Initial containerd sidecar implementation

tsuru · Jan 25, 2021 · 4de853a · 4de853a
1 parent 51d3cba
commit 4de853a
Show file tree

Hide file tree

Showing 13 changed files with 544 additions and 13 deletions.
diff --git a/.gitignore b/.gitignore
@@ -0,0 +1 @@
+deploy-agent
diff --git a/deploy.go b/deploy.go
@@ -70,11 +70,12 @@ func pushSidecar(ctx context.Context, sc sidecar.Sidecar, config Config, regConf
 		return nil
 	}
 	fmt.Fprintln(w, "---- Building application image ----")
-	imgID, err := sc.Commit(ctx, config.DestinationImages[0])
+	_, err := sc.Commit(ctx, config.DestinationImages[0])
 	if err != nil {
 		return fmt.Errorf("failed to commit main container: %v", err)
 	}
-	return sc.TagAndPush(ctx, imgID, config.DestinationImages, regConfig, w)
+	fmt.Fprintln(w, "---- Pushing application image ----")
+	return sc.TagAndPush(ctx, config.DestinationImages[0], config.DestinationImages, regConfig, w)
 }
 
 func inspect(ctx context.Context, sc sidecar.Sidecar, image string, filesystem Filesystem, w io.Writer, errW io.Writer) error {

diff --git a/filesystem.go b/filesystem.go
@@ -83,6 +83,9 @@ func (f *executorFS) CheckFile(name string) (bool, error) {
 		if strings.Contains(strings.ToLower(errOut), "no such") {
 			return false, nil
 		}
+		if strings.Contains(strings.ToLower(err.Error()), "no such file") {
+			return false, nil
+		}
 		return false, fmt.Errorf("error checking file %v: %v. Output: %v", name, err, errOut)
 	}
 	return true, nil

diff --git a/go.mod b/go.mod
@@ -8,8 +8,12 @@ require (
 	github.com/fsouza/go-dockerclient v1.7.0
 	github.com/ghodss/yaml v1.0.0
 	github.com/kelseyhightower/envconfig v1.3.0
+	github.com/opencontainers/image-spec v1.0.1
+	github.com/opencontainers/runtime-spec v1.0.3-0.20200728170252-4d89ac9fbff6
+	github.com/pkg/errors v0.9.1
 	github.com/tsuru/commandmocker v0.0.0-20160909010208-e1d28f4f616a // indirect
 	github.com/tsuru/tsuru v0.0.0-20171023121507-c91725578089
+	golang.org/x/sync v0.0.0-20201207232520-09787c993a3a
 	gopkg.in/check.v1 v1.0.0-20200227125254-8fa46927fb4f
 )
 

diff --git a/go.sum b/go.sum
@@ -339,8 +339,6 @@ github.com/fortytw2/leaktest v1.3.0/go.mod h1:jDsjWgpAGjm2CA7WthBh/CdZYEPF31XHqu
 github.com/fsnotify/fsnotify v1.4.7 h1:IXs+QLmnXW2CcXuY+8Mzv/fWEsPGWxqefPtCP5CnV9I=
 github.com/fsnotify/fsnotify v1.4.7/go.mod h1:jwhsz4b93w/PPRr/qN1Yymfu8t87LnFCMoQvtojpjFo=
 github.com/fsnotify/fsnotify v1.4.9/go.mod h1:znqG4EE+3YCdAaPaxE2ZRY/06pZUdp0tY4IgpuI1SZQ=
-github.com/fsouza/go-dockerclient v1.7.0 h1:Ie1/8pAnBHNyCbSIDnYKBdXUEobk4AeJhWZz7k6rWfc=
-github.com/fsouza/go-dockerclient v1.7.0/go.mod h1:Ny0LfP7OOsYu9nAi4339E4Ifor6nGBFO2M8lnd2nR+c=
 github.com/fullsailor/pkcs7 v0.0.0-20190404230743-d7302db945fa/go.mod h1:KnogPXtdwXqoenmZCw6S+25EAm2MkxbG0deNDu4cbSA=
 github.com/garyburd/redigo v0.0.0-20150301180006-535138d7bcd7/go.mod h1:NR3MbYisc3/PwhQ00EMzDiPmrwpPxAn5GI05/YaO1SY=
 github.com/ghodss/yaml v0.0.0-20150909031657-73d445a93680/go.mod h1:4dBDuWmgqj2HViK6kFavaiC9ZROes6MMH2rRYeMEF04=

diff --git a/integration_test.go b/integration_test.go
@@ -41,7 +41,7 @@ hooks:
     - ps
 `
 
