diff --git a/VERSION b/VERSION index 437459cd94..73462a5a13 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -2.5.0 +2.5.1 diff --git a/src/agent/src/rpc.rs b/src/agent/src/rpc.rs index 3004be5c0e..f8085bb986 100644 --- a/src/agent/src/rpc.rs +++ b/src/agent/src/rpc.rs @@ -249,7 +249,20 @@ impl AgentService { info!(sl!(), "no process configurations!"); return Err(anyhow!(nix::Error::EINVAL)); }; - ctr.start(p).await?; + + // if starting container failed, we will do some rollback work + // to ensure no resources are leaked. + if let Err(err) = ctr.start(p).await { + error!(sl!(), "failed to start container: {:?}", err); + if let Err(e) = ctr.destroy().await { + error!(sl!(), "failed to destroy container: {:?}", e); + } + if let Err(e) = remove_container_resources(&mut s, &cid) { + error!(sl!(), "failed to remove container resources: {:?}", e); + } + return Err(err); + } + s.update_shared_pidns(&ctr)?; s.add_container(ctr); info!(sl!(), "created container!"); @@ -295,27 +308,6 @@ impl AgentService { req: protocols::agent::RemoveContainerRequest, ) -> Result<()> { let cid = req.container_id.clone(); - let mut cmounts: Vec = vec![]; - - let mut remove_container_resources = |sandbox: &mut Sandbox| -> Result<()> { - // Find the sandbox storage used by this container - let mounts = sandbox.container_mounts.get(&cid); - if let Some(mounts) = mounts { - for m in mounts.iter() { - if sandbox.storages.get(m).is_some() { - cmounts.push(m.to_string()); - } - } - } - - for m in cmounts.iter() { - sandbox.unset_and_remove_sandbox_storage(m)?; - } - - sandbox.container_mounts.remove(cid.as_str()); - sandbox.containers.remove(cid.as_str()); - Ok(()) - }; if req.timeout == 0 { let s = Arc::clone(&self.sandbox); @@ -329,7 +321,7 @@ impl AgentService { .destroy() .await?; - remove_container_resources(&mut sandbox)?; + remove_container_resources(&mut sandbox, &cid)?; return Ok(()); } @@ -361,8 +353,7 @@ impl AgentService { let s = self.sandbox.clone(); let mut sandbox = s.lock().await; - - remove_container_resources(&mut sandbox)?; + remove_container_resources(&mut sandbox, &cid)?; Ok(()) } @@ -1752,6 +1743,35 @@ fn update_container_namespaces( Ok(()) } +fn remove_container_resources(sandbox: &mut Sandbox, cid: &str) -> Result<()> { + let mut cmounts: Vec = vec![]; + + // Find the sandbox storage used by this container + let mounts = sandbox.container_mounts.get(cid); + if let Some(mounts) = mounts { + for m in mounts.iter() { + if sandbox.storages.get(m).is_some() { + cmounts.push(m.to_string()); + } + } + } + + for m in cmounts.iter() { + if let Err(err) = sandbox.unset_and_remove_sandbox_storage(m) { + error!( + sl!(), + "failed to unset_and_remove_sandbox_storage for container {}, error: {:?}", + cid, + err + ); + } + } + + sandbox.container_mounts.remove(cid); + sandbox.containers.remove(cid); + Ok(()) +} + fn append_guest_hooks(s: &Sandbox, oci: &mut Spec) -> Result<()> { if let Some(ref guest_hooks) = s.hooks { let mut hooks = oci.hooks.take().unwrap_or_default(); diff --git a/src/runtime/pkg/containerd-shim-v2/create.go b/src/runtime/pkg/containerd-shim-v2/create.go index 6b14a94c7a..65113ac1bd 100644 --- a/src/runtime/pkg/containerd-shim-v2/create.go +++ b/src/runtime/pkg/containerd-shim-v2/create.go @@ -97,9 +97,10 @@ func create(ctx