From 48ce34d1bf2c3e401eba48c24c87b2e2f89df894 Mon Sep 17 00:00:00 2001 From: Francesco Giudici Date: Mon, 26 Jul 2021 16:49:26 +0200 Subject: [PATCH] cmd/crio: add 'publish' command The containerd shimv2 specification provides a 'publish-binary' argument to allow reporting events from the shim up to the container engine. The call to the publish binary is in the form: $PUBLISH_BIN --address $ADDRESS publish --topic $TOPIC --namespace $NS Usually the publish binary is the container engine itself: containerd supports the "publish" command and shimv2 implementations use by default the container engine as the publish binary. Right now when a kata-containers shimv2 workload is run with CRI-O, the CRI-O binary is called by the containerd-shimv2 binary for every sandbox event (e.g., sandbox creation, deletion, ...). CRI-O returns an error as doesn't support the "publish" format above, causing the containerd-shim-kata-v2 implementation to report an error for each event in the logs. Sample error: time="2021-07-26T17:23:11.726445138+02:00" level=error msg="post event" error="failed to publish event: exit status 1" name=containerd-shim-v2 pid=9478 sandbox=6714bbfe5d600dc8c24f2c0fcf2e14857eb14cf85605aa213bb92660725335f3 source=containerd-kata-shim-v2 Allow CRI-O to support the "publish" command as per the containerd shimv2 specification, just ignoring the events without reporting any error. Signed-off-by: Francesco Giudici --- cmd/crio/main.go | 1 + cmd/crio/publish.go | 25 +++++++++++++++++++++++++ completions/bash/crio | 1 + completions/zsh/_crio | 2 +- internal/criocli/criocli.go | 5 +++++ 5 files changed, 33 insertions(+), 1 deletion(-) create mode 100644 cmd/crio/publish.go diff --git a/cmd/crio/main.go b/cmd/crio/main.go index 44d3f5d01bb..6b19e15d3bd 100644 --- a/cmd/crio/main.go +++ b/cmd/crio/main.go @@ -126,6 +126,7 @@ func main() { app.Commands = criocli.DefaultCommands app.Commands = append(app.Commands, []*cli.Command{ configCommand, + publishCommand, versionCommand, wipeCommand, }...) diff --git a/cmd/crio/publish.go b/cmd/crio/publish.go new file mode 100644 index 00000000000..07faddc5f7a --- /dev/null +++ b/cmd/crio/publish.go @@ -0,0 +1,25 @@ +package main + +import ( + "github.com/urfave/cli/v2" +) + +var publishCommand = &cli.Command{ + Name: "publish", + Usage: "receive shimv2 events", + Flags: []cli.Flag{ + &cli.StringFlag{ + Name: "topic", + Hidden: true, + }, + &cli.StringFlag{ + Name: "namespace", + Hidden: true, + }, + }, + HideHelp: true, + Hidden: true, + Action: func(c *cli.Context) error { + return nil + }, +} diff --git a/completions/bash/crio b/completions/bash/crio index df9452f26f9..db6d49989a0 100755 --- a/completions/bash/crio +++ b/completions/bash/crio @@ -14,6 +14,7 @@ help h --absent-mount-sources-to-reject --additional-devices +--address --apparmor-profile --big-files-temporary-dir --bind-mount-prefix diff --git a/completions/zsh/_crio b/completions/zsh/_crio index 5de0c9db8ba..38075f41a75 100644 --- a/completions/zsh/_crio +++ b/completions/zsh/_crio @@ -7,7 +7,7 @@ it later with **--config**. Global options will modify the output.' 