-	executor := sc.Executor()
+	executor := sc.Executor(context.Background())
 
 	err = executor.Execute(exec.ExecuteOptions{
 		Cmd:    "/bin/sh",

diff --git a/internal/containerd/executor.go b/internal/containerd/executor.go
@@ -0,0 +1,99 @@
+package containerd
+
+import (
+	"context"
+	"crypto"
+	"crypto/rand"
+	"fmt"
+	"io"
+	"io/ioutil"
+
+	"github.com/containerd/containerd/cio"
+	"github.com/opencontainers/runtime-spec/specs-go"
+	"github.com/tsuru/tsuru/exec"
+)
+
+var _ exec.Executor = &containerdExecutor{}
+
+type containerdExecutor struct {
+	sidecar *containerdSidecar
+	ctx     context.Context
+}
+
+func (e *containerdExecutor) Execute(opts exec.ExecuteOptions) error {
+	return e.ExecuteAsUser(e.sidecar.user, opts)
+}
+
+func (e *containerdExecutor) IsRemote() bool {
+	return true
+}
+
+func (e *containerdExecutor) ExecuteAsUser(user string, opts exec.ExecuteOptions) error {
+	fullCmd := append([]string{opts.Cmd}, opts.Args...)
+
+	container, err := e.sidecar.client.LoadContainer(e.ctx, e.sidecar.primaryContainerID)
+	if err != nil {
+		return err
+	}
+	spec, err := container.Spec(e.ctx)
+	if err != nil {
+		return err
+	}
+	pspec := spec.Process
+	pspec.Args = fullCmd
+	if user != "" {
+		pspec.User = specs.User{
+			Username: user,
+		}
+	}
+	pspec.Env = append(pspec.Env, opts.Envs...)
+	if opts.Dir != "" {
+		pspec.Cwd = opts.Dir
+	}
+
+	task, err := container.Task(e.ctx, nil)
+	if err != nil {
+		return err
+	}
+
+	if opts.Stdout == nil {
+		opts.Stdout = ioutil.Discard
+	}
+	if opts.Stderr == nil {
+		opts.Stderr = ioutil.Discard
+	}
+	ioCreator := cio.NewCreator(cio.WithStreams(opts.Stdin, opts.Stdout, opts.Stderr))
+
+	execID := "exec-" + randID()
+	process, err := task.Exec(e.ctx, execID, pspec, ioCreator)
+	if err != nil {
+		return err
+	}
+	defer process.Delete(e.ctx)
+
+	statusCh, err := process.Wait(e.ctx)
+	if err != nil {
+		return err
+	}
+
+	err = process.Start(e.ctx)
+	if err != nil {
+		return err
+	}
+
+	select {
+	case status := <-statusCh:
+		if status.ExitCode() != 0 {
+			return fmt.Errorf("unexpected exit code %#+v while running %v", status.ExitCode(), fullCmd)
+		}
+	case <-e.ctx.Done():
+		return e.ctx.Err()
+	}
+	return nil
+}
+
+func randID() string {
+	h := crypto.SHA1.New()
+	io.CopyN(h, rand.Reader, 10)
+	return fmt.Sprintf("%x", h.Sum(nil))[:20]
+}
diff --git a/internal/containerd/push.go b/internal/containerd/push.go
@@ -0,0 +1,157 @@
+/*
+   Copyright The containerd Authors.
+   Licensed under the Apache License, Version 2.0 (the "License");
+   you may not use this file except in compliance with the License.
+   You may obtain a copy of the License at
+       http://www.apache.org/licenses/LICENSE-2.0
+   Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License.
+*/
+
+package containerd
+
+import (
+	"context"
+	"encoding/json"
+	"io"
+	"sync"
+	"time"
+
+	"github.com/containerd/containerd"
+	"github.com/containerd/containerd/images"
+	"github.com/containerd/containerd/remotes"
+	"github.com/containerd/containerd/remotes/docker"
+	ocispec "github.com/opencontainers/image-spec/specs-go/v1"
