Merge pull request #5379 from bergwolf/3.0.0-branch-bump

# Kata Containers 3.0.0

VERSION

@@ -1 +1 @@
-3.0.0-rc1
+3.0.0

src/agent/Cargo.lock

@@ -1507,7 +1507,7 @@ dependencies = [
  "lazy_static",
  "libc",
  "libseccomp",
- "nix 0.23.1",
+ "nix 0.24.2",
  "oci",
  "path-absolutize",
  "protobuf",

src/agent/rustjail/Cargo.toml

@@ -12,7 +12,7 @@ serde_derive = "1.0.91"
 oci = { path = "../../libs/oci" }
 protocols = { path ="../../libs/protocols" }
 caps = "0.5.0"
-nix = "0.23.0"
+nix = "0.24.2"
 scopeguard = "1.0.0"
 capctl = "0.2.0"
 lazy_static = "1.3.0"

src/agent/rustjail/src/console.rs

@@ -6,8 +6,9 @@
 use anyhow::{anyhow, Result};
 use nix::errno::Errno;
 use nix::pty;
-use nix::sys::{socket, uio};
+use nix::sys::socket;
 use nix::unistd::{self, dup2};
+use std::io::IoSlice;
 use std::os::unix::io::{AsRawFd, RawFd};
 use std::path::Path;
 
@@ -23,10 +24,7 @@ pub fn setup_console_socket(csocket_path: &str) -> Result<Option<RawFd>> {
         None,
     )?;
 
-    match socket::connect(
-        socket_fd,
-        &socket::SockAddr::Unix(socket::UnixAddr::new(Path::new(csocket_path))?),
-    ) {
+    match socket::connect(socket_fd, &socket::UnixAddr::new(Path::new(csocket_path))?) {
         Ok(()) => Ok(Some(socket_fd)),
         Err(errno) => Err(anyhow!("failed to open console fd: {}", errno)),
     }
@@ -36,11 +34,11 @@ pub fn setup_master_console(socket_fd: RawFd) -> Result<()> {
     let pseudo = pty::openpty(None, None)?;
 
     let pty_name: &[u8] = b"/dev/ptmx";
-    let iov = [uio::IoVec::from_slice(pty_name)];
+    let iov = [IoSlice::new(pty_name)];
     let fds = [pseudo.master];
     let cmsg = socket::ControlMessage::ScmRights(&fds);
 
-    socket::sendmsg(socket_fd, &iov, &[cmsg], socket::MsgFlags::empty(), None)?;
+    socket::sendmsg::<()>(socket_fd, &iov, &[cmsg], socket::MsgFlags::empty(), None)?;
 
     unistd::setsid()?;
     let ret = unsafe { libc::ioctl(pseudo.slave, libc::TIOCSCTTY) };

src/agent/src/mount.rs

@@ -779,16 +779,20 @@ pub async fn add_storages(
             }
         };
 
-        // Todo need to rollback the mounted storage if err met.
-
-        if res.is_err() {
-            error!(
-                logger,
-                "add_storages failed, storage: {:?}, error: {:?} ", storage, res
-            );
-        }
-
-        let mount_point = res?;
+        let mount_point = match res {
+            Err(e) => {
+                error!(
+                    logger,
+                    "add_storages failed, storage: {:?}, error: {:?} ", storage, e
+                );
+                let mut sb = sandbox.lock().await;
+                sb.unset_sandbox_storage(&storage.mount_point)
+                    .map_err(|e| warn!(logger, "fail to unset sandbox storage {:?}", e))
+                    .ok();
+                return Err(e);
+            }
+            Ok(m) => m,
+        };
 
         if !mount_point.is_empty() {
             mount_list.push(mount_point);

src/agent/src/rpc.rs

@@ -390,8 +390,22 @@ impl AgentService {
             if p.init && sig == libc::SIGTERM && !is_signal_handled(&proc_status_file, sig as u32) {
                 sig = libc::SIGKILL;
             }
-            p.signal(sig)?;
-        }
+
+            match p.signal(sig) {
+                Err(Errno::ESRCH) => {
+                    info!(
+                        sl!(),
+                        "signal encounter ESRCH, continue";
+                        "container-id" => cid.clone(),
+                        "exec-id" => eid.clone(),
+                        "pid" => p.pid,
+                        "signal" => sig,
+                    );
+                }
+                Err(err) => return Err(anyhow!(err)),
+                Ok(()) => (),
+            }
+        };
 
         if eid.is_empty() {
             // eid is empty, signal all the remaining processes in the container cgroup

src/libs/kata-sys-util/src/spec.rs

@@ -10,9 +10,9 @@ use kata_types::container::ContainerType;
 
 #[derive(thiserror::Error, Debug)]
 pub enum Error {
-    /// unknow container type
-    #[error("unknow container type {0}")]
-    UnknowContainerType(String),
+    /// unknown container type
+    #[error("unknown container type {0}")]
+    UnknownContainerType(String),
     /// missing sandboxID
     #[error("missing sandboxID")]
     MissingSandboxID,
@@ -56,7 +56,7 @@ pub fn get_contaier_type(spec: &oci::Spec) -> Result<ContainerType, Error> {
                 "sandbox" => return Ok(ContainerType::PodSandbox),
                 "podsandbox" => return Ok(ContainerType::PodSandbox),
                 "container" => return Ok(ContainerType::PodContainer),
-                _ => return Err(Error::UnknowContainerType(type_value.clone())),
+                _ => return Err(Error::UnknownContainerType(type_value.clone())),
             }
         }
     }

tools/packaging/kata-deploy/kata-cleanup/base/kata-cleanup.yaml

@@ -18,7 +18,7 @@ spec:
           katacontainers.io/kata-runtime: cleanup
       containers:
       - name: kube-kata-cleanup
-        image: quay.io/kata-containers/kata-deploy:latest
+        image: quay.io/kata-containers/kata-deploy:3.0.0
         imagePullPolicy: Always
         command: [ "bash", "-c", "/opt/kata-artifacts/scripts/kata-deploy.sh reset" ]
         env:

tools/packaging/kata-deploy/kata-deploy/base/kata-deploy.yaml

@@ -16,7 +16,7 @@ spec:
       serviceAccountName: kata-label-node
       containers:
       - name: kube-kata
-        image: quay.io/kata-containers/kata-deploy:latest
+        image: quay.io/kata-containers/kata-deploy:3.0.0
         imagePullPolicy: Always
         lifecycle:
           preStop:

versions.yaml

@@ -209,7 +209,7 @@ externals:
 
   gperf:
     description: "GNU gperf is a perfect hash function generator"
-    url: "https://ftpmirror.gnu.org/gnu/gperf"
+    url: "http://ftp.gnu.org/pub/gnu/gperf/"
     version: "3.1"
 
   kubernetes: