.SysProcAttr == nil {
|
||||
cmd.SysProcAttr = &syscall.SysProcAttr{}
|
||||
}
|
||||
if cmd.SysProcAttr.Credential == nil {
|
||||
cmd.SysProcAttr.Credential = &syscall.Credential{}
|
||||
}
|
||||
cmd.SysProcAttr.Credential.Uid = uint32(uid)
|
||||
cmd.SysProcAttr.Credential.Gid = uint32(gid)
|
||||
cmd.SysProcAttr.Credential.Groups = gids
|
||||
|
||||
return nil
|
||||
}
|
||||
|
||||
// configureResourceContainer configured the cgroups to be used to track pids
|
||||
// created by the executor
|
||||
func (e *UniversalExecutor) configureResourceContainer(pid int) error {
|
||||
cfg := &configs.Config{
|
||||
Cgroups: &configs.Cgroup{
|
||||
Resources: &configs.Resources{},
|
||||
},
|
||||
}
|
||||
|
||||
// note: this was always here, but not used until cgroups v2 support
|
||||
for _, device := range specconv.AllowedDevices {
|
||||
cfg.Cgroups.Resources.Devices = append(cfg.Cgroups.Resources.Devices, &device.Rule)
|
||||
}
|
||||
|
||||
lookup := func(env []string, name string) (result string) {
|
||||
for _, s := range env {
|
||||
if strings.HasPrefix(s, name+"=") {
|
||||
result = strings.TrimLeft(s, name+"=")
|
||||
return
|
||||
}
|
||||
}
|
||||
return
|
||||
}
|
||||
|
||||
if cgutil.UseV2 {
|
||||
// in v2 we have the definitive cgroup; create and enter it
|
||||
|
||||
// use the task environment variables for determining the cgroup path -
|
||||
// not ideal but plumbing the values directly requires grpc protobuf changes
|
||||
parent := lookup(e.commandCfg.Env, taskenv.CgroupParent)
|
||||
allocID := lookup(e.commandCfg.Env, taskenv.AllocID)
|
||||
task := lookup(e.commandCfg.Env, taskenv.TaskName)
|
||||
if parent == "" || allocID == "" || task == "" {
|
||||
return fmt.Errorf(
|
||||
"environment variables %s must be set",
|
||||
strings.Join([]string{taskenv.CgroupParent, taskenv.AllocID, taskenv.TaskName}, ","),
|
||||
)
|
||||
}
|
||||
scope := cgutil.CgroupScope(allocID, task)
|
||||
path := filepath.Join("/", cgutil.GetCgroupParent(parent), scope)
|
||||
cfg.Cgroups.Path = path
|
||||
e.containment = resources.Contain(e.logger, cfg.Cgroups)
|
||||
return e.containment.Apply(pid)
|
||||
|
||||
} else {
|
||||
// in v1 create a freezer cgroup for use by containment
|
||||
|
||||
if err := cgutil.ConfigureBasicCgroups(cfg); err != nil {
|
||||
// Log this error to help diagnose cases where nomad is run with too few
|
||||
// permissions, but don't return an error. There is no separate check for
|
||||
// cgroup creation permissions, so this may be the happy path.
|
||||
e.logger.Warn("failed to create cgroup",
|
||||
"docs", "https://www.nomadproject.io/docs/drivers/raw_exec.html#no_cgroups",
|
||||
"error", err)
|
||||
return nil
|
||||
}
|
||||
path := cfg.Cgroups.Path
|
||||
e.logger.Trace("cgroup created, now need to apply", "path", path)
|
||||
e.containment = resources.Contain(e.logger, cfg.Cgroups)
|
||||
return e.containment.Apply(pid)
|
||||
}
|
||||
}
|
||||
|
||||
func (e *UniversalExecutor) getAllPids() (resources.PIDs, error) {
|
||||
if e.containment == nil {
|
||||
return getAllPidsByScanning()
|
||||
}
|
||||
return e.containment.GetPIDs(), nil
|
||||
}
|
||||
|
||||
// withNetworkIsolation calls the passed function the network namespace `spec`
|
||||
func withNetworkIsolation(f func() error, spec *drivers.NetworkIsolationSpec) error {
|
||||
if spec != nil && spec.Path != "" {
|
||||
// Get a handle to the target network namespace
|
||||
netNS, err := ns.GetNS(spec.Path)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
// Start the container in the network namespace
|
||||
return netNS.Do(func(ns.NetNS) error {
|
||||
return f()
|
||||
})
|
||||
}
|
||||
return f()
|
||||
}
|
|
@ -1,50 +0,0 @@
|
|||
//go:build darwin || dragonfly || freebsd || linux || netbsd || openbsd || solaris
|
||||
|
||||
package executor
|
||||
|
||||
import (
|
||||
"fmt"
|
||||
"os"
|
||||
"syscall"
|
||||
)
|
||||
|
||||
// configure new process group for child process
|
||||
func (e *UniversalExecutor) setNewProcessGroup() error {
|
||||
if e.childCmd.SysProcAttr == nil {
|
||||
e.childCmd.SysProcAttr = &syscall.SysProcAttr{}
|
||||
}
|
||||
e.childCmd.SysProcAttr.Setpgid = true
|
||||
return nil
|
||||
}
|
||||
|
||||
// SIGKILL the process group starting at process.Pid
|
||||
func (e *UniversalExecutor) killProcessTree(process *os.Process) error {
|
||||
pid := process.Pid
|
||||
negative := -pid // tells unix to kill entire process group
|
||||
signal := syscall.SIGKILL
|
||||
|
||||
// If new process group was created upon command execution
|
||||
// we can kill the whole process group now to cleanup any leftovers.
|
||||
if e.childCmd.SysProcAttr != nil && e.childCmd.SysProcAttr.Setpgid {
|
||||
e.logger.Trace("sending sigkill to process group", "pid", pid, "negative", negative, "signal", signal)
|
||||
if err := syscall.Kill(negative, signal); err != nil && err.Error() != noSuchProcessErr {
|
||||
return err
|
||||
}
|
||||
return nil
|
||||
}
|
||||
return process.Kill()
|
||||
}
|
||||
|
||||
// Only send the process a shutdown signal (default INT), doesn't
|
||||
// necessarily kill it.
|
||||
func (e *UniversalExecutor) shutdownProcess(sig os.Signal, proc *os.Process) error {
|
||||
if sig == nil {
|
||||
sig = os.Interrupt
|
||||
}
|
||||
|
||||
if err := proc.Signal(sig); err != nil && err.Error() != finishedErr {
|
||||
return fmt.Errorf("executor shutdown error: %v", err)
|
||||
}
|
||||
|
||||
return nil
|
||||
}
|
|
@ -1,267 +0,0 @@
|
|||
package executor
|
||||
|
||||
import (
|
||||
"context"
|
||||
"fmt"
|
||||
"io"
|
||||
"os"
|
||||
"syscall"
|
||||
"time"
|
||||
|
||||
"github.com/LK4D4/joincontext"
|
||||
"github.com/golang/protobuf/ptypes"
|
||||
hclog "github.com/hashicorp/go-hclog"
|
||||
cstructs "github.com/hashicorp/nomad/client/structs"
|
||||
"github.com/hashicorp/nomad/drivers/shared/executor/proto"
|
||||
"github.com/hashicorp/nomad/helper/pluginutils/grpcutils"
|
||||
"github.com/hashicorp/nomad/plugins/drivers"
|
||||
dproto "github.com/hashicorp/nomad/plugins/drivers/proto"
|
||||
"google.golang.org/grpc/codes"
|
||||
"google.golang.org/grpc/status"
|
||||
)
|
||||
|
||||
var _ Executor = (*grpcExecutorClient)(nil)
|
||||
|
||||
type grpcExecutorClient struct {
|
||||
client proto.ExecutorClient
|
||||
logger hclog.Logger
|
||||
|
||||
// doneCtx is close when the plugin exits
|
||||
doneCtx context.Context
|
||||
}
|
||||
|
||||
func (c *grpcExecutorClient) Launch(cmd *ExecCommand) (*ProcessState, error) {
|
||||
ctx := context.Background()
|
||||
req := &proto.LaunchRequest{
|
||||
Cmd: cmd.Cmd,
|
||||
Args: cmd.Args,
|
||||
Resources: drivers.ResourcesToProto(cmd.Resources),
|
||||
StdoutPath: cmd.StdoutPath,
|
||||
StderrPath: cmd.StderrPath,
|
||||
Env: cmd.Env,
|
||||
User: cmd.User,
|
||||
TaskDir: cmd.TaskDir,
|
||||
ResourceLimits: cmd.ResourceLimits,
|
||||
BasicProcessCgroup: cmd.BasicProcessCgroup,
|
||||
NoPivotRoot: cmd.NoPivotRoot,
|
||||
Mounts: drivers.MountsToProto(cmd.Mounts),
|
||||
Devices: drivers.DevicesToProto(cmd.Devices),
|
||||
NetworkIsolation: drivers.NetworkIsolationSpecToProto(cmd.NetworkIsolation),
|
||||
DefaultPidMode: cmd.ModePID,
|
||||
DefaultIpcMode: cmd.ModeIPC,
|
||||
Capabilities: cmd.Capabilities,
|
||||
}
|
||||
resp, err := c.client.Launch(ctx, req)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
ps, err := processStateFromProto(resp.Process)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
return ps, nil
|
||||
}
|
||||
|
||||
func (c *grpcExecutorClient) Wait(ctx context.Context) (*ProcessState, error) {
|
||||
// Join the passed context and the shutdown context
|
||||
ctx, _ = joincontext.Join(ctx, c.doneCtx)
|
||||
|
||||
resp, err := c.client.Wait(ctx, &proto.WaitRequest{})
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
ps, err := processStateFromProto(resp.Process)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
return ps, nil
|
||||
}
|
||||
|
||||
func (c *grpcExecutorClient) Shutdown(signal string, gracePeriod time.Duration) error {
|
||||
ctx := context.Background()
|
||||
req := &proto.ShutdownRequest{
|
||||
Signal: signal,
|
||||
GracePeriod: gracePeriod.Nanoseconds(),
|
||||
}
|
||||
if _, err := c.client.Shutdown(ctx, req); err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
return nil
|
||||
}
|
||||
|
||||
func (c *grpcExecutorClient) UpdateResources(r *drivers.Resources) error {
|
||||
ctx := context.Background()
|
||||
req := &proto.UpdateResourcesRequest{Resources: drivers.ResourcesToProto(r)}
|
||||
if _, err := c.client.UpdateResources(ctx, req); err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
return nil
|
||||
}
|
||||
|
||||
func (c *grpcExecutorClient) Version() (*ExecutorVersion, error) {
|
||||
ctx := context.Background()
|
||||
resp, err := c.client.Version(ctx, &proto.VersionRequest{})
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
return &ExecutorVersion{Version: resp.Version}, nil
|
||||
}
|
||||
|
||||
func (c *grpcExecutorClient) Stats(ctx context.Context, interval time.Duration) (<-chan *cstructs.TaskResourceUsage, error) {
|
||||
stream, err := c.client.Stats(ctx, &proto.StatsRequest{
|
||||
Interval: int64(interval),
|
||||
})
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
ch := make(chan *cstructs.TaskResourceUsage)
|
||||
go c.handleStats(ctx, stream, ch)
|
||||
return ch, nil
|
||||
}
|
||||
|
||||
func (c *grpcExecutorClient) handleStats(ctx context.Context, stream proto.Executor_StatsClient, ch chan<- *cstructs.TaskResourceUsage) {
|
||||
defer close(ch)
|
||||
for {
|
||||
resp, err := stream.Recv()
|
||||
if ctx.Err() != nil {
|
||||
// Context canceled; exit gracefully
|
||||
return
|
||||
}
|
||||
|
||||
if err == io.EOF ||
|
||||
status.Code(err) == codes.Unavailable ||
|
||||
status.Code(err) == codes.Canceled ||
|
||||
err == context.Canceled {
|
||||
c.logger.Trace("executor Stats stream closed", "msg", err)
|
||||
return
|
||||
} else if err != nil {
|
||||
c.logger.Warn("failed to receive Stats executor RPC stream, closing stream", "error", err)
|
||||
return
|
||||
}
|
||||
|
||||
stats, err := drivers.TaskStatsFromProto(resp.Stats)
|
||||
if err != nil {
|
||||
c.logger.Error("failed to decode stats from RPC", "error", err, "stats", resp.Stats)
|
||||
continue
|
||||
}
|
||||
|
||||
select {
|
||||
case ch <- stats:
|
||||
case <-ctx.Done():
|
||||
return
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
func (c *grpcExecutorClient) Signal(s os.Signal) error {
|
||||
ctx := context.Background()
|
||||
sig, ok := s.(syscall.Signal)
|
||||
if !ok {
|
||||
return fmt.Errorf("unsupported signal type: %q", s.String())
|
||||
}
|
||||
req := &proto.SignalRequest{
|
||||
Signal: int32(sig),
|
||||
}
|
||||
if _, err := c.client.Signal(ctx, req); err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
return nil
|
||||
}
|
||||
|
||||
func (c *grpcExecutorClient) Exec(deadline time.Time, cmd string, args []string) ([]byte, int, error) {
|
||||
ctx := context.Background()
|
||||
pbDeadline, err := ptypes.TimestampProto(deadline)
|
||||
if err != nil {
|
||||
return nil, 0, err
|
||||
}
|
||||
req := &proto.ExecRequest{
|
||||
Deadline: pbDeadline,
|
||||
Cmd: cmd,
|
||||
Args: args,
|
||||
}
|
||||
|
||||
resp, err := c.client.Exec(ctx, req)
|
||||
if err != nil {
|
||||
return nil, 0, err
|
||||
}
|
||||
|
||||
return resp.Output, int(resp.ExitCode), nil
|
||||
}
|
||||
|
||||
func (c *grpcExecutorClient) ExecStreaming(ctx context.Context,
|
||||
command []string,
|
||||
tty bool,
|
||||
execStream drivers.ExecTaskStream) error {
|
||||
|
||||
err := c.execStreaming(ctx, command, tty, execStream)
|
||||
if err != nil {
|
||||
return grpcutils.HandleGrpcErr(err, c.doneCtx)
|
||||
}
|
||||
return nil
|
||||
}
|
||||
|
||||
func (c *grpcExecutorClient) execStreaming(ctx context.Context,
|
||||
command []string,
|
||||
tty bool,
|
||||
execStream drivers.ExecTaskStream) error {
|
||||
|
||||
stream, err := c.client.ExecStreaming(ctx)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
err = stream.Send(&dproto.ExecTaskStreamingRequest{
|
||||
Setup: &dproto.ExecTaskStreamingRequest_Setup{
|
||||
Command: command,
|
||||
Tty: tty,
|
||||
},
|
||||
})
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
errCh := make(chan error, 1)
|
||||
go func() {
|
||||
for {
|
||||
m, err := execStream.Recv()
|
||||
if err == io.EOF {
|
||||
return
|
||||
} else if err != nil {
|
||||
errCh <- err
|
||||
return
|
||||
}
|
||||
|
||||
if err := stream.Send(m); err != nil {
|
||||
errCh <- err
|
||||
return
|
||||
}
|
||||
|
||||
}
|
||||
}()
|
||||
|
||||
for {
|
||||
select {
|
||||
case err := <-errCh:
|
||||
return err
|
||||
default:
|
||||
}
|
||||
|
||||
m, err := stream.Recv()
|
||||
if err == io.EOF {
|
||||
return nil
|
||||
} else if err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
if err := execStream.Send(m); err != nil {
|
||||
return err
|
||||
}
|
||||
}
|
||||
}
|
|
@ -1,178 +0,0 @@
|
|||
package executor
|
||||
|
||||
import (
|
||||
"context"
|
||||
"fmt"
|
||||
"syscall"
|
||||
"time"
|
||||
|
||||
"github.com/golang/protobuf/ptypes"
|
||||
"google.golang.org/grpc/codes"
|
||||
"google.golang.org/grpc/status"
|
||||
|
||||
"github.com/hashicorp/nomad/drivers/shared/executor/proto"
|
||||
"github.com/hashicorp/nomad/nomad/structs"
|
||||
"github.com/hashicorp/nomad/plugins/drivers"
|
||||
sproto "github.com/hashicorp/nomad/plugins/shared/structs/proto"
|
||||
)
|
||||
|
||||
type grpcExecutorServer struct {
|
||||
impl Executor
|
||||
}
|
||||
|
||||
func (s *grpcExecutorServer) Launch(ctx context.Context, req *proto.LaunchRequest) (*proto.LaunchResponse, error) {
|
||||
ps, err := s.impl.Launch(&ExecCommand{
|
||||
Cmd: req.Cmd,
|
||||
Args: req.Args,
|
||||
Resources: drivers.ResourcesFromProto(req.Resources),
|
||||
StdoutPath: req.StdoutPath,
|
||||
StderrPath: req.StderrPath,
|
||||
Env: req.Env,
|
||||
User: req.User,
|
||||
TaskDir: req.TaskDir,
|
||||
ResourceLimits: req.ResourceLimits,
|
||||
BasicProcessCgroup: req.BasicProcessCgroup,
|
||||
NoPivotRoot: req.NoPivotRoot,
|
||||
Mounts: drivers.MountsFromProto(req.Mounts),
|
||||
Devices: drivers.DevicesFromProto(req.Devices),
|
||||
NetworkIsolation: drivers.NetworkIsolationSpecFromProto(req.NetworkIsolation),
|
||||
ModePID: req.DefaultPidMode,
|
||||
ModeIPC: req.DefaultIpcMode,
|
||||
Capabilities: req.Capabilities,
|
||||
})
|
||||
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
process, err := processStateToProto(ps)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
return &proto.LaunchResponse{
|
||||
Process: process,
|
||||
}, nil
|
||||
}
|
||||
|
||||
func (s *grpcExecutorServer) Wait(ctx context.Context, req *proto.WaitRequest) (*proto.WaitResponse, error) {
|
||||
ps, err := s.impl.Wait(ctx)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
process, err := processStateToProto(ps)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
return &proto.WaitResponse{
|
||||
Process: process,
|
||||
}, nil
|
||||
}
|
||||
|
||||
func (s *grpcExecutorServer) Shutdown(ctx context.Context, req *proto.ShutdownRequest) (*proto.ShutdownResponse, error) {
|
||||
if err := s.impl.Shutdown(req.Signal, time.Duration(req.GracePeriod)); err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
return &proto.ShutdownResponse{}, nil
|
||||
}
|
||||
|
||||
func (s *grpcExecutorServer) UpdateResources(ctx context.Context, req *proto.UpdateResourcesRequest) (*proto.UpdateResourcesResponse, error) {
|
||||
if err := s.impl.UpdateResources(drivers.ResourcesFromProto(req.Resources)); err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
return &proto.UpdateResourcesResponse{}, nil
|
||||
}
|
||||
|
||||
func (s *grpcExecutorServer) Version(context.Context, *proto.VersionRequest) (*proto.VersionResponse, error) {
|
||||
v, err := s.impl.Version()
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
return &proto.VersionResponse{
|
||||
Version: v.Version,
|
||||
}, nil
|
||||
}
|
||||
|
||||
func (s *grpcExecutorServer) Stats(req *proto.StatsRequest, stream proto.Executor_StatsServer) error {
|
||||
interval := time.Duration(req.Interval)
|
||||
if interval == 0 {
|
||||
interval = time.Second
|
||||
}
|
||||
|
||||
outCh, err := s.impl.Stats(stream.Context(), interval)
|
||||
if err != nil {
|
||||
if rec, ok := err.(structs.Recoverable); ok {
|
||||
st := status.New(codes.FailedPrecondition, rec.Error())
|
||||
st, err := st.WithDetails(&sproto.RecoverableError{Recoverable: rec.IsRecoverable()})
|
||||
if err != nil {
|
||||
// If this error, it will always error
|
||||
panic(err)
|
||||
}
|
||||
return st.Err()
|
||||
}
|
||||
return err
|
||||
}
|
||||
|
||||
for resp := range outCh {
|
||||
pbStats, err := drivers.TaskStatsToProto(resp)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
presp := &proto.StatsResponse{
|
||||
Stats: pbStats,
|
||||
}
|
||||
|
||||
// Send the stats
|
||||
if err := stream.Send(presp); err != nil {
|
||||
return err
|
||||
}
|
||||
}
|
||||
|
||||
return nil
|
||||
}
|
||||
|
||||
func (s *grpcExecutorServer) Signal(ctx context.Context, req *proto.SignalRequest) (*proto.SignalResponse, error) {
|
||||
sig := syscall.Signal(req.Signal)
|
||||
if err := s.impl.Signal(sig); err != nil {
|
||||
return nil, err
|
||||
}
|
||||
return &proto.SignalResponse{}, nil
|
||||
}
|
||||
|
||||
func (s *grpcExecutorServer) Exec(ctx context.Context, req *proto.ExecRequest) (*proto.ExecResponse, error) {
|
||||
deadline, err := ptypes.Timestamp(req.Deadline)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
out, exit, err := s.impl.Exec(deadline, req.Cmd, req.Args)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
return &proto.ExecResponse{
|
||||
Output: out,
|
||||
ExitCode: int32(exit),
|
||||
}, nil
|
||||
}
|
||||
|
||||
func (s *grpcExecutorServer) ExecStreaming(server proto.Executor_ExecStreamingServer) error {
|
||||
msg, err := server.Recv()
|
||||
if err != nil {
|
||||
return fmt.Errorf("failed to receive initial message: %v", err)
|
||||
}
|
||||
|
||||
if msg.Setup == nil {
|
||||
return fmt.Errorf("first message should always be setup")
|
||||
}
|
||||
|
||||
return s.impl.ExecStreaming(server.Context(),
|
||||
msg.Setup.Command, msg.Setup.Tty,
|
||||
server)
|
||||
}
|
|
@ -1,29 +0,0 @@
|
|||
package executor
|
||||
|
||||
import (
|
||||
"os"
|
||||
"runtime"
|
||||
|
||||
hclog "github.com/hashicorp/go-hclog"
|
||||
"github.com/opencontainers/runc/libcontainer"
|
||||
_ "github.com/opencontainers/runc/libcontainer/nsenter"
|
||||
)
|
||||
|
||||
// init is only run on linux and is used when the LibcontainerExecutor starts
|
||||
// a new process. The libcontainer shim takes over the process, setting up the
|
||||
// configured isolation and limitions before execve into the user process
|
||||
//
|
||||
// This subcommand handler is implemented as an `init`, libcontainer shim is handled anywhere
|
||||
// this package is used (including tests) without needing to write special command handler.
|
||||
func init() {
|
||||
if len(os.Args) > 1 && os.Args[1] == "libcontainer-shim" {
|
||||
runtime.GOMAXPROCS(1)
|
||||
runtime.LockOSThread()
|
||||
factory, _ := libcontainer.New("")
|
||||
if err := factory.StartInitialization(); err != nil {
|
||||
hclog.L().Error("failed to initialize libcontainer-shim", "error", err)
|
||||
os.Exit(1)
|
||||
}
|
||||
panic("--this line should have never been executed, congratulations--")
|
||||
}
|
||||
}
|
|
@ -1,211 +0,0 @@
|
|||
package executor
|
||||
|
||||
import (
|
||||
"os"
|
||||
"strconv"
|
||||
"sync"
|
||||
"time"
|
||||
|
||||
hclog "github.com/hashicorp/go-hclog"
|
||||
"github.com/hashicorp/nomad/client/lib/resources"
|
||||
"github.com/hashicorp/nomad/client/stats"
|
||||
"github.com/hashicorp/nomad/plugins/drivers"
|
||||
ps "github.com/mitchellh/go-ps"
|
||||
"github.com/shirou/gopsutil/v3/process"
|
||||
)
|
||||
|
||||
var (
|
||||
// pidScanInterval is the interval at which the executor scans the process
|
||||
// tree for finding out the pids that the executor and it's child processes
|
||||
// have forked
|
||||
pidScanInterval = 5 * time.Second
|
||||
)
|
||||
|
||||
// pidCollector is a utility that can be embedded in an executor to collect pid
|
||||
// stats
|
||||
type pidCollector struct {
|
||||
pids map[int]*resources.PID
|
||||
pidLock sync.RWMutex
|
||||
logger hclog.Logger
|
||||
}
|
||||
|
||||
// allPidGetter is a func which is used by the pid collector to gather
|
||||
// stats on
|
||||
type allPidGetter func() (resources.PIDs, error)
|
||||
|
||||
func newPidCollector(logger hclog.Logger) *pidCollector {
|
||||
return &pidCollector{
|
||||
pids: make(map[int]*resources.PID),
|
||||
logger: logger.Named("pid_collector"),
|
||||
}
|
||||
}
|
||||
|
||||
// collectPids collects the pids of the child processes that the executor is
|
||||
// running every 5 seconds
|
||||
func (c *pidCollector) collectPids(stopCh chan interface{}, pidGetter allPidGetter) {
|
||||
// Fire the timer right away when the executor starts from there on the pids
|
||||
// are collected every scan interval
|
||||
timer := time.NewTimer(0)
|
||||
defer timer.Stop()
|
||||
for {
|
||||
select {
|
||||
case <-timer.C:
|
||||
pids, err := pidGetter()
|
||||
if err != nil {
|
||||
c.logger.Debug("error collecting pids", "error", err)
|
||||
}
|
||||
c.pidLock.Lock()
|
||||
|
||||
// Adding pids which are not being tracked
|
||||
for pid, np := range pids {
|
||||
if _, ok := c.pids[pid]; !ok {
|
||||
c.pids[pid] = np
|
||||
}
|
||||
}
|
||||
// Removing pids which are no longer present
|
||||
for pid := range c.pids {
|
||||
if _, ok := pids[pid]; !ok {
|
||||
delete(c.pids, pid)
|
||||
}
|
||||
}
|
||||
c.pidLock.Unlock()
|
||||
timer.Reset(pidScanInterval)
|
||||
case <-stopCh:
|
||||
return
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
// scanPids scans all the pids on the machine running the current executor and
|
||||
// returns the child processes of the executor.
|
||||
func scanPids(parentPid int, allPids []ps.Process) (map[int]*resources.PID, error) {
|
||||
processFamily := make(map[int]struct{})
|
||||
processFamily[parentPid] = struct{}{}
|
||||
|
||||
// A mapping of pids to their parent pids. It is used to build the process
|
||||
// tree of the executing task
|
||||
pidsRemaining := make(map[int]int, len(allPids))
|
||||
for _, pid := range allPids {
|
||||
pidsRemaining[pid.Pid()] = pid.PPid()
|
||||
}
|
||||
|
||||
for {
|
||||
// flag to indicate if we have found a match
|
||||
foundNewPid := false
|
||||
|
||||
for pid, ppid := range pidsRemaining {
|
||||
_, childPid := processFamily[ppid]
|
||||
|
||||
// checking if the pid is a child of any of the parents
|
||||
if childPid {
|
||||
processFamily[pid] = struct{}{}
|
||||
delete(pidsRemaining, pid)
|
||||
foundNewPid = true
|
||||
}
|
||||
}
|
||||
|
||||
// not scanning anymore if we couldn't find a single match
|
||||
if !foundNewPid {
|
||||
break
|
||||
}
|
||||
}
|
||||
|
||||
res := make(map[int]*resources.PID)
|
||||
for pid := range processFamily {
|
||||
res[pid] = &resources.PID{
|
||||
PID: pid,
|
||||
StatsTotalCPU: stats.NewCpuStats(),
|
||||
StatsUserCPU: stats.NewCpuStats(),
|
||||
StatsSysCPU: stats.NewCpuStats(),
|
||||
}
|
||||
}
|
||||
return res, nil
|
||||
}
|
||||
|
||||
// pidStats returns the resource usage stats per pid
|
||||
func (c *pidCollector) pidStats() (map[string]*drivers.ResourceUsage, error) {
|
||||
stats := make(map[string]*drivers.ResourceUsage)
|
||||
c.pidLock.RLock()
|
||||
pids := make(map[int]*resources.PID, len(c.pids))
|
||||
for k, v := range c.pids {
|
||||
pids[k] = v
|
||||
}
|
||||
c.pidLock.RUnlock()
|
||||
for pid, np := range pids {
|
||||
p, err := process.NewProcess(int32(pid))
|
||||
if err != nil {
|
||||
c.logger.Trace("unable to create new process", "pid", pid, "error", err)
|
||||
continue
|
||||
}
|
||||
ms := &drivers.MemoryStats{}
|
||||
if memInfo, err := p.MemoryInfo(); err == nil {
|
||||
ms.RSS = memInfo.RSS
|
||||
ms.Swap = memInfo.Swap
|
||||
ms.Measured = ExecutorBasicMeasuredMemStats
|
||||
}
|
||||
|
||||
cs := &drivers.CpuStats{}
|
||||
if cpuStats, err := p.Times(); err == nil {
|
||||
cs.SystemMode = np.StatsSysCPU.Percent(cpuStats.System * float64(time.Second))
|
||||
cs.UserMode = np.StatsUserCPU.Percent(cpuStats.User * float64(time.Second))
|
||||
cs.Measured = ExecutorBasicMeasuredCpuStats
|
||||
|
||||
// calculate cpu usage percent
|
||||
cs.Percent = np.StatsTotalCPU.Percent(cpuStats.Total() * float64(time.Second))
|
||||
}
|
||||
stats[strconv.Itoa(pid)] = &drivers.ResourceUsage{MemoryStats: ms, CpuStats: cs}
|
||||
}
|
||||
|
||||
return stats, nil
|
||||
}
|
||||
|
||||
// aggregatedResourceUsage aggregates the resource usage of all the pids and
|
||||
// returns a TaskResourceUsage data point
|
||||
func aggregatedResourceUsage(systemCpuStats *stats.CpuStats, pidStats map[string]*drivers.ResourceUsage) *drivers.TaskResourceUsage {
|
||||
ts := time.Now().UTC().UnixNano()
|
||||
var (
|
||||
systemModeCPU, userModeCPU, percent float64
|
||||
totalRSS, totalSwap uint64
|
||||
)
|
||||
|
||||
for _, pidStat := range pidStats {
|
||||
systemModeCPU += pidStat.CpuStats.SystemMode
|
||||
userModeCPU += pidStat.CpuStats.UserMode
|
||||
percent += pidStat.CpuStats.Percent
|
||||
|
||||
totalRSS += pidStat.MemoryStats.RSS
|
||||
totalSwap += pidStat.MemoryStats.Swap
|
||||
}
|
||||
|
||||
totalCPU := &drivers.CpuStats{
|
||||
SystemMode: systemModeCPU,
|
||||
UserMode: userModeCPU,
|
||||
Percent: percent,
|
||||
Measured: ExecutorBasicMeasuredCpuStats,
|
||||
TotalTicks: systemCpuStats.TicksConsumed(percent),
|
||||
}
|
||||
|
||||
totalMemory := &drivers.MemoryStats{
|
||||
RSS: totalRSS,
|
||||
Swap: totalSwap,
|
||||
Measured: ExecutorBasicMeasuredMemStats,
|
||||
}
|
||||
|
||||
resourceUsage := drivers.ResourceUsage{
|
||||
MemoryStats: totalMemory,
|
||||
CpuStats: totalCPU,
|
||||
}
|
||||
return &drivers.TaskResourceUsage{
|
||||
ResourceUsage: &resourceUsage,
|
||||
Timestamp: ts,
|
||||
Pids: pidStats,
|
||||
}
|
||||
}
|
||||
|
||||
func getAllPidsByScanning() (resources.PIDs, error) {
|
||||
allProcesses, err := ps.Processes()
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
return scanPids(os.Getpid(), allProcesses)
|
||||
}
|
|
@ -1,55 +0,0 @@
|
|||
package executor
|
||||
|
||||
import (
|
||||
"net"
|
||||
|
||||
hclog "github.com/hashicorp/go-hclog"
|
||||
plugin "github.com/hashicorp/go-plugin"
|
||||
)
|
||||
|
||||
// ExecutorConfig is the config that Nomad passes to the executor
|
||||
type ExecutorConfig struct {
|
||||
|
||||
// LogFile is the file to which Executor logs
|
||||
LogFile string
|
||||
|
||||
// LogLevel is the level of the logs to putout
|
||||
LogLevel string
|
||||
|
||||
// FSIsolation if set will use an executor implementation that support
|
||||
// filesystem isolation
|
||||
FSIsolation bool
|
||||
}
|
||||
|
||||
func GetPluginMap(logger hclog.Logger, fsIsolation bool) map[string]plugin.Plugin {
|
||||
return map[string]plugin.Plugin{
|
||||
"executor": &ExecutorPlugin{
|
||||
logger: logger,
|
||||
fsIsolation: fsIsolation,
|
||||
},
|
||||
}
|
||||
}
|
||||
|
||||
// ExecutorReattachConfig is the config that we serialize and de-serialize and
|
||||
// store in disk
|
||||
type PluginReattachConfig struct {
|
||||
Pid int
|
||||
AddrNet string
|
||||
AddrName string
|
||||
}
|
||||
|
||||
// PluginConfig returns a config from an ExecutorReattachConfig
|
||||
func (c *PluginReattachConfig) PluginConfig() *plugin.ReattachConfig {
|
||||
var addr net.Addr
|
||||
switch c.AddrNet {
|
||||
case "unix", "unixgram", "unixpacket":
|
||||
addr, _ = net.ResolveUnixAddr(c.AddrNet, c.AddrName)
|
||||
case "tcp", "tcp4", "tcp6":
|
||||
addr, _ = net.ResolveTCPAddr(c.AddrNet, c.AddrName)
|
||||
}
|
||||
return &plugin.ReattachConfig{Pid: c.Pid, Addr: addr}
|
||||
}
|
||||
|
||||
func NewPluginReattachConfig(c *plugin.ReattachConfig) *PluginReattachConfig {
|
||||
return &PluginReattachConfig{Pid: c.Pid, AddrNet: c.Addr.Network(), AddrName: c.Addr.String()}
|
||||
}
|
|
@ -1,43 +0,0 @@
|
|||
//go:build darwin || dragonfly || freebsd || linux || netbsd || openbsd || solaris
|
||||
// +build darwin dragonfly freebsd linux netbsd openbsd solaris
|
||||
|
||||
package executor
|
||||
|
||||
import (
|
||||
"fmt"
|
||||
"io"
|
||||
"os"
|
||||
"strings"
|
||||
"syscall"
|
||||
|
||||
"github.com/creack/pty"
|
||||
"golang.org/x/sys/unix"
|
||||
)
|
||||
|
||||
func sessionCmdAttr(tty *os.File) *syscall.SysProcAttr {
|
||||
return &syscall.SysProcAttr{
|
||||
Setsid: true,
|
||||
Setctty: true,
|
||||
}
|
||||
}
|
||||
|
||||
func setTTYSize(w io.Writer, height, width int32) error {
|
||||
f, ok := w.(*os.File)
|
||||
if !ok {
|
||||
return fmt.Errorf("attempted to resize a non-tty session")
|
||||
}
|
||||
|
||||
return pty.Setsize(f, &pty.Winsize{
|
||||
Rows: uint16(height),
|
||||
Cols: uint16(width),
|
||||
})
|
||||
|
||||
}
|
||||
|
||||
func isUnixEIOErr(err error) bool {
|
||||
if err == nil {
|
||||
return false
|
||||
}
|
||||
|
||||
return strings.Contains(err.Error(), unix.EIO.Error())
|
||||
}
|
|
@ -1,12 +0,0 @@
|
|||
//go:build !linux
|
||||
|
||||
package executor
|
||||
|
||||
// resourceContainerContext is a platform-specific struct for managing a
|
||||
// resource container.
|
||||
type resourceContainerContext struct {
|
||||
}
|
||||
|
||||
func (rc *resourceContainerContext) executorCleanup() error {
|
||||
return nil
|
||||
}
|
|
@ -1,138 +0,0 @@
|
|||
package executor
|
||||
|
||||
import (
|
||||
"encoding/json"
|
||||
"fmt"
|
||||
"os"
|
||||
"os/exec"
|
||||
|
||||
"github.com/golang/protobuf/ptypes"
|
||||
hclog "github.com/hashicorp/go-hclog"
|
||||
plugin "github.com/hashicorp/go-plugin"
|
||||
"github.com/hashicorp/nomad/drivers/shared/executor/proto"
|
||||
"github.com/hashicorp/nomad/plugins/base"
|
||||
)
|
||||
|
||||
const (
|
||||
// ExecutorDefaultMaxPort is the default max port used by the executor for
|
||||
// searching for an available port
|
||||
ExecutorDefaultMaxPort = 14512
|
||||
|
||||
// ExecutorDefaultMinPort is the default min port used by the executor for
|
||||
// searching for an available port
|
||||
ExecutorDefaultMinPort = 14000
|
||||
)
|
||||
|
||||
// CreateExecutor launches an executor plugin and returns an instance of the
|
||||
// Executor interface
|
||||
func CreateExecutor(logger hclog.Logger, driverConfig *base.ClientDriverConfig,
|
||||
executorConfig *ExecutorConfig) (Executor, *plugin.Client, error) {
|
||||
|
||||
c, err := json.Marshal(executorConfig)
|
||||
if err != nil {
|
||||
return nil, nil, fmt.Errorf("unable to create executor config: %v", err)
|
||||
}
|
||||
bin, err := os.Executable()
|
||||
if err != nil {
|
||||
return nil, nil, fmt.Errorf("unable to find the nomad binary: %v", err)
|
||||
}
|
||||
|
||||
p := &ExecutorPlugin{
|
||||
logger: logger,
|
||||
fsIsolation: executorConfig.FSIsolation,
|
||||
}
|
||||
|
||||
config := &plugin.ClientConfig{
|
||||
HandshakeConfig: base.Handshake,
|
||||
Plugins: map[string]plugin.Plugin{"executor": p},
|
||||
Cmd: exec.Command(bin, "executor", string(c)),
|
||||
AllowedProtocols: []plugin.Protocol{plugin.ProtocolGRPC},
|
||||
Logger: logger.Named("executor"),
|
||||
}
|
||||
|
||||
if driverConfig != nil {
|
||||
config.MaxPort = driverConfig.ClientMaxPort
|
||||
config.MinPort = driverConfig.ClientMinPort
|
||||
} else {
|
||||
config.MaxPort = ExecutorDefaultMaxPort
|
||||
config.MinPort = ExecutorDefaultMinPort
|
||||
}
|
||||
|
||||
// setting the setsid of the plugin process so that it doesn't get signals sent to
|
||||
// the nomad client.
|
||||
if config.Cmd != nil {
|
||||
isolateCommand(config.Cmd)
|
||||
}
|
||||
|
||||
return newExecutorClient(config, logger)
|
||||
}
|
||||
|
||||
// ReattachToExecutor launches a plugin with a given plugin config
|
||||
func ReattachToExecutor(reattachConfig *plugin.ReattachConfig, logger hclog.Logger) (Executor, *plugin.Client, error) {
|
||||
config := &plugin.ClientConfig{
|
||||
HandshakeConfig: base.Handshake,
|
||||
Reattach: reattachConfig,
|
||||
Plugins: GetPluginMap(logger, false),
|
||||
AllowedProtocols: []plugin.Protocol{plugin.ProtocolGRPC},
|
||||
Logger: logger.Named("executor"),
|
||||
}
|
||||
|
||||
return newExecutorClient(config, logger)
|
||||
}
|
||||
|
||||
func newExecutorClient(config *plugin.ClientConfig, logger hclog.Logger) (Executor, *plugin.Client, error) {
|
||||
executorClient := plugin.NewClient(config)
|
||||
rpcClient, err := executorClient.Client()
|
||||
if err != nil {
|
||||
return nil, nil, fmt.Errorf("error creating rpc client for executor plugin: %v", err)
|
||||
}
|
||||
|
||||
raw, err := rpcClient.Dispense("executor")
|
||||
if err != nil {
|
||||
return nil, nil, fmt.Errorf("unable to dispense the executor plugin: %v", err)
|
||||
}
|
||||
executorPlugin, ok := raw.(Executor)
|
||||
if !ok {
|
||||
return nil, nil, fmt.Errorf("unexpected executor rpc type: %T", raw)
|
||||
}
|
||||
return executorPlugin, executorClient, nil
|
||||
}
|
||||
|
||||
func processStateToProto(ps *ProcessState) (*proto.ProcessState, error) {
|
||||
timestamp, err := ptypes.TimestampProto(ps.Time)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
pb := &proto.ProcessState{
|
||||
Pid: int32(ps.Pid),
|
||||
ExitCode: int32(ps.ExitCode),
|
||||
Signal: int32(ps.Signal),
|
||||
Time: timestamp,
|
||||
}
|
||||
|
||||
return pb, nil
|
||||
}
|
||||
|
||||
func processStateFromProto(pb *proto.ProcessState) (*ProcessState, error) {
|
||||
timestamp, err := ptypes.Timestamp(pb.Time)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
return &ProcessState{
|
||||
Pid: int(pb.Pid),
|
||||
ExitCode: int(pb.ExitCode),
|
||||
Signal: int(pb.Signal),
|
||||
Time: timestamp,
|
||||
}, nil
|
||||
}
|
||||
|
||||
// IsolationMode returns the namespace isolation mode as determined from agent
|
||||
// plugin configuration and task driver configuration. The task configuration
|
||||
// takes precedence, if it is configured.
|
||||
func IsolationMode(plugin, task string) string {
|
||||
if task != "" {
|
||||
return task
|
||||
}
|
||||
return plugin
|
||||
}
|
|
@ -1,19 +0,0 @@
|
|||
//go:build darwin || dragonfly || freebsd || linux || netbsd || openbsd || solaris
|
||||
// +build darwin dragonfly freebsd linux netbsd openbsd solaris
|
||||
|
||||
package executor
|
||||
|
||||
import (
|
||||
"os/exec"
|
||||
"syscall"
|
||||
)
|
||||
|
||||
// isolateCommand sets the setsid flag in exec.Cmd to true so that the process
|
||||
// becomes the process leader in a new session and doesn't receive signals that
|
||||
// are sent to the parent process.
|
||||
func isolateCommand(cmd *exec.Cmd) {
|
||||
if cmd.SysProcAttr == nil {
|
||||
cmd.SysProcAttr = &syscall.SysProcAttr{}
|
||||
}
|
||||
cmd.SysProcAttr.Setsid = true
|
||||
}
|
|
@ -1,55 +0,0 @@
|
|||
package executor
|
||||
|
||||
import (
|
||||
"encoding/json"
|
||||
"os"
|
||||
|
||||
hclog "github.com/hashicorp/go-hclog"
|
||||
plugin "github.com/hashicorp/go-plugin"
|
||||
|
||||
"github.com/hashicorp/nomad/plugins/base"
|
||||
)
|
||||
|
||||
// Install a plugin cli handler to ease working with tests
|
||||
// and external plugins.
|
||||
// This init() must be initialized last in package required by the child plugin
|
||||
// process. It's recommended to avoid any other `init()` or inline any necessary calls
|
||||
// here. See eeaa95d commit message for more details.
|
||||
func init() {
|
||||
if len(os.Args) > 1 && os.Args[1] == "executor" {
|
||||
if len(os.Args) != 3 {
|
||||
hclog.L().Error("json configuration not provided")
|
||||
os.Exit(1)
|
||||
}
|
||||
|
||||
config := os.Args[2]
|
||||
var executorConfig ExecutorConfig
|
||||
if err := json.Unmarshal([]byte(config), &executorConfig); err != nil {
|
||||
os.Exit(1)
|
||||
}
|
||||
|
||||
f, err := os.OpenFile(executorConfig.LogFile, os.O_CREATE|os.O_RDWR|os.O_APPEND, 0666)
|
||||
if err != nil {
|
||||
hclog.L().Error(err.Error())
|
||||
os.Exit(1)
|
||||
}
|
||||
|
||||
// Create the logger
|
||||
logger := hclog.New(&hclog.LoggerOptions{
|
||||
Level: hclog.LevelFromString(executorConfig.LogLevel),
|
||||
JSONFormat: true,
|
||||
Output: f,
|
||||
})
|
||||
|
||||
plugin.Serve(&plugin.ServeConfig{
|
||||
HandshakeConfig: base.Handshake,
|
||||
Plugins: GetPluginMap(
|
||||
logger,
|
||||
executorConfig.FSIsolation,
|
||||
),
|
||||
GRPCServer: plugin.DefaultGRPCServer,
|
||||
Logger: logger,
|
||||
})
|
||||
os.Exit(0)
|
||||
}
|
||||
}
|
57
go.mod
57
go.mod
|
@ -1,55 +1,37 @@
|
|||
module git.deuxfleurs.fr/Deuxfleurs/nomad-driver-nix2
|
||||
module github.com/Alexis211/nomad-driver-exec2
|
||||
|
||||
go 1.19
|
||||
|
||||
require (
|
||||
github.com/LK4D4/joincontext v0.0.0-20171026170139-1724345da6d5
|
||||
github.com/armon/circbuf v0.0.0-20190214190532-5111143e8da2
|
||||
github.com/containernetworking/plugins v1.1.1
|
||||
github.com/creack/pty v1.1.18
|
||||
github.com/golang/protobuf v1.5.2
|
||||
github.com/hashicorp/consul-template v0.29.6-0.20221026140134-90370e07bf62
|
||||
github.com/hashicorp/go-hclog v1.3.1
|
||||
github.com/hashicorp/go-multierror v1.1.1
|
||||
github.com/hashicorp/go-plugin v1.4.4
|
||||
github.com/hashicorp/nomad v1.4.2
|
||||
github.com/mitchellh/go-ps v1.0.0
|
||||
github.com/opencontainers/runc v1.1.4
|
||||
github.com/opencontainers/runtime-spec v1.0.3-0.20210326190908-1c3f411f0417
|
||||
github.com/shirou/gopsutil/v3 v3.22.8
|
||||
github.com/syndtr/gocapability v0.0.0-20200815063812-42c35b437635
|
||||
golang.org/x/sys v0.1.0
|
||||
google.golang.org/grpc v1.48.0
|
||||
)
|
||||
|
||||
require (
|
||||
github.com/Masterminds/goutils v1.1.1 // indirect
|
||||
github.com/Masterminds/semver/v3 v3.1.1 // indirect
|
||||
github.com/Masterminds/sprig/v3 v3.2.0 // indirect
|
||||
github.com/LK4D4/joincontext v0.0.0-20171026170139-1724345da6d5 // indirect
|
||||
github.com/Microsoft/go-winio v0.5.2 // indirect
|
||||
github.com/agext/levenshtein v1.2.1 // indirect
|
||||
github.com/apparentlymart/go-textseg/v13 v13.0.0 // indirect
|
||||
github.com/armon/circbuf v0.0.0-20190214190532-5111143e8da2 // indirect
|
||||
github.com/armon/go-metrics v0.4.1 // indirect
|
||||
github.com/armon/go-radix v1.0.0 // indirect
|
||||
github.com/bgentry/speakeasy v0.1.0 // indirect
|
||||
github.com/cenkalti/backoff/v3 v3.2.2 // indirect
|
||||
github.com/checkpoint-restore/go-criu/v5 v5.3.0 // indirect
|
||||
github.com/cilium/ebpf v0.9.1 // indirect
|
||||
github.com/container-storage-interface/spec v1.6.0 // indirect
|
||||
github.com/containerd/console v1.0.3 // indirect
|
||||
github.com/containernetworking/plugins v1.1.1 // indirect
|
||||
github.com/coreos/go-systemd/v22 v22.3.2 // indirect
|
||||
github.com/creack/pty v1.1.18 // indirect
|
||||
github.com/cyphar/filepath-securejoin v0.2.3 // indirect
|
||||
github.com/davecgh/go-spew v1.1.1 // indirect
|
||||
github.com/docker/docker v20.10.17+incompatible // indirect
|
||||
github.com/docker/libnetwork v0.8.0-dev.2.0.20210525090646-64b7a4574d14 // indirect
|
||||
github.com/dustin/go-humanize v1.0.0 // indirect
|
||||
github.com/fatih/color v1.13.0 // indirect
|
||||
github.com/go-ole/go-ole v1.2.6 // indirect
|
||||
github.com/go-test/deep v1.0.3 // indirect
|
||||
github.com/godbus/dbus/v5 v5.1.0 // indirect
|
||||
github.com/golang-jwt/jwt/v4 v4.4.2 // indirect
|
||||
github.com/golang/protobuf v1.5.2 // indirect
|
||||
github.com/golang/snappy v0.0.4 // indirect
|
||||
github.com/google/btree v1.0.0 // indirect
|
||||
github.com/google/uuid v1.3.0 // indirect
|
||||
github.com/grpc-ecosystem/go-grpc-middleware v1.3.0 // indirect
|
||||
github.com/hashicorp/consul/api v1.15.3 // indirect
|
||||
github.com/hashicorp/cronexpr v1.1.1 // indirect
|
||||
|
@ -57,21 +39,18 @@ require (
|
|||
github.com/hashicorp/go-cleanhttp v0.5.2 // indirect
|
||||
github.com/hashicorp/go-immutable-radix v1.3.1 // indirect
|
||||
github.com/hashicorp/go-msgpack v1.1.5 // indirect
|
||||
github.com/hashicorp/go-multierror v1.1.1 // indirect
|
||||
github.com/hashicorp/go-retryablehttp v0.7.1 // indirect
|
||||
github.com/hashicorp/go-rootcerts v1.0.2 // indirect
|
||||
github.com/hashicorp/go-secure-stdlib/listenerutil v0.1.4 // indirect
|
||||
github.com/hashicorp/go-secure-stdlib/mlock v0.1.2 // indirect
|
||||
github.com/hashicorp/go-secure-stdlib/parseutil v0.1.6 // indirect
|
||||
github.com/hashicorp/go-secure-stdlib/reloadutil v0.1.1 // indirect
|
||||
github.com/hashicorp/go-secure-stdlib/strutil v0.1.2 // indirect
|
||||
github.com/hashicorp/go-secure-stdlib/tlsutil v0.1.1 // indirect
|
||||
github.com/hashicorp/go-set v0.1.6 // indirect
|
||||
github.com/hashicorp/go-sockaddr v1.0.2 // indirect
|
||||
github.com/hashicorp/go-uuid v1.0.3 // indirect
|
||||
github.com/hashicorp/go-version v1.6.0 // indirect
|
||||
github.com/hashicorp/golang-lru v0.5.4 // indirect
|
||||
github.com/hashicorp/hcl v1.0.1-vault-3 // indirect
|
||||
github.com/hashicorp/hcl/v2 v2.9.2-0.20220525143345-ab3cae0737bc // indirect
|
||||
github.com/hashicorp/memberlist v0.4.0 // indirect
|
||||
github.com/hashicorp/raft v1.3.11 // indirect
|
||||
github.com/hashicorp/raft-autopilot v0.1.6 // indirect
|
||||
|
@ -80,19 +59,14 @@ require (
|
|||
github.com/hashicorp/vault/sdk v0.6.0 // indirect
|
||||
github.com/hashicorp/yamux v0.0.0-20211028200310-0bc27b27de87 // indirect
|
||||
github.com/hpcloud/tail v1.0.1-0.20170814160653-37f427138745 // indirect
|
||||
github.com/huandu/xstrings v1.3.2 // indirect
|
||||
github.com/imdario/mergo v0.3.13 // indirect
|
||||
github.com/ishidawataru/sctp v0.0.0-20191218070446-00ab2ac2db07 // indirect
|
||||
github.com/jefferai/isbadcipher v0.0.0-20190226160619-51d2077c035f // indirect
|
||||
github.com/lufia/plan9stats v0.0.0-20220517141722-cf486979b281 // indirect
|
||||
github.com/mattn/go-colorable v0.1.13 // indirect
|
||||
github.com/mattn/go-isatty v0.0.16 // indirect
|
||||
github.com/miekg/dns v1.1.50 // indirect
|
||||
github.com/mitchellh/cli v1.1.4 // indirect
|
||||
github.com/mitchellh/copystructure v1.2.0 // indirect
|
||||
github.com/mitchellh/go-homedir v1.1.0 // indirect
|
||||
github.com/mitchellh/go-ps v1.0.0 // indirect
|
||||
github.com/mitchellh/go-testing-interface v1.14.1 // indirect
|
||||
github.com/mitchellh/go-wordwrap v1.0.1 // indirect
|
||||
github.com/mitchellh/hashstructure v1.1.0 // indirect
|
||||
github.com/mitchellh/mapstructure v1.5.0 // indirect
|
||||
github.com/mitchellh/reflectwalk v1.0.2 // indirect
|
||||
|
@ -102,18 +76,17 @@ require (
|
|||
github.com/niemeyer/pretty v0.0.0-20200227124842-a10e7caefd8e // indirect
|
||||
github.com/oklog/run v1.1.0 // indirect
|
||||
github.com/onsi/gomega v1.17.0 // indirect
|
||||
github.com/opencontainers/runc v1.1.4 // indirect
|
||||
github.com/opencontainers/runtime-spec v1.0.3-0.20210326190908-1c3f411f0417 // indirect
|
||||
github.com/opencontainers/selinux v1.10.1 // indirect
|
||||
github.com/pierrec/lz4 v2.6.1+incompatible // indirect
|
||||
github.com/pmezard/go-difflib v1.0.0 // indirect
|
||||
github.com/posener/complete v1.2.3 // indirect
|
||||
github.com/power-devops/perfstat v0.0.0-20220216144756-c35f1ee13d7c // indirect
|
||||
github.com/ryanuber/go-glob v1.0.0 // indirect
|
||||
github.com/sean-/seed v0.0.0-20170313163322-e2103e2c3529 // indirect
|
||||
github.com/seccomp/libseccomp-golang v0.10.0 // indirect
|
||||
github.com/shopspring/decimal v1.2.0 // indirect
|
||||
github.com/shirou/gopsutil/v3 v3.22.8 // indirect
|
||||
github.com/sirupsen/logrus v1.9.0 // indirect
|
||||
github.com/spf13/cast v1.3.1 // indirect
|
||||
github.com/stretchr/testify v1.8.1 // indirect
|
||||
github.com/syndtr/gocapability v0.0.0-20200815063812-42c35b437635 // indirect
|
||||
github.com/tklauser/go-sysconf v0.3.10 // indirect
|
||||
github.com/tklauser/numcpus v0.5.0 // indirect
|
||||
github.com/vishvananda/netlink v1.2.1-beta.2 // indirect
|
||||
|
@ -128,16 +101,16 @@ require (
|
|||
golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4 // indirect
|
||||
golang.org/x/net v0.0.0-20220906165146-f3363e06e74c // indirect
|
||||
golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4 // indirect
|
||||
golang.org/x/sys v0.1.0 // indirect
|
||||
golang.org/x/text v0.3.8 // indirect
|
||||
golang.org/x/time v0.0.0-20220609170525-579cf78fd858 // indirect
|
||||
golang.org/x/tools v0.1.12 // indirect
|
||||
google.golang.org/appengine v1.6.7 // indirect
|
||||
google.golang.org/genproto v0.0.0-20220712132514-bdd2acd4974d // indirect
|
||||
google.golang.org/grpc v1.48.0 // indirect
|
||||
google.golang.org/protobuf v1.28.1 // indirect
|
||||
gopkg.in/check.v1 v1.0.0-20200227125254-8fa46927fb4f // indirect
|
||||
gopkg.in/fsnotify.v1 v1.4.7 // indirect
|
||||
gopkg.in/square/go-jose.v2 v2.6.0 // indirect
|
||||
gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7 // indirect
|
||||
gopkg.in/yaml.v3 v3.0.1 // indirect
|
||||
gotest.tools/v3 v3.4.0 // indirect
|
||||
)
|
||||
|
|
74
go.sum
74
go.sum
|
@ -6,30 +6,21 @@ github.com/DataDog/datadog-go v2.2.0+incompatible/go.mod h1:LButxg5PwREeZtORoXG3
|
|||
github.com/DataDog/datadog-go v3.2.0+incompatible/go.mod h1:LButxg5PwREeZtORoXG3tL4fMGNddJ+vMq1mwgfaqoQ=
|
||||
github.com/LK4D4/joincontext v0.0.0-20171026170139-1724345da6d5 h1:U7q69tqXiCf6m097GRlNQB0/6SI1qWIOHYHhCEvDxF4=
|
||||
github.com/LK4D4/joincontext v0.0.0-20171026170139-1724345da6d5/go.mod h1:nxQPcNPR/34g+HcK2hEsF99O+GJgIkW/OmPl8wtzhmk=
|
||||
github.com/Masterminds/goutils v1.1.0/go.mod h1:8cTjp+g8YejhMuvIA5y2vz3BpJxksy863GQaJW2MFNU=
|
||||
github.com/Masterminds/goutils v1.1.1 h1:5nUrii3FMTL5diU80unEVvNevw1nH4+ZV4DSLVJLSYI=
|
||||
github.com/Masterminds/goutils v1.1.1/go.mod h1:8cTjp+g8YejhMuvIA5y2vz3BpJxksy863GQaJW2MFNU=
|
||||
github.com/Masterminds/semver v1.5.0/go.mod h1:MB6lktGJrhw8PrUyiEoblNEGEQ+RzHPF078ddwwvV3Y=
|
||||
github.com/Masterminds/semver v1.5.0 h1:H65muMkzWKEuNDnfl9d70GUjFniHKHRbFPGBuZ3QEww=
|
||||
github.com/Masterminds/semver/v3 v3.1.1 h1:hLg3sBzpNErnxhQtUy/mmLR2I9foDujNK030IGemrRc=
|
||||
github.com/Masterminds/semver/v3 v3.1.1/go.mod h1:VPu/7SZ7ePZ3QOrcuXROw5FAcLl4a0cBrbBpGY/8hQs=
|
||||
github.com/Masterminds/sprig v2.22.0+incompatible/go.mod h1:y6hNFY5UBTIWBxnzTeuNhlNS5hqE0NB0E6fgfo2Br3o=
|
||||
github.com/Masterminds/sprig v2.22.0+incompatible h1:z4yfnGrZ7netVz+0EDJ0Wi+5VZCSYp4Z0m2dk6cEM60=
|
||||
github.com/Masterminds/sprig/v3 v3.2.0 h1:P1ekkbuU73Ui/wS0nK1HOM37hh4xdfZo485UPf8rc+Y=
|
||||
github.com/Masterminds/sprig/v3 v3.2.0/go.mod h1:tWhwTbUTndesPNeF0C900vKoq283u6zp4APT9vaF3SI=
|
||||
github.com/Microsoft/go-winio v0.5.2 h1:a9IhgEQBCUEk6QCdml9CiJGhAws+YwffDHEMp1VMrpA=
|
||||
github.com/Microsoft/go-winio v0.5.2/go.mod h1:WpS1mjBmmwHBEWmogvA2mj8546UReBk4v8QkMxJ6pZY=
|
||||
github.com/Microsoft/hcsshim v0.9.3 h1:k371PzBuRrz2b+ebGuI2nVgVhgsVX60jMfSw80NECxo=
|
||||
github.com/agext/levenshtein v1.2.1 h1:QmvMAjj2aEICytGiWzmxoE0x2KZvE0fvmqMOfy2tjT8=
|
||||
github.com/agext/levenshtein v1.2.1/go.mod h1:JEDfjyjHDjOF/1e4FlBE/PkbqA9OfWu2ki2W0IB5558=
|
||||
github.com/alecthomas/template v0.0.0-20160405071501-a0175ee3bccc/go.mod h1:LOuyumcjzFXgccqObfd/Ljyb9UuFJ6TxHnclSeseNhc=
|
||||
github.com/alecthomas/template v0.0.0-20190718012654-fb15b899a751/go.mod h1:LOuyumcjzFXgccqObfd/Ljyb9UuFJ6TxHnclSeseNhc=
|
||||
github.com/alecthomas/units v0.0.0-20151022065526-2efee857e7cf/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0=
|
||||
github.com/alecthomas/units v0.0.0-20190717042225-c3de453c63f4/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0=
|
||||
github.com/antihax/optional v1.0.0/go.mod h1:uupD/76wgC+ih3iEmQUL+0Ugr19nfwCT1kdvxnR2qWY=
|
||||
github.com/apparentlymart/go-dump v0.0.0-20180507223929-23540a00eaa3 h1:ZSTrOEhiM5J5RFxEaFvMZVEAM1KvT1YzbEOwB2EAGjA=
|
||||
github.com/apparentlymart/go-dump v0.0.0-20180507223929-23540a00eaa3/go.mod h1:oL81AME2rN47vu18xqj1S1jPIPuN7afo62yKTNn3XMM=
|
||||
github.com/apparentlymart/go-textseg v1.0.0/go.mod h1:z96Txxhf3xSFMPmb5X/1W05FF/Nj9VFpLOpjS5yuumk=
|
||||
github.com/apparentlymart/go-textseg/v13 v13.0.0 h1:Y+KvPE1NYz0xl601PVImeQfFyEy6iT90AvPUL1NNfNw=
|
||||
github.com/apparentlymart/go-textseg/v13 v13.0.0/go.mod h1:ZK2fH7c4NqDTLtiYLvIkEghdlcqw7yxLeM89kiTRPUo=
|
||||
github.com/armon/circbuf v0.0.0-20150827004946-bbbad097214e/go.mod h1:3U/XgcO3hCbHZ8TKRvWD2dDTCfh9M9ya+I9JpbB7O8o=
|
||||
github.com/armon/circbuf v0.0.0-20190214190532-5111143e8da2 h1:7Ip0wMmLHLRJdrloDxZfhMm0xrLXZS8+COSu2bXmEQs=
|
||||
github.com/armon/circbuf v0.0.0-20190214190532-5111143e8da2/go.mod h1:3U/XgcO3hCbHZ8TKRvWD2dDTCfh9M9ya+I9JpbB7O8o=
|
||||
|
@ -43,7 +34,6 @@ github.com/armon/go-radix v1.0.0 h1:F4z6KzEeeQIMeLFa97iZU6vupzoecKdU5TX24SNppXI=
|
|||
github.com/armon/go-radix v1.0.0/go.mod h1:ufUuZ+zHj4x4TnLV4JWEpy2hxWSpsRywHrMgIH9cCH8=
|
||||
github.com/beorn7/perks v0.0.0-20180321164747-3a771d992973/go.mod h1:Dwedo/Wpr24TaqPxmxbtue+5NUziq4I4S80YR8gNf3Q=
|
||||
github.com/beorn7/perks v1.0.0/go.mod h1:KWe93zE9D1o94FZ5RNwFwVgaQK1VOXiVxmqh+CedLV8=
|
||||
github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM=
|
||||
github.com/beorn7/perks v1.0.1/go.mod h1:G2ZrVWU2WbWT9wwq4/hrbKbnv/1ERSJQ0ibhJ6rlkpw=
|
||||
github.com/bgentry/speakeasy v0.1.0 h1:ByYyxL9InA1OWqxJqqp2A5pYHUrCiAL6K3J+LKSsQkY=
|
||||
github.com/bgentry/speakeasy v0.1.0/go.mod h1:+zsyZBPWlz7T6j88CTgSN5bM796AkVf0kBD4zp0CCIs=
|
||||
|
@ -53,7 +43,6 @@ github.com/cenkalti/backoff/v3 v3.2.2 h1:cfUAAO3yvKMYKPrvhDuHSwQnhZNk/RMHKdZqKTx
|
|||
github.com/cenkalti/backoff/v3 v3.2.2/go.mod h1:cIeZDE3IrqwwJl6VUwCN6trj1oXrTS4rc0ij+ULvLYs=
|
||||
github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU=
|
||||
github.com/cespare/xxhash/v2 v2.1.1/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs=
|
||||
github.com/cespare/xxhash/v2 v2.1.2 h1:YRXhKfTDauu4ajMg1TPgFO5jnlC2HCbmLXMcTG5cbYE=
|
||||
github.com/checkpoint-restore/go-criu/v5 v5.3.0 h1:wpFFOoomK3389ue2lAb0Boag6XPht5QYpipxmSNL4d8=
|
||||
github.com/checkpoint-restore/go-criu/v5 v5.3.0/go.mod h1:E/eQpaFtUKGOOSEBZgmKAcn+zUUwWxqcaKZlF54wK8E=
|
||||
github.com/cilium/ebpf v0.7.0/go.mod h1:/oI2+1shJiTGAMgl6/RgJr36Eo1jzrRcAWbcXO2usCA=
|
||||
|
@ -88,19 +77,11 @@ github.com/cyphar/filepath-securejoin v0.2.3/go.mod h1:aPGpWjXOXUn2NCNjFvBE6aRxG
|
|||
github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
|
||||
github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
|
||||
github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
|
||||
github.com/docker/cli v20.10.18+incompatible h1:f/GQLsVpo10VvToRay2IraVA1wHz9KktZyjev3SIVDU=
|
||||
github.com/docker/distribution v2.8.1+incompatible h1:Q50tZOPR6T/hjNsyc9g8/syEs6bk8XXApsHjKukMl68=
|
||||
github.com/docker/docker v20.10.17+incompatible h1:JYCuMrWaVNophQTOrMMoSwudOVEfcegoZZrleKc1xwE=
|
||||
github.com/docker/docker v20.10.17+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk=
|
||||
github.com/docker/docker-credential-helpers v0.6.4 h1:axCks+yV+2MR3/kZhAmy07yC56WZ2Pwu/fKWtKuZB0o=
|
||||
github.com/docker/go-connections v0.4.0 h1:El9xVISelRB7BuFusrZozjnkIM5YnzCViNKohAFqRJQ=
|
||||
github.com/docker/go-metrics v0.0.1 h1:AgB/0SvBxihN0X8OR4SjsblXkbMvalQ8cjmtKQ2rQV8=
|
||||
github.com/docker/go-units v0.4.0/go.mod h1:fgPhTUdO+D/Jk86RDLlptpiXQzgHJF7gydDDbaIK4Dk=
|
||||
github.com/docker/go-units v0.5.0 h1:69rxXcBk27SvSaaxTtLh/8llcHD8vYHT7WSdRZ/jvr4=
|
||||
github.com/docker/libnetwork v0.8.0-dev.2.0.20210525090646-64b7a4574d14 h1:GZvuJOpa10/Yl2EinacWoMqJ+XtNPbikclDZvNXBNO8=
|
||||
github.com/docker/libnetwork v0.8.0-dev.2.0.20210525090646-64b7a4574d14/go.mod h1:93m0aTqz6z+g32wla4l4WxTrdtvBRmVzYRkYvasA5Z8=
|
||||
github.com/dustin/go-humanize v1.0.0 h1:VSnTsYCnlFHaM2/igO1h6X3HA71jcobQuxemgkq4zYo=
|
||||
github.com/dustin/go-humanize v1.0.0/go.mod h1:HtrtbFcZ19U5GC7JDqmcUSB87Iq5E25KnS6fMYU6eOk=
|
||||
github.com/envoyproxy/go-control-plane v0.9.0/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4=
|
||||
github.com/envoyproxy/go-control-plane v0.9.1-0.20191026205805-5f8ba28d4473/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4=
|
||||
github.com/envoyproxy/go-control-plane v0.9.4/go.mod h1:6rpuAdCZL397s3pYoYcLgu1mIlRU8Am5FuJP05cCM98=
|
||||
|
@ -141,7 +122,6 @@ github.com/golang-jwt/jwt/v4 v4.4.2/go.mod h1:m21LjoU+eqJr34lmDMbreY2eSTRJ1cv77w
|
|||
github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q=
|
||||
github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da h1:oI5xCqsCo564l8iNU+DwB5epxmsaqB+rhGL0m5jtYqE=
|
||||
github.com/golang/mock v1.1.1/go.mod h1:oTYuIxOrZwtPieC+H1uAHpcLFnEyAGVDL/k47Jfbm0A=
|
||||
github.com/golang/protobuf v1.1.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
|
||||
github.com/golang/protobuf v1.2.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
|
||||
github.com/golang/protobuf v1.3.1/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
|
||||
github.com/golang/protobuf v1.3.2/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
|
||||
|
@ -175,11 +155,8 @@ github.com/google/go-cmp v0.5.7/go.mod h1:n+brtR0CgQNWTVd5ZUFpTBC8YFBDLK/h/bpaJ8
|
|||
github.com/google/go-cmp v0.5.8/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
|
||||
github.com/google/go-cmp v0.5.9 h1:O2Tfq5qg4qc4AmwVlvv0oLiVAGB7enBSJ2x2DqQFi38=
|
||||
github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg=
|
||||
github.com/google/uuid v1.1.1/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
|
||||
github.com/google/uuid v1.1.2/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
|
||||
github.com/google/uuid v1.3.0 h1:t6JiXgmwXMjEs8VusXIJk2BXHsn+wx8BZdTaoZ5fu7I=
|
||||
github.com/google/uuid v1.3.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
|
||||
github.com/gorilla/mux v1.8.0 h1:i40aqfkR1h2SlN9hojwV5ZA91wcXFOvkdNIeFDP5koI=
|
||||
github.com/grpc-ecosystem/go-grpc-middleware v1.3.0 h1:+9834+KizmvFV7pXQGSXQTsaWhq2GjuNUt0aUU0YBYw=
|
||||
github.com/grpc-ecosystem/go-grpc-middleware v1.3.0/go.mod h1:z0ButlSOZa5vEBq9m2m2hlwIgKw+rp3sdCBRoJY+30Y=
|
||||
github.com/grpc-ecosystem/grpc-gateway v1.16.0/go.mod h1:BDjrQk3hbvj6Nolgz8mAMFbcEtjT1g+wF4CSlocrBnw=
|
||||
|
@ -224,19 +201,15 @@ github.com/hashicorp/go-retryablehttp v0.7.1/go.mod h1:vAew36LZh98gCBJNLH42IQ1ER
|
|||
github.com/hashicorp/go-rootcerts v1.0.2 h1:jzhAVGtqPKbwpyCPELlgNWhE1znq+qwJtW5Oi2viEzc=
|
||||
github.com/hashicorp/go-rootcerts v1.0.2/go.mod h1:pqUvnprVnM5bf7AOirdbb01K4ccR319Vf4pU3K5EGc8=
|
||||
github.com/hashicorp/go-secure-stdlib/listenerutil v0.1.4 h1:6ajbq64FhrIJZ6prrff3upVVDil4yfCrnSKwTH0HIPE=
|
||||
github.com/hashicorp/go-secure-stdlib/listenerutil v0.1.4/go.mod h1:myX7XYMJRIP4PLHtYJiKMTJcKOX0M5ZJNwP0iw+l3uw=
|
||||
github.com/hashicorp/go-secure-stdlib/mlock v0.1.2 h1:p4AKXPPS24tO8Wc8i1gLvSKdmkiSY5xuju57czJ/IJQ=
|
||||
github.com/hashicorp/go-secure-stdlib/mlock v0.1.2/go.mod h1:zq93CJChV6L9QTfGKtfBxKqD7BqqXx5O04A/ns2p5+I=
|
||||
github.com/hashicorp/go-secure-stdlib/parseutil v0.1.1/go.mod h1:QmrqtbKuxxSWTN3ETMPuB+VtEiBJ/A9XhoYGv8E1uD8=
|
||||
github.com/hashicorp/go-secure-stdlib/parseutil v0.1.6 h1:om4Al8Oy7kCm/B86rLCLah4Dt5Aa0Fr5rYBG60OzwHQ=
|
||||
github.com/hashicorp/go-secure-stdlib/parseutil v0.1.6/go.mod h1:QmrqtbKuxxSWTN3ETMPuB+VtEiBJ/A9XhoYGv8E1uD8=
|
||||
github.com/hashicorp/go-secure-stdlib/reloadutil v0.1.1 h1:SMGUnbpAcat8rIKHkBPjfv81yC46a8eCNZ2hsR2l1EI=
|
||||
github.com/hashicorp/go-secure-stdlib/reloadutil v0.1.1/go.mod h1:Ch/bf00Qnx77MZd49JRgHYqHQjtEmTgGU2faufpVZb0=
|
||||
github.com/hashicorp/go-secure-stdlib/strutil v0.1.1/go.mod h1:gKOamz3EwoIoJq7mlMIRBpVTAUn8qPCrEclOKKWhD3U=
|
||||
github.com/hashicorp/go-secure-stdlib/strutil v0.1.2 h1:kes8mmyCpxJsI7FTwtzRqEy9CdjCtrXrXGuOpxEA7Ts=
|
||||
github.com/hashicorp/go-secure-stdlib/strutil v0.1.2/go.mod h1:Gou2R9+il93BqX25LAKCLuM+y9U2T4hlwvT1yprcna4=
|
||||
github.com/hashicorp/go-secure-stdlib/tlsutil v0.1.1 h1:Yc026VyMyIpq1UWRnakHRG01U8fJm+nEfEmjoAb00n8=
|
||||
github.com/hashicorp/go-secure-stdlib/tlsutil v0.1.1/go.mod h1:l8slYwnJA26yBz+ErHpp2IRCLr0vuOMGBORIz4rRiAs=
|
||||
github.com/hashicorp/go-set v0.1.6 h1:fj/JG5B97sAOd9OQN4GL880yCE384fz3asNDpGbxkPo=
|
||||
github.com/hashicorp/go-set v0.1.6/go.mod h1:ELvMcE+1mRHYPVgTFSQiecObIwZRxY5Q11EhbtmM5KQ=
|
||||
github.com/hashicorp/go-sockaddr v1.0.0/go.mod h1:7Xibr9yA9JjQq1JpNB2Vw7kxv8xerXegt+ozgdvDeDU=
|
||||
|
@ -253,11 +226,9 @@ github.com/hashicorp/go-version v1.6.0/go.mod h1:fltr4n8CU8Ke44wwGCBoEymUuxUHl09
|
|||
github.com/hashicorp/golang-lru v0.5.0/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8=
|
||||
github.com/hashicorp/golang-lru v0.5.4 h1:YDjusn29QI/Das2iO9M0BHnIbxPeyuCHsjMW+lJfyTc=
|
||||
github.com/hashicorp/golang-lru v0.5.4/go.mod h1:iADmTwqILo4mZ8BN3D2Q6+9jd8WM5uGBxy+E8yxSoD4=
|
||||
github.com/hashicorp/hcl v1.0.0/go.mod h1:E5yfLk+7swimpb2L/Alb/PJmXilQ/rhwaUYs4T20WEQ=
|
||||
github.com/hashicorp/hcl v1.0.1-vault-3 h1:V95v5KSTu6DB5huDSKiq4uAfILEuNigK/+qPET6H/Mg=
|
||||
github.com/hashicorp/hcl v1.0.1-vault-3/go.mod h1:XYhtn6ijBSAj6n4YqAaf7RBPS4I06AItNorpy+MoQNM=
|
||||
github.com/hashicorp/hcl/v2 v2.9.2-0.20220525143345-ab3cae0737bc h1:32lGaCPq5JPYNgFFTjl/cTIar9UWWxCbimCs5G2hMHg=
|
||||
github.com/hashicorp/hcl/v2 v2.9.2-0.20220525143345-ab3cae0737bc/go.mod h1:odKNpEeZv3COD+++SQcPyACuKOlM5eBoQlzRyN5utIQ=
|
||||
github.com/hashicorp/logutils v1.0.0/go.mod h1:QIAnNjmIWmVIIkWDTG1z5v++HQmx9WQRO+LraFDTW64=
|
||||
github.com/hashicorp/mdns v1.0.4/go.mod h1:mtBihi+LeNXGtG8L9dX59gAEa12BDtBQSp4v/YAJqrc=
|
||||
github.com/hashicorp/memberlist v0.3.0/go.mod h1:MS2lj3INKhZjWNqd3N0m3J+Jxf3DAOnAH9VT3Sh9MUE=
|
||||
|
@ -284,16 +255,9 @@ github.com/hashicorp/yamux v0.0.0-20211028200310-0bc27b27de87/go.mod h1:CtWFDAQg
|
|||
github.com/hpcloud/tail v1.0.0/go.mod h1:ab1qPbhIpdTxEkNHXyeSf5vhxWSCs/tWer42PpOxQnU=
|
||||
github.com/hpcloud/tail v1.0.1-0.20170814160653-37f427138745 h1:8as8OQ+RF1QrsHvWWsKBtBKINhD9QaD1iozA1wrO4aA=
|
||||
github.com/hpcloud/tail v1.0.1-0.20170814160653-37f427138745/go.mod h1:ab1qPbhIpdTxEkNHXyeSf5vhxWSCs/tWer42PpOxQnU=
|
||||
github.com/huandu/xstrings v1.3.1/go.mod h1:y5/lhBue+AyNmUVz9RLU9xbLR0o4KIIExikq4ovT0aE=
|
||||
github.com/huandu/xstrings v1.3.2 h1:L18LIDzqlW6xN2rEkpdV8+oL/IXWJ1APd+vsdYy4Wdw=
|
||||
github.com/huandu/xstrings v1.3.2/go.mod h1:y5/lhBue+AyNmUVz9RLU9xbLR0o4KIIExikq4ovT0aE=
|
||||
github.com/imdario/mergo v0.3.11/go.mod h1:jmQim1M+e3UYxmgPu/WyfjB3N3VflVyUjjjwH0dnCYA=
|
||||
github.com/imdario/mergo v0.3.13 h1:lFzP57bqS/wsqKssCGmtLAb8A0wKjLGrve2q3PPVcBk=
|
||||
github.com/imdario/mergo v0.3.13/go.mod h1:4lJ1jqUDcsbIECGy0RUJAXNIhg+6ocWgb1ALK2O4oXg=
|
||||
github.com/ishidawataru/sctp v0.0.0-20191218070446-00ab2ac2db07 h1:rw3IAne6CDuVFlZbPOkA7bhxlqawFh7RJJ+CejfMaxE=
|
||||
github.com/ishidawataru/sctp v0.0.0-20191218070446-00ab2ac2db07/go.mod h1:co9pwDoBCm1kGxawmb4sPq0cSIOOWNPT4KnHotMP1Zg=
|
||||
github.com/jefferai/isbadcipher v0.0.0-20190226160619-51d2077c035f h1:E87tDTVS5W65euzixn7clSzK66puSt1H4I5SC0EmHH4=
|
||||
github.com/jefferai/isbadcipher v0.0.0-20190226160619-51d2077c035f/go.mod h1:3J2qVK16Lq8V+wfiL2lPeDZ7UWMxk5LemerHa1p6N00=
|
||||
github.com/jhump/protoreflect v1.6.0 h1:h5jfMVslIg6l29nsMs0D8Wj17RDVdNYti0vDN/PZZoE=
|
||||
github.com/json-iterator/go v1.1.6/go.mod h1:+SdeFBvtyEkXs7REEP0seUULqWtbJapLOCVDaaPEHmU=
|
||||
github.com/json-iterator/go v1.1.9/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4=
|
||||
|
@ -310,8 +274,6 @@ github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ=
|
|||
github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI=
|
||||
github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY=
|
||||
github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE=
|
||||
github.com/kylelemons/godebug v0.0.0-20170820004349-d65d576e9348 h1:MtvEpTB6LX3vkb4ax0b5D2DHbNAUsen0Gx5wZoq3lV4=
|
||||
github.com/kylelemons/godebug v0.0.0-20170820004349-d65d576e9348/go.mod h1:B69LEHPfb2qLo0BaaOLcbitczOKLWTsrBG9LczfCD4k=
|
||||
github.com/lufia/plan9stats v0.0.0-20211012122336-39d0f177ccd0/go.mod h1:zJYVVT2jmtg6P3p1VtQj7WsuWi/y4VnjVBn7F8KPB3I=
|
||||
github.com/lufia/plan9stats v0.0.0-20220517141722-cf486979b281 h1:aczX6NMOtt6L4YT0fQvKkDK6LZEtdOso9sUH89V1+P0=
|
||||
github.com/lufia/plan9stats v0.0.0-20220517141722-cf486979b281/go.mod h1:lc+czkgO/8F7puNki5jk8QyujbfK1LOT7Wl0ON2hxyk=
|
||||
|
@ -331,17 +293,13 @@ github.com/mattn/go-isatty v0.0.14/go.mod h1:7GGIvUiUoEMVVmxf/4nioHXj79iQHKdU27k
|
|||
github.com/mattn/go-isatty v0.0.16 h1:bq3VjFmv/sOjHtdEhmkEV4x1AJtvUvOJ2PFAZ5+peKQ=
|
||||
github.com/mattn/go-isatty v0.0.16/go.mod h1:kYGgaQfpe5nmfYZH+SKPsOc2e4SrIfOl2e/yFXSvRLM=
|
||||
github.com/matttproud/golang_protobuf_extensions v1.0.1/go.mod h1:D8He9yQNgCq6Z5Ld7szi9bcBfOoFv/3dc6xSMkL2PC0=
|
||||
github.com/matttproud/golang_protobuf_extensions v1.0.2-0.20181231171920-c182affec369 h1:I0XW9+e1XWDxdcEniV4rQAIOPUGDq67JSCiRCgGCZLI=
|
||||
github.com/miekg/dns v1.1.26/go.mod h1:bPDLeHnStXmXAq1m/Ch/hvfNHr14JKNPMBo3VZKjuso=
|
||||
github.com/miekg/dns v1.1.41/go.mod h1:p6aan82bvRIyn+zDIv9xYNUpwa73JcSh9BKwknJysuI=
|
||||
github.com/miekg/dns v1.1.50 h1:DQUfb9uc6smULcREF09Uc+/Gd46YWqJd5DbpPE9xkcA=
|
||||
github.com/miekg/dns v1.1.50/go.mod h1:e3IlAVfNqAllflbibAZEWOXOQ+Ynzk/dDozDxY7XnME=
|
||||
github.com/mitchellh/cli v1.0.0/go.mod h1:hNIlj7HEI86fIcpObd7a0FcrxTWetlwJDGcceTlRvqc=
|
||||
github.com/mitchellh/cli v1.1.0/go.mod h1:xcISNoH86gajksDmfB23e/pu+B+GeFRMYmoHXxx3xhI=
|
||||
github.com/mitchellh/cli v1.1.2/go.mod h1:6iaV0fGdElS6dPBx0EApTxHrcWvmJphyh2n8YBLPPZ4=
|
||||
github.com/mitchellh/cli v1.1.4 h1:qj8czE26AU4PbiaPXK5uVmMSM+V5BYsFBiM9HhGRLUA=
|
||||
github.com/mitchellh/cli v1.1.4/go.mod h1:vTLESy5mRhKOs9KDp0/RATawxP1UqBmdrpVRMnpcvKQ=
|
||||
github.com/mitchellh/copystructure v1.0.0/go.mod h1:SNtv71yrdKgLRyLFxmLdkAbkKEFWgYaq1OVrnRcwhnw=
|
||||
github.com/mitchellh/copystructure v1.2.0 h1:vpKXTN4ewci03Vljg/q9QvCGUDttBOGBIa15WveJJGw=
|
||||
github.com/mitchellh/copystructure v1.2.0/go.mod h1:qLl+cE2AmVv+CoeAwDPye/v+N2HKCj9FbZEVFJRxO9s=
|
||||
github.com/mitchellh/go-homedir v1.1.0 h1:lukF9ziXFxDFPkA1vsr5zpc1XuPDn/wFntq5mG+4E0Y=
|
||||
|
@ -350,17 +308,14 @@ github.com/mitchellh/go-ps v1.0.0 h1:i6ampVEEF4wQFF+bkYfwYgY+F/uYJDktmvLPf7qIgjc
|
|||
github.com/mitchellh/go-ps v1.0.0/go.mod h1:J4lOc8z8yJs6vUwklHw2XEIiT4z4C40KtWVN3nvg8Pg=
|
||||
github.com/mitchellh/go-testing-interface v1.14.1 h1:jrgshOhYAUVNMAJiKbEu7EqAwgJJ2JqpQmpLJOu07cU=
|
||||
github.com/mitchellh/go-testing-interface v1.14.1/go.mod h1:gfgS7OtZj6MA4U1UrDRp04twqAjfvlZyCfX3sDjEym8=
|
||||
github.com/mitchellh/go-wordwrap v0.0.0-20150314170334-ad45545899c7/go.mod h1:ZXFpozHsX6DPmq2I0TCekCxypsnAUbP2oI0UX1GXzOo=
|
||||
github.com/mitchellh/go-wordwrap v1.0.0/go.mod h1:ZXFpozHsX6DPmq2I0TCekCxypsnAUbP2oI0UX1GXzOo=
|
||||
github.com/mitchellh/go-wordwrap v1.0.1 h1:TLuKupo69TCn6TQSyGxwI1EblZZEsQ0vMlAFQflz0v0=
|
||||
github.com/mitchellh/go-wordwrap v1.0.1/go.mod h1:R62XHJLzvMFRBbcrT7m7WgmE1eOyTSsCt+hzestvNj0=
|
||||
github.com/mitchellh/hashstructure v1.1.0 h1:P6P1hdjqAAknpY/M1CGipelZgp+4y9ja9kmUZPXP+H0=
|
||||
github.com/mitchellh/hashstructure v1.1.0/go.mod h1:xUDAozZz0Wmdiufv0uyhnHkUTN6/6d8ulp4AwfLKrmA=
|
||||
github.com/mitchellh/mapstructure v0.0.0-20160808181253-ca63d7c062ee/go.mod h1:FVVH3fgwuzCH5S8UJGiWEs2h04kUh9fWfEaFds41c1Y=
|
||||
github.com/mitchellh/mapstructure v1.4.1/go.mod h1:bFUtVrKA4DC2yAKiSyO/QUcy7e+RRV2QTWOzhPopBRo=
|
||||
github.com/mitchellh/mapstructure v1.5.0 h1:jeMsZIYE/09sWLaz43PL7Gy6RuMjD2eJVyuac5Z2hdY=
|
||||
github.com/mitchellh/mapstructure v1.5.0/go.mod h1:bFUtVrKA4DC2yAKiSyO/QUcy7e+RRV2QTWOzhPopBRo=
|
||||
github.com/mitchellh/reflectwalk v1.0.0/go.mod h1:mSTlrgnPZtwu0c4WaC2kGObEpuNDbx0jmZXqmk4esnw=
|
||||
github.com/mitchellh/reflectwalk v1.0.2 h1:G2LzWKi524PWgd3mLHV8Y5k7s6XUvT0Gef6zxSIeXaQ=
|
||||
github.com/mitchellh/reflectwalk v1.0.2/go.mod h1:mSTlrgnPZtwu0c4WaC2kGObEpuNDbx0jmZXqmk4esnw=
|
||||
