opensource/podman
1
0
Fork 0
mirror of https://github.com/containers/podman.git synced 2025-05-21 17:16:22 +08:00
Code Issues Packages Projects Releases Wiki Activity

Add ContainerStateRemoving

Browse Source 
When Libpod removes a container, there is the possibility that
removal will not fully succeed. The most notable problems are
storage issues, where the container cannot be removed from
c/storage.

When this occurs, we were faced with a choice. We can keep the
container in the state, appearing in `podman ps` and available for
other API operations, but likely unable to do any of them as it's
been partially removed. Or we can remove it very early and clean
up after it's already gone. We have, until now, used the second
approach.

The problem that arises is intermittent problems removing
storage. We end up removing a container, failing to remove its
storage, and ending up with a container permanently stuck in
c/storage that we can't remove with the normal Podman CLI, can't
use the name of, and generally can't interact with. A notable
cause is when Podman is hit by a SIGKILL midway through removal,
which can consistently cause `podman rm` to fail to remove
storage.

We now add a new state for containers that are in the process of
being removed, ContainerStateRemoving. We set this at the
beginning of the removal process. It notifies Podman that the
container cannot be used anymore, but preserves it in the DB
until it is fully removed. This will allow Remove to be run on
these containers again, which should successfully remove storage
if it fails.

Fixes #3906

Signed-off-by: Matthew Heon <mheon@redhat.com>
This commit is contained in:
Matthew Heon
2019-11-11 09:52:13 -05:00
parent f3f219a67c
commit 25cc43c376
8 changed files with 105 additions and 95 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
cmd/podman/shared/container.go
View File

@ -195,6 +195,8 @@ func NewBatchContainer(ctr *libpod.Container, opts PsOptions) (PsContainerOutput
status = "Paused" status = "Paused"
case define.ContainerStateCreated.String(), define.ContainerStateConfigured.String(): case define.ContainerStateCreated.String(), define.ContainerStateConfigured.String():
status = "Created" status = "Created"
case define.ContainerStateRemoving.String():
status = "Removing"
default: default:
status = "Error" status = "Error"
} }

17
libpod/container_api.go
View File

@ -404,6 +404,11 @@ func (c *Container) Mount() (string, error) {
return "", err return "", err
} }
} }
if c.state.State == define.ContainerStateRemoving {
return "", errors.Wrapf(define.ErrCtrStateInvalid, "cannot mount container %s as it is being removed", c.ID())
}
defer c.newContainerEvent(events.Mount) defer c.newContainerEvent(events.Mount)
return c.mount() return c.mount()
} }
@ -488,7 +493,12 @@ func (c *Container) Export(path string) error {
return err return err
} }
} }
defer c.newContainerEvent(events.Export)
if c.state.State == define.ContainerStateRemoving {
return errors.Wrapf(define.ErrCtrStateInvalid, "cannot mount container %s as it is being removed", c.ID())
}
defer c.newContainerEvent(events.Mount)
return c.export(path) return c.export(path)
} }
@ -674,6 +684,10 @@ func (c *Container) Refresh(ctx context.Context) error {
} }
} }
if c.state.State == define.ContainerStateRemoving {
return errors.Wrapf(define.ErrCtrStateInvalid, "cannot refresh containers that are being removed")
}
wasCreated := false wasCreated := false
if c.state.State == define.ContainerStateCreated { if c.state.State == define.ContainerStateCreated {
wasCreated = true wasCreated = true
@ -819,7 +833,6 @@ func (c *Container) Checkpoint(ctx context.Context, options ContainerCheckpointO
return err return err
} }
} }
defer c.newContainerEvent(events.Checkpoint)
return c.checkpoint(ctx, options) return c.checkpoint(ctx, options)
} }

5
libpod/container_internal.go
View File

@ -719,7 +719,8 @@ func (c *Container) isStopped() (bool, error) {
if err != nil { if err != nil {
return true, err return true, err
} }
return c.state.State != define.ContainerStateRunning && c.state.State != define.ContainerStatePaused, nil
return !c.ensureState(define.ContainerStateRunning, define.ContainerStatePaused), nil
} }
// save container state to the database // save container state to the database
@ -1057,6 +1058,8 @@ func (c *Container) initAndStart(ctx context.Context) (err error) {
// If we are ContainerStateUnknown, throw an error // If we are ContainerStateUnknown, throw an error
if c.state.State == define.ContainerStateUnknown { if c.state.State == define.ContainerStateUnknown {
return errors.Wrapf(define.ErrCtrStateInvalid, "container %s is in an unknown state", c.ID()) return errors.Wrapf(define.ErrCtrStateInvalid, "container %s is in an unknown state", c.ID())
} else if c.state.State == define.ContainerStateRemoving {
return errors.Wrapf(define.ErrCtrStateInvalid, "cannot start container %s as it is being removed", c.ID())
} }
// If we are running, do nothing // If we are running, do nothing