context.Context, s *service, r *taskAPI.CreateTaskRequest) (*con } // create root span + // rootSpan will be ended when the entire trace is ended rootSpan, newCtx := katatrace.Trace(s.ctx, shimLog, "rootSpan", shimTracingTags) s.rootCtx = newCtx - defer rootSpan.End() + s.rootSpan = rootSpan // create span span, newCtx := katatrace.Trace(s.rootCtx, shimLog, "create", shimTracingTags) diff --git a/src/runtime/pkg/containerd-shim-v2/service.go b/src/runtime/pkg/containerd-shim-v2/service.go index 9e703c9e21..b9e8460fb1 100644 --- a/src/runtime/pkg/containerd-shim-v2/service.go +++ b/src/runtime/pkg/containerd-shim-v2/service.go @@ -28,6 +28,7 @@ import ( "github.com/opencontainers/runtime-spec/specs-go" "github.com/pkg/errors" "github.com/sirupsen/logrus" + otelTrace "go.opentelemetry.io/otel/trace" "golang.org/x/sys/unix" "github.com/kata-containers/kata-containers/src/runtime/pkg/katautils" @@ -122,8 +123,9 @@ type exit struct { type service struct { sandbox vc.VCSandbox - ctx context.Context - rootCtx context.Context // root context for tracing + ctx context.Context + rootCtx context.Context // root context for tracing + rootSpan otelTrace.Span containers map[string]*container @@ -946,6 +948,7 @@ func (s *service) Shutdown(ctx context.Context, r *taskAPI.ShutdownRequest) (_ * s.mu.Unlock() span.End() + s.rootSpan.End() katatrace.StopTracing(s.rootCtx) return empty, nil diff --git a/tools/packaging/kata-deploy/kata-cleanup/base/kata-cleanup.yaml b/tools/packaging/kata-deploy/kata-cleanup/base/kata-cleanup.yaml index 96b01c0148..69f042bef3 100644 --- a/tools/packaging/kata-deploy/kata-cleanup/base/kata-cleanup.yaml +++ b/tools/packaging/kata-deploy/kata-cleanup/base/kata-cleanup.yaml @@ -18,7 +18,7 @@ spec: katacontainers.io/kata-runtime: cleanup containers: - name: kube-kata-cleanup - image: quay.io/kata-containers/kata-deploy:2.5.0 + image: quay.io/kata-containers/kata-deploy:2.5.1 imagePullPolicy: Always command: [ "bash", "-c", "/opt/kata-artifacts/scripts/kata-deploy.sh reset" ] env: diff --git a/tools/packaging/kata-deploy/kata-deploy/base/kata-deploy.yaml b/tools/packaging/kata-deploy/kata-deploy/base/kata-deploy.yaml index f1ca83d1a7..d629d1d676 100644 --- a/tools/packaging/kata-deploy/kata-deploy/base/kata-deploy.yaml +++ b/tools/packaging/kata-deploy/kata-deploy/base/kata-deploy.yaml @@ -16,7 +16,7 @@ spec: serviceAccountName: kata-label-node containers: - name: kube-kata - image: quay.io/kata-containers/kata-deploy:2.5.0 + image: quay.io/kata-containers/kata-deploy:2.5.1 imagePullPolicy: Always lifecycle: preStop: diff --git a/tools/packaging/kernel/configs/fragments/common/cgroup.conf b/tools/packaging/kernel/configs/fragments/common/cgroup.conf index 429983a5f8..1976f440d2 100644 --- a/tools/packaging/kernel/configs/fragments/common/cgroup.conf +++ b/tools/packaging/kernel/configs/fragments/common/cgroup.conf @@ -12,6 +12,7 @@ CONFIG_CGROUP_FREEZER=y CONFIG_CPUSETS=y CONFIG_CGROUP_DEVICE=y CONFIG_CGROUP_CPUACCT=y +CONFIG_CGROUP_HUGETLB=y CONFIG_CGROUP_PERF=y CONFIG_SOCK_CGROUP_DATA=y diff --git a/tools/packaging/kernel/kata_config_version b/tools/packaging/kernel/kata_config_version index 49541f7210..5595fa46c0 100644 --- a/tools/packaging/kernel/kata_config_version +++ b/tools/packaging/kernel/kata_config_version @@ -1 +1 @@ -94 +95