mirror of
https://github.com/containers/podman.git
synced 2025-05-23 01:57:56 +08:00
99e642d940
For example:
$ cat /etc/containers/oci/hooks.d/test.json
{
"version": "1.0.0",
"hook": {
"path": "/bin/sh",
"args": ["sh", "-c", "echo 'oh, noes!' >&2; exit 1"]
},
"when": {
"always": true
},
"stages": ["precreate"]
}
$ podman run --rm docker.io/library/alpine echo 'successful container'
error setting up OCI Hooks: executing [sh -c echo 'oh, noes!' >&2; exit 1]: exit status 1
The rendered command isn't in in the right syntax for copy/pasting
into a shell, but it should be enough for the user to be able to
locate the failing hook. They'll need to know their hook directories,
but with the previous commits requiring explicit hook directories it's
more likely that the caller is aware of them. And if they run at a
debug level, they can see the lookups in the logs:
$ podman --log-level=debug --hooks-dir=/etc/containers/oci/hooks.d run --rm docker.io/library/alpine echo 'successful container' 2>&1 | grep -i hook
time="2018-12-02T22:15:16-08:00" level=debug msg="reading hooks from /etc/containers/oci/hooks.d"
time="2018-12-02T22:15:16-08:00" level=debug msg="added hook /etc/containers/oci/hooks.d/test.json"
time="2018-12-02T22:15:16-08:00" level=debug msg="hook test.json matched; adding to stages [precreate]"
time="2018-12-02T22:15:16-08:00" level=warning msg="container 3695c6ba0cc961918bd3e4a769c52bd08b82afea5cd79e9749e9c7a63b5e7100: precreate hook: executing [sh -c echo 'oh, noes!' >&2; exit 1]: exit status 1"
time="2018-12-02T22:15:16-08:00" level=error msg="error setting up OCI Hooks: executing [sh -c echo 'oh, noes!' >&2; exit 1]: exit status 1"
Signed-off-by: W. Trevor King <wking@tremily.us>
68 lines
1.5 KiB
Go
68 lines
1.5 KiB
Go
// Package exec provides utilities for executing Open Container Initative runtime hooks.
|
|
package exec
|
|
|
|
import (
|
|
"bytes"
|
|
"context"
|
|
"fmt"
|
|
"io"
|
|
osexec "os/exec"
|
|
"time"
|
|
|
|
rspec "github.com/opencontainers/runtime-spec/specs-go"
|
|
"github.com/pkg/errors"
|
|
)
|
|
|
|
// DefaultPostKillTimeout is the recommended default post-kill timeout.
|
|
const DefaultPostKillTimeout = time.Duration(10) * time.Second
|
|
|
|
// Run executes the hook and waits for it to complete or for the
|
|
// context or hook-specified timeout to expire.
|
|
func Run(ctx context.Context, hook *rspec.Hook, state []byte, stdout io.Writer, stderr io.Writer, postKillTimeout time.Duration) (hookErr, err error) {
|
|
cmd := osexec.Cmd{
|
|
Path: hook.Path,
|
|
Args: hook.Args,
|
|
Env: hook.Env,
|
|
Stdin: bytes.NewReader(state),
|
|
Stdout: stdout,
|
|
Stderr: stderr,
|
|
}
|
|
if cmd.Env == nil {
|
|
cmd.Env = []string{}
|
|
}
|
|
|
|
if hook.Timeout != nil {
|
|
var cancel context.CancelFunc
|
|
ctx, cancel = context.WithTimeout(ctx, time.Duration(*hook.Timeout)*time.Second)
|
|
defer cancel()
|
|
}
|
|
|
|
err = cmd.Start()
|
|
if err != nil {
|
|
return err, err
|
|
}
|
|
exit := make(chan error, 1)
|
|
go func() {
|
|
err := cmd.Wait()
|
|
if err != nil {
|
|
err = errors.Wrapf(err, "executing %v", cmd.Args)
|
|
}
|
|
exit <- err
|
|
}()
|
|
|
|
select {
|
|
case err = <-exit:
|
|
return err, err
|
|
case <-ctx.Done():
|
|
cmd.Process.Kill()
|
|
timer := time.NewTimer(postKillTimeout)
|
|
defer timer.Stop()
|
|
select {
|
|
case <-timer.C:
|
|
err = fmt.Errorf("failed to reap process within %s of the kill signal", postKillTimeout)
|
|
case err = <-exit:
|
|
}
|
|
return err, ctx.Err()
|
|
}
|
|
}
|