5
libpod/container_internal_linux.go
View File

@ -21,6 +21,7 @@ import (
"github.com/containernetworking/plugins/pkg/ns" "github.com/containernetworking/plugins/pkg/ns"
"github.com/containers/buildah/pkg/secrets" "github.com/containers/buildah/pkg/secrets"
"github.com/containers/libpod/libpod/define" "github.com/containers/libpod/libpod/define"
"github.com/containers/libpod/libpod/events"
"github.com/containers/libpod/pkg/annotations" "github.com/containers/libpod/pkg/annotations"
"github.com/containers/libpod/pkg/apparmor" "github.com/containers/libpod/pkg/apparmor"
"github.com/containers/libpod/pkg/cgroups" "github.com/containers/libpod/pkg/cgroups"
@ -695,6 +696,8 @@ func (c *Container) checkpoint(ctx context.Context, options ContainerCheckpointO
return err return err
} }
defer c.newContainerEvent(events.Checkpoint)
if options.TargetFile != "" { if options.TargetFile != "" {
if err = c.exportCheckpoint(options.TargetFile, options.IgnoreRootfs); err != nil { if err = c.exportCheckpoint(options.TargetFile, options.IgnoreRootfs); err != nil {
return err return err
@ -766,7 +769,7 @@ func (c *Container) restore(ctx context.Context, options ContainerCheckpointOpti
return err return err
} }
if (c.state.State != define.ContainerStateConfigured) && (c.state.State != define.ContainerStateExited) { if !c.ensureState(define.ContainerStateConfigured, define.ContainerStateExited) {
return errors.Wrapf(define.ErrCtrStateInvalid, "container %s is running or paused, cannot restore", c.ID()) return errors.Wrapf(define.ErrCtrStateInvalid, "container %s is running or paused, cannot restore", c.ID())
} }

7
libpod/define/containerstate.go
View File

@ -25,6 +25,9 @@ const (
// ContainerStateExited indicates the the container has stopped and been // ContainerStateExited indicates the the container has stopped and been
// cleaned up // cleaned up
ContainerStateExited ContainerStatus = iota ContainerStateExited ContainerStatus = iota
// ContainerStateRemoving indicates the container is in the process of
// being removed.
ContainerStateRemoving ContainerStatus = iota
) )
// ContainerStatus returns a string representation for users // ContainerStatus returns a string representation for users
@ -45,6 +48,8 @@ func (t ContainerStatus) String() string {
return "paused" return "paused"
case ContainerStateExited: case ContainerStateExited:
return "exited" return "exited"
case ContainerStateRemoving:
return "removing"
} }
return "bad state" return "bad state"
} }
@ -67,6 +72,8 @@ func StringToContainerStatus(status string) (ContainerStatus, error) {
return ContainerStatePaused, nil return ContainerStatePaused, nil
case ContainerStateExited.String(): case ContainerStateExited.String():
return ContainerStateExited, nil return ContainerStateExited, nil
case ContainerStateRemoving.String():
return ContainerStateRemoving, nil
default: default:
return ContainerStateUnknown, errors.Wrapf(ErrInvalidArg, "unknown container state: %s", status) return ContainerStateUnknown, errors.Wrapf(ErrInvalidArg, "unknown container state: %s", status)
} }

84
libpod/options.go
View File

@ -768,16 +768,8 @@ func WithIPCNSFrom(nsCtr *Container) CtrCreateOption {
return define.ErrCtrFinalized return define.ErrCtrFinalized
} }
if !nsCtr.valid { if err := checkDependencyContainer(nsCtr, ctr); err != nil {
return define.ErrCtrRemoved return err
}
if nsCtr.ID() == ctr.ID() {
return errors.Wrapf(define.ErrInvalidArg, "must specify another container")
}
if ctr.config.Pod != "" && nsCtr.config.Pod != ctr.config.Pod {
return errors.Wrapf(define.ErrInvalidArg, "container has joined pod %s and dependency container %s is not a member of the pod", ctr.config.Pod, nsCtr.ID())
} }
ctr.config.IPCNsCtr = nsCtr.ID() ctr.config.IPCNsCtr = nsCtr.ID()
@ -796,16 +788,8 @@ func WithMountNSFrom(nsCtr *Container) CtrCreateOption {
return define.ErrCtrFinalized return define.ErrCtrFinalized
} }
if !nsCtr.valid { if err := checkDependencyContainer(nsCtr, ctr); err != nil {
return define.ErrCtrRemoved return err
}
if nsCtr.ID() == ctr.ID() {
return errors.Wrapf(define.ErrInvalidArg, "must specify another container")
}
if ctr.config.Pod != "" && nsCtr.config.Pod != ctr.config.Pod {
return errors.Wrapf(define.ErrInvalidArg, "container has joined pod %s and dependency container %s is not a member of the pod", ctr.config.Pod, nsCtr.ID())
} }
ctr.config.MountNsCtr = nsCtr.ID() ctr.config.MountNsCtr = nsCtr.ID()
@ -824,22 +808,14 @@ func WithNetNSFrom(nsCtr *Container) CtrCreateOption {
return define.ErrCtrFinalized return define.ErrCtrFinalized
} }
if !nsCtr.valid { if err := checkDependencyContainer(nsCtr, ctr); err != nil {
return define.ErrCtrRemoved return err
}
if nsCtr.ID() == ctr.ID() {
return errors.Wrapf(define.ErrInvalidArg, "must specify another container")
} }
if ctr.config.CreateNetNS { if ctr.config.CreateNetNS {
return errors.Wrapf(define.ErrInvalidArg, "cannot join another container's net ns as we are making a new net ns") return errors.Wrapf(define.ErrInvalidArg, "cannot join another container's net ns as we are making a new net ns")
} }
if ctr.config.Pod != "" && nsCtr.config.Pod != ctr.config.Pod {
return errors.Wrapf(define.ErrInvalidArg, "container has joined pod %s and dependency container %s is not a member of the pod", ctr.config.Pod, nsCtr.ID())
}
ctr.config.NetNsCtr = nsCtr.ID() ctr.config.NetNsCtr = nsCtr.ID()
return nil return nil
@ -856,16 +832,8 @@ func WithPIDNSFrom(nsCtr *Container) CtrCreateOption {
return define.ErrCtrFinalized return define.ErrCtrFinalized
} }
if !nsCtr.valid { if err := checkDependencyContainer(nsCtr, ctr); err != nil {
return define.ErrCtrRemoved return err
}
if nsCtr.ID() == ctr.ID() {
return errors.Wrapf(define.ErrInvalidArg, "must specify another container")
}
if ctr.config.Pod != "" && nsCtr.config.Pod != ctr.config.Pod {
return errors.Wrapf(define.ErrInvalidArg, "container has joined pod %s and dependency container %s is not a member of the pod", ctr.config.Pod, nsCtr.ID())
} }
if ctr.config.NoCgroups { if ctr.config.NoCgroups {
@ -888,16 +856,8 @@ func WithUserNSFrom(nsCtr *Container) CtrCreateOption {
return define.ErrCtrFinalized return define.ErrCtrFinalized
} }
if !nsCtr.valid { if err := checkDependencyContainer(nsCtr, ctr); err != nil {
return define.ErrCtrRemoved return err
}
if nsCtr.ID() == ctr.ID() {
return errors.Wrapf(define.ErrInvalidArg, "must specify another container")
}
if ctr.config.Pod != "" && nsCtr.config.Pod != ctr.config.Pod {
return errors.Wrapf(define.ErrInvalidArg, "container has joined pod %s and dependency container %s is not a member of the pod", ctr.config.Pod, nsCtr.ID())
} }
ctr.config.UserNsCtr = nsCtr.ID() ctr.config.UserNsCtr = nsCtr.ID()
@ -917,16 +877,8 @@ func WithUTSNSFrom(nsCtr *Container) CtrCreateOption {
return define.ErrCtrFinalized return define.ErrCtrFinalized
} }
if !nsCtr.valid { if err := checkDependencyContainer(nsCtr, ctr); err != nil {
return define.ErrCtrRemoved return err
}
if nsCtr.ID() == ctr.ID() {
return errors.Wrapf(define.ErrInvalidArg, "must specify another container")
}
if ctr.config.Pod != "" && nsCtr.config.Pod != ctr.config.Pod {
return errors.Wrapf(define.ErrInvalidArg, "container has joined pod %s and dependency container %s is not a member of the pod", ctr.config.Pod, nsCtr.ID())
} }
ctr.config.UTSNsCtr = nsCtr.ID() ctr.config.UTSNsCtr = nsCtr.ID()
@ -945,16 +897,8 @@ func WithCgroupNSFrom(nsCtr *Container) CtrCreateOption {
return define.ErrCtrFinalized return define.ErrCtrFinalized
} }
if !nsCtr.valid { if err := checkDependencyContainer(nsCtr, ctr); err != nil {
return define.ErrCtrRemoved return err
}
if nsCtr.ID() == ctr.ID() {
return errors.Wrapf(define.ErrInvalidArg, "must specify another container")
}
if ctr.config.Pod != "" && nsCtr.config.Pod != ctr.config.Pod {
return errors.Wrapf(define.ErrInvalidArg, "container has joined pod %s and dependency container %s is not a member of the pod", ctr.config.Pod, nsCtr.ID())
} }
ctr.config.CgroupNsCtr = nsCtr.ID() ctr.config.CgroupNsCtr = nsCtr.ID()

53
libpod/runtime_ctr.go
View File

@ -489,32 +489,19 @@ func (r *Runtime) removeContainer(ctx context.Context, c *Container, force bool,
} }
} }
var cleanupErr error // Set ContainerStateRemoving and remove exec sessions
// Remove the container from the state c.state.State = define.ContainerStateRemoving
if c.config.Pod != "" { c.state.ExecSessions = nil
// If we're removing the pod, the container will be evicted
// from the state elsewhere if err := c.save(); err != nil {
if !removePod { return errors.Wrapf(err, "unable to set container %s removing state in database", c.ID())
if err := r.state.RemoveContainerFromPod(pod, c); err != nil {
cleanupErr = err
}
}
} else {
if err := r.state.RemoveContainer(c); err != nil {
cleanupErr = err
}
} }
// Set container as invalid so it can no longer be used var cleanupErr error
c.valid = false
// Clean up network namespace, cgroups, mounts // Clean up network namespace, cgroups, mounts
if err := c.cleanup(ctx); err != nil { if err := c.cleanup(ctx); err != nil {
if cleanupErr == nil {
cleanupErr = errors.Wrapf(err, "error cleaning up container %s", c.ID()) cleanupErr = errors.Wrapf(err, "error cleaning up container %s", c.ID())
} else {
logrus.Errorf("cleanup network, cgroups, mounts: %v", err)
}
} }
// Stop the container's storage // Stop the container's storage
@ -540,6 +527,29 @@ func (r *Runtime) removeContainer(ctx context.Context, c *Container, force bool,
} }
} }
// Remove the container from the state
if c.config.Pod != "" {
// If we're removing the pod, the container will be evicted
// from the state elsewhere
if !removePod {
if err := r.state.RemoveContainerFromPod(pod, c); err != nil {
if cleanupErr == nil {
cleanupErr = err
} else {
logrus.Errorf("Error removing container %s from database: %v", c.ID(), err)
}
}
}
} else {
if err := r.state.RemoveContainer(c); err != nil {
if cleanupErr == nil {
cleanupErr = err
} else {
logrus.Errorf("Error removing container %s from database: %v", c.ID(), err)
}
}
}
// Deallocate the container's lock // Deallocate the container's lock
if err := c.lock.Free(); err != nil { if err := c.lock.Free(); err != nil {
if cleanupErr == nil { if cleanupErr == nil {
@ -549,6 +559,9 @@ func (r *Runtime) removeContainer(ctx context.Context, c *Container, force bool,
} }
} }
// Set container as invalid so it can no longer be used
c.valid = false
c.newContainerEvent(events.Remove) c.newContainerEvent(events.Remove)
if !removeVolume { if !removeVolume {

25
libpod/util.go
View File

@ -206,3 +206,28 @@ func DefaultSeccompPath() (string, error) {
} }
return config.SeccompDefaultPath, nil return config.SeccompDefaultPath, nil
} }
// CheckDependencyContainer verifies the given container can be used as a
// dependency of another container.
// Both the dependency to check and the container that will be using the
// dependency must be passed in.
// It is assumed that ctr is locked, and depCtr is unlocked.
func checkDependencyContainer(depCtr, ctr *Container) error {
state, err := depCtr.State()
if err != nil {
return errors.Wrapf(err, "error accessing dependency container %s state", depCtr.ID())
}
if state == define.ContainerStateRemoving {
return errors.Wrapf(define.ErrCtrStateInvalid, "cannot use container %s as a dependency as it is being removed", depCtr.ID())
}
if depCtr.ID() == ctr.ID() {
return errors.Wrapf(define.ErrInvalidArg, "must specify another container")
}
if ctr.config.Pod != "" && depCtr.PodID() != ctr.config.Pod {
return errors.Wrapf(define.ErrInvalidArg, "container has joined pod %s and dependency container %s is not a member of the pod", ctr.config.Pod, depCtr.ID())
}
return nil
}