'version:dis _describe 'commands' cmds local -a opts - opts=('--absent-mount-sources-to-reject' '--additional-devices' '--apparmor-profile' '--big-files-temporary-dir' '--bind-mount-prefix' '--cgroup-manager' '--clean-shutdown-file' '--cni-config-dir' '--cni-default-network' '--cni-plugin-dir' '--config' '--config-dir' '--conmon' '--conmon-cgroup' '--conmon-env' '--container-attach-socket-dir' '--container-exits-dir' '--ctr-stop-timeout' '--decryption-keys-path' '--default-capabilities' '--default-env' '--default-mounts-file' '--default-runtime' '--default-sysctls' '--default-transport' '--default-ulimits' '--drop-infra-ctr' '--enable-metrics' '--enable-profile-unix-socket' '--gid-mappings' '--global-auth-file' '--grpc-max-recv-msg-size' '--grpc-max-send-msg-size' '--hooks-dir' '--image-volumes' '--infra-ctr-cpuset' '--insecure-registry' '--internal-wipe' '--irqbalance-config-file' '--listen' '--log' '--log-dir' '--log-filter' '--log-format' '--log-journald' '--log-level' '--log-size-max' '--metrics-cert' '--metrics-collectors' '--metrics-key' '--metrics-port' '--metrics-socket' '--namespaces-dir' '--no-pivot' '--pause-command' '--pause-image' '--pause-image-auth-file' '--pids-limit' '--pinns-path' '--profile' '--profile-port' '--read-only' '--registries-conf' '--registries-conf-dir' '--registry' '--root' '--runroot' '--runtimes' '--seccomp-profile' '--seccomp-use-default-when-empty' '--selinux' '--separate-pull-cgroup' '--signature-policy' '--storage-driver' '--storage-opt' '--stream-address' '--stream-enable-tls' '--stream-idle-timeout' '--stream-port' '--stream-tls-ca' '--stream-tls-cert' '--stream-tls-key' '--uid-mappings' '--version-file' '--version-file-persist' '--help' '--version') + opts=('--absent-mount-sources-to-reject' '--additional-devices' '--address' '--apparmor-profile' '--big-files-temporary-dir' '--bind-mount-prefix' '--cgroup-manager' '--clean-shutdown-file' '--cni-config-dir' '--cni-default-network' '--cni-plugin-dir' '--config' '--config-dir' '--conmon' '--conmon-cgroup' '--conmon-env' '--container-attach-socket-dir' '--container-exits-dir' '--ctr-stop-timeout' '--decryption-keys-path' '--default-capabilities' '--default-env' '--default-mounts-file' '--default-runtime' '--default-sysctls' '--default-transport' '--default-ulimits' '--drop-infra-ctr' '--enable-metrics' '--enable-profile-unix-socket' '--gid-mappings' '--global-auth-file' '--grpc-max-recv-msg-size' '--grpc-max-send-msg-size' '--hooks-dir' '--image-volumes' '--infra-ctr-cpuset' '--insecure-registry' '--internal-wipe' '--irqbalance-config-file' '--listen' '--log' '--log-dir' '--log-filter' '--log-format' '--log-journald' '--log-level' '--log-size-max' '--metrics-cert' '--metrics-collectors' '--metrics-key' '--metrics-port' '--metrics-socket' '--namespaces-dir' '--no-pivot' '--pause-command' '--pause-image' '--pause-image-auth-file' '--pids-limit' '--pinns-path' '--profile' '--profile-port' '--read-only' '--registries-conf' '--registries-conf-dir' '--registry' '--root' '--runroot' '--runtimes' '--seccomp-profile' '--seccomp-use-default-when-empty' '--selinux' '--separate-pull-cgroup' '--signature-policy' '--storage-driver' '--storage-opt' '--stream-address' '--stream-enable-tls' '--stream-idle-timeout' '--stream-port' '--stream-tls-ca' '--stream-tls-cert' '--stream-tls-key' '--uid-mappings' '--version-file' '--version-file-persist' '--help' '--version') _describe 'global options' opts return diff --git a/internal/criocli/criocli.go b/internal/criocli/criocli.go index 9c40845c6a8..32bb248ea26 100644 --- a/internal/criocli/criocli.go +++ b/internal/criocli/criocli.go @@ -866,6 +866,11 @@ func getCrioFlags(defConf *libconfig.Config) []cli.Flag { EnvVars: []string{"CONTAINER_REGISTRIES_CONF_DIR"}, TakesFile: true, }, + &cli.StringFlag{ + Name: "address", + Usage: "address used for the publish command", + Hidden: true, + }, &cli.StringFlag{ Name: "version-file", Usage: "Location for CRI-O to lay down the temporary version file. It is used to check if crio wipe should wipe containers, which should always happen on a node reboot",