From 5a249b033b5b9f755c600fdf738add6a6f24831e Mon Sep 17 00:00:00 2001 From: CentOS Sources Date: Jul 29 2019 16:00:32 +0000 Subject: import podman-1.4.4-2.el7 --- diff --git a/.gitignore b/.gitignore index 4ba7360..8307c16 100644 --- a/.gitignore +++ b/.gitignore @@ -1,2 +1,2 @@ -SOURCES/cri-o-9b1f0a0.tar.gz -SOURCES/libpod-14fdcd0.tar.gz +SOURCES/conmon-8455ce1.tar.gz +SOURCES/libpod-b3f10c8.tar.gz diff --git a/.podman.metadata b/.podman.metadata index 840ed42..368c696 100644 --- a/.podman.metadata +++ b/.podman.metadata @@ -1,2 +1,2 @@ -b53ff7dd655dec8ddab85b7782a2d41e6bdcb301 SOURCES/cri-o-9b1f0a0.tar.gz -23daefa6b411aed4ebfc08fcec343f37af19dcf4 SOURCES/libpod-14fdcd0.tar.gz +64e40f340f3f708ccf7d6815b136fa4265838524 SOURCES/conmon-8455ce1.tar.gz +fc4faf79c56b697db59b15eca020768b997f6ebc SOURCES/libpod-b3f10c8.tar.gz diff --git a/SOURCES/bz1728242-1.patch b/SOURCES/bz1728242-1.patch new file mode 100644 index 0000000..eaebb8d --- /dev/null +++ b/SOURCES/bz1728242-1.patch @@ -0,0 +1,211 @@ +From bbe03e61a375416180432fbd9d00d23a7c2a4714 Mon Sep 17 00:00:00 2001 +From: Giuseppe Scrivano +Date: Mon, 8 Jul 2019 10:16:13 +0200 +Subject: [PATCH] cgroups: support creating cgroupsv2 paths + +drop the limitation of not supporting creating new cgroups v2 paths. +Every controller enabled /sys/fs/cgroup will be propagated down to the +created path. This won't work for rootless cgroupsv2, but it is not +an issue for now, as this code is used only by CRI-O. + +Signed-off-by: Giuseppe Scrivano +--- + pkg/cgroups/blkio.go | 2 +- + pkg/cgroups/cgroups.go | 52 +++++++++++++++++++++++++++++++++++++++++- + pkg/cgroups/cpu.go | 2 +- + pkg/cgroups/cpuset.go | 19 +++++++++------ + pkg/cgroups/memory.go | 2 +- + pkg/cgroups/pids.go | 3 --- + 6 files changed, 66 insertions(+), 14 deletions(-) + +diff --git a/pkg/cgroups/blkio.go b/pkg/cgroups/blkio.go +index ca9107d977..9c2a811d9e 100644 +--- a/pkg/cgroups/blkio.go ++++ b/pkg/cgroups/blkio.go +@@ -30,7 +30,7 @@ func (c *blkioHandler) Apply(ctr *CgroupControl, res *spec.LinuxResources) error + // Create the cgroup + func (c *blkioHandler) Create(ctr *CgroupControl) (bool, error) { + if ctr.cgroup2 { +- return false, fmt.Errorf("io create not implemented for cgroup v2") ++ return false, nil + } + return ctr.createCgroupDirectory(Blkio) + } +diff --git a/pkg/cgroups/cgroups.go b/pkg/cgroups/cgroups.go +index d6c19212bc..1dad45d7f7 100644 +--- a/pkg/cgroups/cgroups.go ++++ b/pkg/cgroups/cgroups.go +@@ -149,6 +149,51 @@ func (c *CgroupControl) getCgroupv1Path(name string) string { + return filepath.Join(cgroupRoot, name, c.path) + } + ++// createCgroupv2Path creates the cgroupv2 path and enables all the available controllers ++func createCgroupv2Path(path string) (Err error) { ++ content, err := ioutil.ReadFile("/sys/fs/cgroup/cgroup.controllers") ++ if err != nil { ++ return errors.Wrapf(err, "read /sys/fs/cgroup/cgroup.controllers") ++ } ++ if !filepath.HasPrefix(path, "/sys/fs/cgroup") { ++ return fmt.Errorf("invalid cgroup path %s", path) ++ } ++ ++ res := "" ++ for i, c := range strings.Split(strings.TrimSpace(string(content)), " ") { ++ if i == 0 { ++ res = fmt.Sprintf("+%s", c) ++ } else { ++ res = res + fmt.Sprintf(" +%s", c) ++ } ++ } ++ resByte := []byte(res) ++ ++ current := "/sys/fs" ++ elements := strings.Split(path, "/") ++ for i, e := range elements[3:] { ++ current = filepath.Join(current, e) ++ if i > 0 { ++ if err := os.Mkdir(current, 0755); err != nil { ++ if !os.IsExist(err) { ++ return errors.Wrapf(err, "mkdir %s", path) ++ } ++ } else { ++ // If the directory was created, be sure it is not left around on errors. ++ defer func() { ++ if Err != nil { ++ os.Remove(current) ++ } ++ }() ++ } ++ } ++ if err := ioutil.WriteFile(filepath.Join(current, "cgroup.subtree_control"), resByte, 0755); err != nil { ++ return errors.Wrapf(err, "write %s", filepath.Join(current, "cgroup.subtree_control")) ++ } ++ } ++ return nil ++} ++ + // initialize initializes the specified hierarchy + func (c *CgroupControl) initialize() (err error) { + createdSoFar := map[string]controllerHandler{} +@@ -161,6 +206,11 @@ func (c *CgroupControl) initialize() (err error) { + } + } + }() ++ if c.cgroup2 { ++ if err := createCgroupv2Path(filepath.Join(cgroupRoot, c.path)); err != nil { ++ return errors.Wrapf(err, "error creating cgroup path %s", c.path) ++ } ++ } + for name, handler := range handlers { + created, err := handler.Create(c) + if err != nil { +@@ -341,7 +391,7 @@ func (c *CgroupControl) AddPid(pid int) error { + pidString := []byte(fmt.Sprintf("%d\n", pid)) + + if c.cgroup2 { +- p := filepath.Join(cgroupRoot, c.path, "tasks") ++ p := filepath.Join(cgroupRoot, c.path, "cgroup.procs") + if err := ioutil.WriteFile(p, pidString, 0644); err != nil { + return errors.Wrapf(err, "write %s", p) + } +diff --git a/pkg/cgroups/cpu.go b/pkg/cgroups/cpu.go +index 8640d490e6..c9325946b4 100644 +--- a/pkg/cgroups/cpu.go ++++ b/pkg/cgroups/cpu.go +@@ -61,7 +61,7 @@ func (c *cpuHandler) Apply(ctr *CgroupControl, res *spec.LinuxResources) error { + // Create the cgroup + func (c *cpuHandler) Create(ctr *CgroupControl) (bool, error) { + if ctr.cgroup2 { +- return false, fmt.Errorf("cpu create not implemented for cgroup v2") ++ return false, nil + } + return ctr.createCgroupDirectory(CPU) + } +diff --git a/pkg/cgroups/cpuset.go b/pkg/cgroups/cpuset.go +index 9aef493c9f..25d2f7f769 100644 +--- a/pkg/cgroups/cpuset.go ++++ b/pkg/cgroups/cpuset.go +@@ -14,19 +14,23 @@ import ( + type cpusetHandler struct { + } + +-func cpusetCopyFileFromParent(dir, file string) ([]byte, error) { ++func cpusetCopyFileFromParent(dir, file string, cgroupv2 bool) ([]byte, error) { + if dir == cgroupRoot { + return nil, fmt.Errorf("could not find parent to initialize cpuset %s", file) + } + path := filepath.Join(dir, file) +- data, err := ioutil.ReadFile(path) ++ parentPath := path ++ if cgroupv2 { ++ parentPath = fmt.Sprintf("%s.effective", parentPath) ++ } ++ data, err := ioutil.ReadFile(parentPath) + if err != nil { + return nil, errors.Wrapf(err, "open %s", path) + } + if len(strings.Trim(string(data), "\n")) != 0 { + return data, nil + } +- data, err = cpusetCopyFileFromParent(filepath.Dir(dir), file) ++ data, err = cpusetCopyFileFromParent(filepath.Dir(dir), file, cgroupv2) + if