+	"golang.org/x/sync/errgroup"
+)
+
+// This file mostly contains unexported code copied from containerd/containerd.
+// Ref:
+// https://github.com/containerd/containerd/blob/a4f4a4311022e9dddeff5ad6d633847aaa32d4c4/cmd/ctr/commands/images/push.go
+// The copyright of this file belongs to containerd authors as stated on the
+// header above. The copied code is useful for displaying progress information
+// during image push operations.
+
+func pushWithProgress(ctx context.Context, client *containerd.Client, ref string, target ocispec.Descriptor, tracker docker.StatusTracker, resolver remotes.Resolver, w io.Writer) error {
+	ongoing := newPushJobs(tracker)
+
+	eg, ctx := errgroup.WithContext(ctx)
+
+	// used to notify the progress writer
+	doneCh := make(chan struct{})
+
+	eg.Go(func() error {
+		defer close(doneCh)
+
+		jobHandler := images.HandlerFunc(func(ctx context.Context, desc ocispec.Descriptor) ([]ocispec.Descriptor, error) {
+			ongoing.add(remotes.MakeRefKey(ctx, desc))
+			return nil, nil
+		})
+
+		return client.Push(ctx, ref, target,
+			containerd.WithResolver(resolver),
+			containerd.WithImageHandler(jobHandler),
+		)
+	})
+
+	eg.Go(func() error {
+		var (
+			ticker = time.NewTicker(100 * time.Millisecond)
+			fw     = json.NewEncoder(w)
+			done   bool
+		)
+
+		defer ticker.Stop()
+
+		for {
+			select {
+			case <-ticker.C:
+				for _, st := range ongoing.status() {
+					fw.Encode(st)
+				}
+
+				if done {
+					return nil
+				}
+			case <-doneCh:
+				done = true
+			case <-ctx.Done():
+				done = true // allow ui to update once more
+			}
+		}
+	})
+
+	return eg.Wait()
+}
+
+type pushjobs struct {
+	jobs    map[string]struct{}
+	ordered []string
+	tracker docker.StatusTracker
+	mu      sync.Mutex
+}
+
+func newPushJobs(tracker docker.StatusTracker) *pushjobs {
+	return &pushjobs{
+		jobs:    make(map[string]struct{}),
+		tracker: tracker,
+	}
+}
+
+func (j *pushjobs) add(ref string) {
+	j.mu.Lock()
+	defer j.mu.Unlock()
+
+	if _, ok := j.jobs[ref]; ok {
+		return
+	}
+	j.ordered = append(j.ordered, ref)
+	j.jobs[ref] = struct{}{}
+}
+
+type progressDetail struct {
+	Current int64 `json:"current"`
+	Total   int64 `json:"total"`
+}
+
+type imageProgess struct {
+	Status         string         `json:"status"`
+	ProgressDetail progressDetail `json:"progressDetail"`
+	Progress       string         `json:"progress"`
+	ID             string         `json:"id"`
+}
+
+func (j *pushjobs) status() []imageProgess {
+	j.mu.Lock()
+	defer j.mu.Unlock()
+
+	statuses := make([]imageProgess, 0, len(j.jobs))
+	for _, name := range j.ordered {
+		si := imageProgess{
+			ID: name,
+		}
+
+		status, err := j.tracker.GetStatus(name)
+		if err != nil {
+			si.Status = "waiting"
+		} else {
+			si.ProgressDetail.Total = status.Total
+			si.ProgressDetail.Current = status.Offset
+			if status.Offset >= status.Total {
+				if status.UploadUUID == "" {
+					si.Status = "done"
+				} else {
+					si.Status = "committing"
+				}
+			} else {
+				si.Status = "uploading"
+			}
+		}
+		statuses = append(statuses, si)
+	}
+
+	return statuses
+}