github.com/moby/sys/mount v0.3.3 h1:fX1SVkXFJ47XWDoeFW4Sq7PdQJnV2QIDZAqjNqgEjUs=
|
||||
|
@ -423,21 +378,17 @@ github.com/prometheus/client_golang v0.9.1/go.mod h1:7SWBe2y4D6OKWSNQJUaRYU/AaXP
|
|||
github.com/prometheus/client_golang v0.9.2/go.mod h1:OsXs2jCmiKlQ1lTBmv21f2mNfw4xf/QclQDMrYNZzcM=
|
||||
github.com/prometheus/client_golang v1.0.0/go.mod h1:db9x61etRT2tGnBNRi70OPL5FsnadC4Ky3P0J6CfImo=
|
||||
github.com/prometheus/client_golang v1.4.0/go.mod h1:e9GMxYsXl05ICDXkRhurwBS4Q3OK1iX/F2sw+iXX5zU=
|
||||
github.com/prometheus/client_golang v1.13.0 h1:b71QUfeo5M8gq2+evJdTPfZhYMAU0uKPkyPJ7TPsloU=
|
||||
github.com/prometheus/client_model v0.0.0-20180712105110-5c3871d89910/go.mod h1:MbSGuTsp3dbXC40dX6PRTWyKYBIrTGTE9sqQNg2J8bo=
|
||||
github.com/prometheus/client_model v0.0.0-20190129233127-fd36f4220a90/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA=
|
||||
github.com/prometheus/client_model v0.0.0-20190812154241-14fe0d1b01d4/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA=
|
||||
github.com/prometheus/client_model v0.2.0 h1:uq5h0d+GuxiXLJLNABMgp2qUWDPiLvgCzz2dUR+/W/M=
|
||||
github.com/prometheus/client_model v0.2.0/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA=
|
||||
github.com/prometheus/common v0.0.0-20181126121408-4724e9255275/go.mod h1:daVV7qP5qjZbuso7PdcryaAu0sAZbrN9i7WWcTMWvro=
|
||||
github.com/prometheus/common v0.4.1/go.mod h1:TNfzLD0ON7rHzMJeJkieUDPYmFC7Snx/y86RQel1bk4=
|
||||
github.com/prometheus/common v0.9.1/go.mod h1:yhUN8i9wzaXS3w1O07YhxHEBxD+W35wd8bs7vj7HSQ4=
|
||||
github.com/prometheus/common v0.37.0 h1:ccBbHCgIiT9uSoFY0vX8H3zsNR5eLt17/RQLUvn8pXE=
|
||||
github.com/prometheus/procfs v0.0.0-20181005140218-185b4288413d/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk=
|
||||
github.com/prometheus/procfs v0.0.0-20181204211112-1dc9a6cbc91a/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk=
|
||||
github.com/prometheus/procfs v0.0.2/go.mod h1:TjEm7ze935MbeOT/UhFTIMYKhuLP4wbCsTZCD3I8kEA=
|
||||
github.com/prometheus/procfs v0.0.8/go.mod h1:7Qr8sr6344vo1JqZ6HhLceV9o3AJ1Ff+GxbHq6oeK9A=
|
||||
github.com/prometheus/procfs v0.8.0 h1:ODq8ZFEaYeCaZOJlZZdJA2AbQR98dSHSM1KW/You5mo=
|
||||
github.com/rogpeppe/fastuuid v1.2.0/go.mod h1:jVj6XXZzXRy/MSR5jhDC/2q6DgLz+nrA6LYCDYWNEvQ=
|
||||
github.com/rogpeppe/go-internal v1.6.1 h1:/FiVV8dS/e+YqF2JvO3yXRFbBLTIuSDkuC7aBOAvL+k=
|
||||
github.com/russross/blackfriday/v2 v2.0.1/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM=
|
||||
|
@ -450,12 +401,10 @@ github.com/sean-/seed v0.0.0-20170313163322-e2103e2c3529/go.mod h1:DxrIzT+xaE7yg
|
|||
github.com/seccomp/libseccomp-golang v0.9.2-0.20220502022130-f33da4d89646/go.mod h1:JA8cRccbGaA1s33RQf7Y1+q9gHmZX1yB/z9WDN1C6fg=
|
||||
github.com/seccomp/libseccomp-golang v0.10.0 h1:aA4bp+/Zzi0BnWZ2F1wgNBs5gTpm+na2rWM6M9YjLpY=
|
||||
github.com/seccomp/libseccomp-golang v0.10.0/go.mod h1:JA8cRccbGaA1s33RQf7Y1+q9gHmZX1yB/z9WDN1C6fg=
|
||||
github.com/sergi/go-diff v1.0.0/go.mod h1:0CfEIISq7TuYL3j771MWULgwwjU+GofnZX9QAmXWZgo=
|
||||
github.com/shirou/gopsutil/v3 v3.22.8 h1:a4s3hXogo5mE2PfdfJIonDbstO/P+9JszdfhAHSzD9Y=
|
||||
github.com/shirou/gopsutil/v3 v3.22.8/go.mod h1:s648gW4IywYzUfE/KjXxUsqrqx/T2xO5VqOXxONeRfI=
|
||||
github.com/shoenig/test v0.4.3 h1:3+CjrpqCwtL08S0wZQilu9WWR/S2CdsLKhHjbJqPj/I=
|
||||
github.com/shopspring/decimal v1.2.0 h1:abSATXmQEYyShuxI4/vyW3tV1MrKAJzCZ/0zLUXYbsQ=
|
||||
github.com/shopspring/decimal v1.2.0/go.mod h1:DKyhrW/HYNuLGql+MJL6WCR6knT2jwCFRcu2hWCYk4o=
|
||||
github.com/shurcooL/sanitized_anchor_name v1.0.0/go.mod h1:1NzhyTcUVG4SuEtjjoZeVRXNmyL/1OwPU0+IJeTBvfc=
|
||||
github.com/sirupsen/logrus v1.2.0/go.mod h1:LxeOpSwHxABJmUn/MG1IvRgCAasNZTLOkJPxbbu5VWo=
|
||||
github.com/sirupsen/logrus v1.4.2/go.mod h1:tLMulIdttU9McNUspp0xgXVQah82FyeX6MwdIuYE2rE=
|
||||
|
@ -464,13 +413,10 @@ github.com/sirupsen/logrus v1.8.1/go.mod h1:yWOB1SBYBC5VeMP7gHvWumXLIWorT60ONWic
|
|||
github.com/sirupsen/logrus v1.9.0 h1:trlNQbNUG3OdDrDil03MCb1H2o9nJ1x4/5LYw7byDE0=
|
||||
github.com/sirupsen/logrus v1.9.0/go.mod h1:naHLuLoDiP4jHNo9R0sCBMtWGeIprob74mVsIT4qYEQ=
|
||||
github.com/spf13/cast v1.3.1 h1:nFm6S0SMdyzrzcmThSipiEubIDy8WEXKNZ0UOgiRpng=
|
||||
github.com/spf13/cast v1.3.1/go.mod h1:Qx5cxh0v+4UWYiBimWS+eyWzqEqokIECu5etghLkUJE=
|
||||
github.com/spf13/pflag v1.0.2/go.mod h1:DYY7MBk1bdzusC3SYhjObp+wFpr4gzcvqqNjLnInEg4=
|
||||
github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
|
||||
github.com/stretchr/objx v0.1.1/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
|
||||
github.com/stretchr/objx v0.4.0/go.mod h1:YvHI0jy2hoMjB+UWwv71VJQ9isScKT/TqJzVSSt89Yw=
|
||||
github.com/stretchr/objx v0.5.0 h1:1zr/of2m5FGMsad5YfcqgdqdWrIhu+EBEJRhR1U7z/c=
|
||||
github.com/stretchr/objx v0.5.0/go.mod h1:Yh+to48EsGEfYuaHDzXPcE3xhTkx73EhmCGUpEOglKo=
|
||||
github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs=
|
||||
github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI=
|
||||
github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4=
|
||||
|
@ -481,7 +427,6 @@ github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/
|
|||
github.com/stretchr/testify v1.7.2/go.mod h1:R6va5+xMeoiuVRoj+gSkQ7d3FALtqAAGI1FQKckRals=
|
||||
github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU=
|
||||
github.com/stretchr/testify v1.8.1 h1:w7B6lhMri9wdJUVmEZPGGhZzrYTPvgJArz7wNPgYKsk=
|
||||
github.com/stretchr/testify v1.8.1/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4=
|
||||
github.com/syndtr/gocapability v0.0.0-20200815063812-42c35b437635 h1:kdXcSzyDtseVEc4yCz2qF8ZrQvIDBJLl4S1c3GCXmoI=
|
||||
github.com/syndtr/gocapability v0.0.0-20200815063812-42c35b437635/go.mod h1:hkRG7XYTFWNJGYcbNJQlaLq0fg1yr4J4t/NcTQtrfww=
|
||||
github.com/tklauser/go-sysconf v0.3.10 h1:IJ1AZGZRWbY8T5Vfk04D9WOA5WSejdflXxP03OUqALw=
|
||||
|
@ -498,7 +443,6 @@ github.com/vishvananda/netns v0.0.0-20191106174202-0a2b9b5464df/go.mod h1:JP3t17
|
|||
github.com/vishvananda/netns v0.0.0-20200728191858-db3c7e526aae/go.mod h1:DD4vA1DwXk04H54A1oHXtwZmA0grkVMdPxx/VGLCah0=
|
||||
github.com/vishvananda/netns v0.0.0-20211101163701-50045581ed74 h1:gga7acRE695APm9hlsSMoOoE65U4/TcqNj90mc69Rlg=
|
||||
github.com/vishvananda/netns v0.0.0-20211101163701-50045581ed74/go.mod h1:DD4vA1DwXk04H54A1oHXtwZmA0grkVMdPxx/VGLCah0=
|
||||
github.com/vmihailenco/msgpack v3.3.3+incompatible/go.mod h1:fy3FlTQTDXWkZ7Bh6AcGMlsjHatGryHQYUTf1ShIgkk=
|
||||
github.com/vmihailenco/msgpack/v4 v4.3.12 h1:07s4sz9IReOgdikxLTKNbBdqDMLsjPKXwvCazn8G65U=
|
||||
github.com/vmihailenco/msgpack/v4 v4.3.12/go.mod h1:gborTTJjAo/GWTqqRjrLCn9pgNN+NXzzngzBKDPIqw4=
|
||||
github.com/vmihailenco/tagparser v0.1.1/go.mod h1:OeAg3pn3UbLjkWt+rN9oFYB6u/cQgqMEUPoW2WPyhdI=
|
||||
|
@ -509,11 +453,8 @@ github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9dec
|
|||
github.com/yuin/goldmark v1.3.5/go.mod h1:mwnBkeHKe2W/ZEtQ+71ViKU8L12m81fl3OWwC1Zlc8k=
|
||||
github.com/yusufpapurcu/wmi v1.2.2 h1:KBNDSne4vP5mbSWnJbO+51IMOXJB67QiYCSBrubbPRg=
|
||||
github.com/yusufpapurcu/wmi v1.2.2/go.mod h1:SBZ9tNy3G9/m5Oi98Zks0QjeHVDvuK0qfxQmPyzfmi0=
|
||||
github.com/zclconf/go-cty v1.2.0/go.mod h1:hOPWgoHbaTUnI5k4D2ld+GRpFJSCe6bCM7m1q/N4PQ8=
|
||||
github.com/zclconf/go-cty v1.8.0/go.mod h1:vVKLxnk3puL4qRAv72AO+W99LUD4da90g3uUAzyuvAk=
|
||||
github.com/zclconf/go-cty v1.11.0 h1:726SxLdi2SDnjY+BStqB9J1hNp4+2WlzyXLuimibIe0=
|
||||
github.com/zclconf/go-cty v1.11.0/go.mod h1:s9IfD1LK5ccNMSWCVFCE2rJfHiZgi7JijgeWIMfhLvA=
|
||||
github.com/zclconf/go-cty-debug v0.0.0-20191215020915-b22d67c1ba0b/go.mod h1:ZRKQfBXbGkpdV6QMzT3rU1kSTAnfu1dO8dPKjYprgj8=
|
||||
go.opencensus.io v0.23.0 h1:gqCw0LfLxScz8irSi8exQc7fyQ0fKQU/qnC/X8+V/1M=
|
||||
go.opentelemetry.io/proto/otlp v0.7.0/go.mod h1:PqfVotwruBrMGOCsRd/89rSnXhoiJIqeYNgFYFoEGnI=
|
||||
go.uber.org/atomic v1.4.0/go.mod h1:gD2HeocX3+yG+ygLZcrzQJaqmWj9AIm7n08wl/qW/PE=
|
||||
|
@ -527,10 +468,7 @@ golang.org/x/crypto v0.0.0-20180904163835-0709b304e793/go.mod h1:6SG95UA2DQfeDnf
|
|||
golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
|
||||
golang.org/x/crypto v0.0.0-20190923035154-9ee001bba392/go.mod h1:/lpIB1dKB+9EgE3H3cr1v9wB50oz8l4C4h62xy7jSTY=
|
||||
golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
|
||||
golang.org/x/crypto v0.0.0-20200414173820-0848c9571904/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
|
||||
golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
|
||||
golang.org/x/crypto v0.0.0-20200820211705-5c72a883971a/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
|
||||
golang.org/x/crypto v0.0.0-20220517005047-85d78b3ac167/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
|
||||
golang.org/x/crypto v0.0.0-20220622213112-05595931fe9d h1:sK3txAijHtOK88l68nt020reeT1ZdKLIYetKl95FzVY=
|
||||
golang.org/x/crypto v0.0.0-20220622213112-05595931fe9d/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
|
||||
golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
|
||||
|
@ -546,7 +484,6 @@ golang.org/x/mod v0.4.2/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
|
|||
golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4 h1:6zppjxzCulZykYSLyVDYbneBfbaBIQPYMevg0bEwv2s=
|
||||
golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4=
|
||||
golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
|
||||
golang.org/x/net v0.0.0-20180811021610-c39426892332/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
|
||||
golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
|
||||
golang.org/x/net v0.0.0-20180906233101-161cd47e91fd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
|
||||
golang.org/x/net v0.0.0-20181114220301-adae6a3d119a/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
|
||||
|
@ -570,7 +507,6 @@ golang.org/x/net v0.0.0-20210405180319-a5a99cb37ef4/go.mod h1:p54w0d4576C0XHj96b
|
|||
golang.org/x/net v0.0.0-20210410081132-afb366fc7cd1/go.mod h1:9tjilg8BloeKEkVJvy7fQ90B1CfIiPueXVOjqfkSzI8=
|
||||
golang.org/x/net v0.0.0-20210428140749-89ef3d95e781/go.mod h1:OJAsFXCWl8Ukc7SiCT/9KSuxbyM7479/AVlXFRxuMCk=
|
||||
golang.org/x/net v0.0.0-20210726213435-c6fcb2dbf985/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
|
||||
golang.org/x/net v0.0.0-20211112202133-69e39bad7dc2/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
|
||||
golang.org/x/net v0.0.0-20211216030914-fe4d6282115f/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
|
||||
golang.org/x/net v0.0.0-20220906165146-f3363e06e74c h1:yKufUcDwucU5urd+50/Opbt4AYpqthk7wHpHok8f1lo=
|
||||
golang.org/x/net v0.0.0-20220906165146-f3363e06e74c/go.mod h1:YDH+HFinaLZZlnHAfSS6ZXJJ9M9t4Dl22yv3iI2vPwk=
|
||||
|
@ -610,7 +546,6 @@ golang.org/x/sys v0.0.0-20200122134326-e047566fdf82/go.mod h1:h1NjWce9XRLGQEsW7w
|
|||
golang.org/x/sys v0.0.0-20200217220822-9197077df867/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
|
||||
golang.org/x/sys v0.0.0-20200223170610-d5e6a3e2c0ae/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
|
||||
golang.org/x/sys v0.0.0-20200323222414-85ca7c5b95cd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
|
||||
golang.org/x/sys v0.0.0-20200602225109-6fdc65e7d980/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
|
||||
golang.org/x/sys v0.0.0-20200728102440-3e129f6d46b1/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
|
||||
golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
|
||||
golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
|
||||
|
@ -622,7 +557,6 @@ golang.org/x/sys v0.0.0-20210303074136-134d130e1a04/go.mod h1:h1NjWce9XRLGQEsW7w
|
|||
golang.org/x/sys v0.0.0-20210330210617-4fbd30eecc44/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
|
||||
golang.org/x/sys v0.0.0-20210423082822-04245dca01da/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
|
||||
golang.org/x/sys v0.0.0-20210510120138-977fb7262007/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
|
||||
golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
|
||||
golang.org/x/sys v0.0.0-20210630005230-0f9fa26af87c/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
|
||||
golang.org/x/sys v0.0.0-20210906170528-6f6e22806c34/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
|
||||
golang.org/x/sys v0.0.0-20210927094055-39ccf1dd6fa6/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
|
||||
|
@ -659,7 +593,6 @@ golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtn
|
|||
golang.org/x/tools v0.0.0-20200619180055-7c47624df98f/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE=
|
||||
golang.org/x/tools v0.0.0-20201224043029-2b0845dc783e/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA=
|
||||
golang.org/x/tools v0.0.0-20210106214847-113979e3529a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA=
|
||||
golang.org/x/tools v0.1.0/go.mod h1:xkSsbof2nBLbhDlRMhhhyNLN/zl3eTqcnHD5viDpcZ0=
|
||||
golang.org/x/tools v0.1.6-0.20210726203631-07bc1bf47fb2/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk=
|
||||
golang.org/x/tools v0.1.12 h1:VveCTK38A2rkS8ZqFY25HIDFscX5X9OoEhJd3quQmXU=
|
||||
golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc=
|
||||
|
@ -727,10 +660,7 @@ gopkg.in/yaml.v2 v2.3.0/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
|
|||
gopkg.in/yaml.v2 v2.4.0 h1:D8xgwECY7CYvx+Y2n4sBz93Jn9JRvxdiyyo8CTfuKaY=
|
||||
gopkg.in/yaml.v2 v2.4.0/go.mod h1:RDklbk79AGWmwhnvt/jBztapEOGDOx6ZbXqjP6csGnQ=
|
||||
gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
|
||||
gopkg.in/yaml.v3 v3.0.0/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
|
||||
gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=
|
||||
gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
|
||||
gotest.tools/v3 v3.4.0 h1:ZazjZUfuVeZGLAmlKKuyv3IKP5orXcwtOwDQH6YVr6o=
|
||||
gotest.tools/v3 v3.4.0/go.mod h1:CtbdzLSsqVhDgMtKsx03ird5YTGB3ar27v0u/yKBW5g=
|
||||
honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
|
||||
honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
|
||||
|
|
4
main.go
4
main.go
|
@ -1,7 +1,7 @@
|
|||
package main
|
||||
|
||||
import (
|
||||
"git.deuxfleurs.fr/Deuxfleurs/nomad-driver-nix2/nix2"
|
||||
exec2 "github.com/Alexis211/nomad-driver-exec2/exec2"
|
||||
|
||||
"github.com/hashicorp/go-hclog"
|
||||
"github.com/hashicorp/nomad/plugins"
|
||||
|
@ -14,5 +14,5 @@ func main() {
|
|||
|
||||
// factory returns a new instance of a nomad driver plugin
|
||||
func factory(log hclog.Logger) interface{} {
|
||||
return nix2.NewPlugin(log)
|
||||
return exec2.NewPlugin(log)
|
||||
}
|
||||
|
|
163
nix2/nix.go
163
nix2/nix.go
|
@ -1,163 +0,0 @@
|
|||
package nix2
|
||||
|
||||
import (
|
||||
"bytes"
|
||||
"encoding/json"
|
||||
"fmt"
|
||||
"os"
|
||||
"os/exec"
|
||||
"path/filepath"
|
||||
|
||||
"github.com/hashicorp/nomad/helper/pluginutils/hclutils"
|
||||
)
|
||||
|
||||
const (
|
||||
closureNix = `
|
||||
{ path }:
|
||||
let
|
||||
nixpkgs = builtins.getFlake "%s";
|
||||
inherit (nixpkgs.legacyPackages.x86_64-linux) buildPackages;
|
||||
in buildPackages.closureInfo { rootPaths = builtins.storePath path; }
|
||||
`
|
||||
)
|
||||
|
||||
func prepareNixPackages(taskDir string, packages []string, nixpkgs string) (hclutils.MapStrStr, error) {
|
||||
mounts := make(hclutils.MapStrStr)
|
||||
|
||||
profileLink := filepath.Join(taskDir, "current-profile")
|
||||
profile, err := nixBuildProfile(taskDir, packages, profileLink)
|
||||
if err != nil {
|
||||
return nil, fmt.Errorf("Build of the flakes failed: %v", err)
|
||||
}
|
||||
|
||||
closureLink := filepath.Join(taskDir, "current-closure")
|
||||
closure, err := nixBuildClosure(profileLink, closureLink, nixpkgs)
|
||||
if err != nil {
|
||||
return nil, fmt.Errorf("Build of the flakes failed: %v", err)
|
||||
}
|
||||
|
||||
mounts[profile] = profile
|
||||
|
||||
if entries, err := os.ReadDir(profile); err != nil {
|
||||
return nil, fmt.Errorf("Couldn't read profile directory: %w", err)
|
||||
} else {
|
||||
for _, entry := range entries {
|
||||
if name := entry.Name(); name != "etc" {
|
||||
mounts[filepath.Join(profile, name)] = "/" + name
|
||||
continue
|
||||
}
|
||||
|
||||
etcEntries, err := os.ReadDir(filepath.Join(profile, "etc"))
|
||||
if err != nil {
|
||||
return nil, fmt.Errorf("Couldn't read profile's /etc directory: %w", err)
|
||||
}
|
||||
|
||||
for _, etcEntry := range etcEntries {
|
||||
etcName := etcEntry.Name()
|
||||
mounts[filepath.Join(profile, "etc", etcName)] = "/etc/" + etcName
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
requisites, err := nixRequisites(closure)
|
||||
if err != nil {
|
||||
return nil, fmt.Errorf("Couldn't determine flake requisites: %v", err)
|
||||
}
|
||||
|
||||
for _, requisite := range requisites {
|
||||
mounts[requisite] = requisite
|
||||
}
|
||||
|
||||
return mounts, nil
|
||||
}
|
||||
|
||||
func nixBuildProfile(taskDir string, flakes []string, link string) (string, error) {
|
||||
cmd := exec.Command("nix", append(
|
||||
[]string{
|
||||
"--extra-experimental-features", "nix-command",
|
||||
"--extra-experimental-features", "flakes",
|
||||
"profile",
|
||||
"install",
|
||||
"--no-write-lock-file",
|
||||
"--profile",
|
||||
link},
|
||||
flakes...)...)
|
||||
stderr := &bytes.Buffer{}
|
||||
cmd.Stderr = stderr
|
||||
cmd.Dir = taskDir
|
||||
|
||||
if err := cmd.Run(); err != nil {
|
||||
return "", fmt.Errorf("%v failed: %s. Err: %v", cmd.Args, stderr.String(), err)
|
||||
}
|
||||
|
||||
if target, err := os.Readlink(link); err == nil {
|
||||
return os.Readlink(filepath.Join(filepath.Dir(link), target))
|
||||
} else {
|
||||
return "", err
|
||||
}
|
||||
}
|
||||
|
||||
func nixBuildClosure(profile string, link string, nixpkgs string) (string, error) {
|
||||
cmd := exec.Command(
|
||||
"nix",
|
||||
"--extra-experimental-features", "nix-command",
|
||||
"--extra-experimental-features", "flakes",
|
||||
"build",
|
||||
"--out-link", link,
|
||||
"--expr", fmt.Sprintf(closureNix, nixpkgs),
|
||||
"--impure",
|
||||
"--no-write-lock-file",
|
||||
"--argstr", "path", profile)
|
||||
|
||||
stderr := &bytes.Buffer{}
|
||||
cmd.Stderr = stderr
|
||||
|
||||
if err := cmd.Run(); err != nil {
|
||||
return "", fmt.Errorf("%v failed: %s. Err: %v", cmd.Args, stderr.String(), err)
|
||||
}
|
||||
|
||||
return os.Readlink(link)
|
||||
}
|
||||
|
||||
type nixPathInfo struct {
|
||||
Path string `json:"path"`
|
||||
NarHash string `json:"narHash"`
|
||||
NarSize uint64 `json:"narSize"`
|
||||
References []string `json:"references"`
|
||||
Deriver string `json:"deriver"`
|
||||
RegistrationTime uint64 `json:"registrationTime"`
|
||||
Signatures []string `json:"signatures"`
|
||||
}
|
||||
|
||||
func nixRequisites(path string) ([]string, error) {
|
||||
cmd := exec.Command(
|
||||
"nix",
|
||||
"--extra-experimental-features", "nix-command",
|
||||
"--extra-experimental-features", "flakes",
|
||||
"path-info",
|
||||
"--json",
|
||||
"--recursive",
|
||||
path)
|
||||
|
||||
stdout := &bytes.Buffer{}
|
||||
cmd.Stdout = stdout
|
||||
|
||||
stderr := &bytes.Buffer{}
|
||||
cmd.Stderr = stderr
|
||||
|
||||
if err := cmd.Run(); err != nil {
|
||||
return nil, fmt.Errorf("%v failed: %s. Err: %v", cmd.Args, stderr.String(), err)
|
||||
}
|
||||
|
||||
result := []*nixPathInfo{}
|
||||
if err := json.Unmarshal(stdout.Bytes(), &result); err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
requisites := []string{}
|
||||
for _, result := range result {
|
||||
requisites = append(requisites, result.Path)
|
||||
}
|
||||
|
||||
return requisites, nil
|
||||
}
|
Loading…
Reference in a new issue