err != nil { + return nil, err + } +@@ -36,9 +40,9 @@ func cpusetCopyFileFromParent(dir, file string) ([]byte, error) { + return data, nil + } + +-func cpusetCopyFromParent(path string) error { ++func cpusetCopyFromParent(path string, cgroupv2 bool) error { + for _, file := range []string{"cpuset.cpus", "cpuset.mems"} { +- if _, err := cpusetCopyFileFromParent(path, file); err != nil { ++ if _, err := cpusetCopyFileFromParent(path, file, cgroupv2); err != nil { + return err + } + } +@@ -60,14 +64,15 @@ func (c *cpusetHandler) Apply(ctr *CgroupControl, res *spec.LinuxResources) erro + // Create the cgroup + func (c *cpusetHandler) Create(ctr *CgroupControl) (bool, error) { + if ctr.cgroup2 { +- return false, fmt.Errorf("cpuset create not implemented for cgroup v2") ++ path := filepath.Join(cgroupRoot, ctr.path) ++ return true, cpusetCopyFromParent(path, true) + } + + created, err := ctr.createCgroupDirectory(CPUset) + if !created || err != nil { + return created, err + } +- return true, cpusetCopyFromParent(ctr.getCgroupv1Path(CPUset)) ++ return true, cpusetCopyFromParent(ctr.getCgroupv1Path(CPUset), false) + } + + // Destroy the cgroup +diff --git a/pkg/cgroups/memory.go b/pkg/cgroups/memory.go +index 0505eac409..80e88d17c4 100644 +--- a/pkg/cgroups/memory.go ++++ b/pkg/cgroups/memory.go +@@ -26,7 +26,7 @@ func (c *memHandler) Apply(ctr *CgroupControl, res *spec.LinuxResources) error { + // Create the cgroup + func (c *memHandler) Create(ctr *CgroupControl) (bool, error) { + if ctr.cgroup2 { +- return false, fmt.Errorf("memory create not implemented for cgroup v2") ++ return false, nil + } + return ctr.createCgroupDirectory(Memory) + } +diff --git a/pkg/cgroups/pids.go b/pkg/cgroups/pids.go +index c90dc1c020..ffbde100dd 100644 +--- a/pkg/cgroups/pids.go ++++ b/pkg/cgroups/pids.go +@@ -35,9 +35,6 @@ func (c *pidHandler) Apply(ctr *CgroupControl, res *spec.LinuxResources) error { + + // Create the cgroup + func (c *pidHandler) Create(ctr *CgroupControl) (bool, error) { +- if ctr.cgroup2 { +- return false, fmt.Errorf("pid create not implemented for cgroup v2") +- } + return ctr.createCgroupDirectory(Pids) + } + diff --git a/SOURCES/bz1728242-2.patch b/SOURCES/bz1728242-2.patch new file mode 100644 index 0000000..34eccfc --- /dev/null +++ b/SOURCES/bz1728242-2.patch @@ -0,0 +1,46 @@ +From b0c2bb996276a706585d1a3eebcaa0b687715b5a Mon Sep 17 00:00:00 2001 +From: Giuseppe Scrivano +Date: Tue, 9 Jul 2019 18:42:35 +0200 +Subject: [PATCH] cgroups: skip not existing cpuacct files + +if the cpuacct file doesn't exist, ignore it instead of erroring out. + +Closes: https://bugzilla.redhat.com/show_bug.cgi?id=1728242 + +Signed-off-by: Giuseppe Scrivano +--- + pkg/cgroups/cpu.go | 15 ++++++++++++--- + 1 file changed, 12 insertions(+), 3 deletions(-) + +diff --git a/pkg/cgroups/cpu.go b/pkg/cgroups/cpu.go +index c9325946b4..1c8610cc45 100644 +--- a/pkg/cgroups/cpu.go ++++ b/pkg/cgroups/cpu.go +@@ -98,15 +98,24 @@ func (c *cpuHandler) Stat(ctr *CgroupControl, m *Metrics) error { + } else { + usage.Total, err = readAcct(ctr, "cpuacct.usage") + if err != nil { +- return err ++ if !os.IsNotExist(errors.Cause(err)) { ++ return err ++ } ++ usage.Total = 0 + } + usage.Kernel, err = readAcct(ctr, "cpuacct.usage_sys") + if err != nil { +- return err ++ if !os.IsNotExist(errors.Cause(err)) { ++ return err ++ } ++ usage.Kernel = 0 + } + usage.PerCPU, err = readAcctList(ctr, "cpuacct.usage_percpu") + if err != nil { +- return err ++ if !os.IsNotExist(errors.Cause(err)) { ++ return err ++ } ++ usage.PerCPU = nil + } + } + m.CPU = CPUMetrics{Usage: usage} diff --git a/SPECS/podman.spec b/SPECS/podman.spec index c54d7f9..ee23745 100644 --- a/SPECS/podman.spec +++ b/SPECS/podman.spec @@ -9,35 +9,34 @@ %endif %define gobuild(o:) go build -buildmode pie -compiler gc -tags="rpm_crashtraceback ${BUILDTAGS:-}" -ldflags "${LDFLAGS:-} -B 0x$(head -c20 /dev/urandom|od -An -tx1|tr -d ' \\n') -extldflags '-Wl,-z,relro -Wl,-z,now -specs=/usr/lib/rpm/redhat/redhat-hardened-ld '" -a -v -x %{?**}; +%define gogenerate(o:) go generate %{?**}; %global provider github %global provider_tld com %global project containers %global repo libpod -# https://github.com/projectatomic/libpod -%global provider_prefix %{provider}.%{provider_tld}/%{project}/%{repo} -%global import_path %{provider_prefix} +# https://github.com/containers/libpod +%global import_path %{provider}.%{provider_tld}/%{project}/%{repo} %global git_podman https://%{provider}.%{provider_tld}/%{project}/%{repo} -%global commit 14fdcd0dedaec2fa89ccb58840e297ecb98cc617 +%global commit b3f10c8be229bcc58c1673b0431285fd5fce1293 %global shortcommit %(c=%{commit}; echo ${c:0:7}) -%global import_path_conmon github.com/kubernetes-sigs/cri-o +%global import_path_conmon github.com/containers/conmon %global git_conmon https://%{import_path_conmon} -%global commit_conmon 9b1f0a08285a7f74b21cc9b6bfd98a48905a7ba2 +%global commit_conmon 8455ce1ef385120deb827d0f0588c04357bad4c4 %global shortcommit_conmon %(c=%{commit_conmon}; echo ${c:0:7}) Name: podman -Version: 1.3.2 -Release: 1.git%{shortcommit}%{?dist} +Version: 1.4.4 +Release: 2%{?dist} Summary: Manage Pods, Containers and Container Images License: ASL 2.0 -URL: %{git_podman} +URL: https://%{name}.io Source0: %{git_podman}/archive/%{commit}/%{repo}-%{shortcommit}.tar.gz -Source1: %{git_conmon}/archive/%{commit_conmon}/cri-o-%{shortcommit_conmon}.tar.gz - -# e.g. el6 has ppc64 arch without gcc-go, so EA tag is required -#ExclusiveArch: %%{?go_arches:%%{go_arches}}%%{!?go_arches:%%{ix86} x86_64 aarch64 %%{arm}} -ExclusiveArch: aarch64 %{arm} ppc64le s390x x86_64 +Source1: %{git_conmon}/archive/%{commit_conmon}/conmon-%{shortcommit_conmon}.tar.gz +Patch0: bz1728242-1.patch +Patch1: bz1728242-2.patch +ExclusiveArch: aarch64 ppc64le s390x x86_64 # If go_compiler is not set to 1, there is no virtual provide. Use golang instead. %if 0%{?fedora} || 0%{?centos} BuildRequires: %{?go_compiler:compiler(go-compiler)}%{!?go_compiler:golang} @@ -65,11 +64,10 @@ Requires: runc Requires: skopeo-containers >= 0.1.29-3 # can't use default conmon right now, so we ship our own #Requires: conmon -Requires: containernetworking-plugins >= 0.7.0-101 +Requires: containernetworking-plugins >= 0.8.1-1 Requires: iptables Requires: atomic-registries >= 1.22.1-3 Requires: container-selinux - # vendored libraries # awk '{print "Provides: bundled(golang("$1")) = "$2}' vendor.conf | sort # [thanks to Carl George for containerd.spec] @@ -197,9 +195,8 @@ pages and %{name}. %prep %autosetup -Sgit -n %{repo}-%{commit} mv pkg/hooks/README.md pkg/hooks/README-hooks.md -sed -i '/bin\/podman-remote/d' Makefile -# untar cri-o +# untar conmon tar zxf %{SOURCE1} %build @@ -211,25 +208,17 @@ popd ln -s vendor src export GOPATH=$(pwd):$(pwd)/_build -export BUILDTAGS="selinux seccomp exclude_graphdriver_devicemapper $(hack/btrfs_installed_tag.sh) $(hack/btrfs_tag.sh) $(hack/libdm_tag.sh) containers_image_ostree_stub" -# no varlink in rhel7 -#%%gogenerate $(pwd)/cmd/%%{name}/varlink/... + +#%%gogenerate ./cmd/%%{name}/varlink/... + +export GO111MODULE=off +export BUILDTAGS="systemd selinux seccomp exclude_graphdriver_devicemapper $(hack/btrfs_installed_tag.sh) $(hack/btrfs_tag.sh) $(hack/libdm_tag.sh) containers_image_ostree_stub" %gobuild -o bin/%{name} %{import_path}/cmd/%{name} + make docs # build conmon -pushd cri-o-%{commit_conmon} -mkdir _output -pushd _output -mkdir -p src/%{provider}.%{provider_tld}/{kubernetes-sigs,opencontainers} -ln -s $(dirs +1 -l) src/%{import_path_conmon} -popd - -ln -s vendor src -export GOPATH=$(pwd)/_output:$(pwd) -export BUILDTAGS="selinux seccomp $(hack/btrfs_installed_tag.sh) $(hack/btrfs_tag.sh) containers_image_ostree_stub" -%gobuild -o bin/crio-config %{import_path_conmon}/cmd/crio-config -cd conmon && ../bin/crio-config +pushd conmon-%{commit_conmon} %{__make} all popd @@ -248,8 +237,9 @@ install -dp %{buildroot}%{_datadir}/containers install -p -m 644 %{repo}.conf %{buildroot}%{_datadir}/containers # install conmon -install -dp %{buildroot}%{_libexecdir}/%{name} -install -p -m 755 cri-o-%{commit_conmon}/bin/conmon %{buildroot}%{_libexecdir}/%{name} +pushd conmon-%{commit_conmon} +%{__make} LIBEXECDIR=%{buildroot}%{_libexecdir} install.%{name} +popd rm -rf %{buildroot}/src/github.com @@ -282,10 +272,11 @@ exit 0 %license LICENSE %doc README.md CONTRIBUTING.md pkg/hooks/README-hooks.md install.md code-of-conduct.md transfer.md %{_bindir}/%{name} -%{_mandir}/man1/%{name}*.1* -%{_mandir}/man5/*.5* %{_datadir}/bash-completion/completions/* %{_datadir}/zsh/site-functions/_%{name} +%{_mandir}/man1/%{name}*.1* +%{_mandir}/man5/*.5* +%dir %{_libexecdir}/%{name} %{_libexecdir}/%{name}/conmon %config(noreplace) %{_sysconfdir}/cni/net.d/87-%{name}-bridge.conflist %{_datadir}/containers/%{repo}.conf @@ -296,6 +287,26 @@ exit 0 %{_mandir}/man1/docker*.1* %changelog +* Tue Jul 23 2019 Lokesh Mandvekar - 1.4.4-2 +- Resolves: #1728242 + +* Thu Jul 04 2019 Lokesh Mandvekar - 1.4.4-1 +- bump to v1.4.4 + +* Thu Jun 27 2019 Lokesh Mandvekar - 1.4.3-1 +- bump to v1.4.3 + +* Tue Jun 25 2019 Lokesh Mandvekar - 1.4.1-1 +- bump to v1.4.1 +- bump conmon to v0.3.0 + +* Sat Jun 08 2019 Lokesh Mandvekar - 1.4.0-2 +- build only supported arches + +* Sat Jun 08 2019 Lokesh Mandvekar - 1.4.0-1 +- rebase to v1.4.0 +- use conmon v0.2.0 + * Wed May 29 2019 Lokesh Mandvekar - 1.3.2-1.git14fdcd0 - Resolves: #1714700 - bump to v1.3.2