Beispiel #1
0
// ManifestExclusiveLock gets an exclusive lock on only the pod manifest.
// This is used in the app sandbox - since the pod is already running, we
// won't be able to get an exclusive lock on the pod itself.
func (p *Pod) ExclusiveManifestLock() error {
	if p.manifestLock != nil {
		return p.manifestLock.ExclusiveLock() // This is idempotent
	}

	l, err := lock.ExclusiveLock(common.PodManifestLockPath(p.Path()), lock.RegFile)
	if err != nil {
		return err
	}

	p.manifestLock = l
	return nil
}
Beispiel #2
0
// ExclusiveLockManifest gets an exclusive lock on only the pod manifest in the app sandbox.
// Since the pod is already running, we won't be able to get an exclusive lock on the pod itself.
func (p *Pod) ExclusiveLockManifest() error {
	if !p.isRunning() {
		return errors.New("pod is not running")
	}

	if p.manifestLock != nil {
		return p.manifestLock.ExclusiveLock() // This is idempotent
	}

	l, err := lock.ExclusiveLock(common.PodManifestLockPath(p.Path()), lock.RegFile)
	if err != nil {
		return err
	}

	p.manifestLock = l
	return nil
}
Beispiel #3
0
// Prepare sets up a pod based on the given config.
func Prepare(cfg PrepareConfig, dir string, uuid *types.UUID) error {
	if err := os.MkdirAll(common.AppsInfoPath(dir), common.DefaultRegularDirPerm); err != nil {
		return errwrap.Wrap(errors.New("error creating apps info directory"), err)
	}
	debug("Preparing stage1")
	if err := prepareStage1Image(cfg, dir); err != nil {
		return errwrap.Wrap(errors.New("error preparing stage1"), err)
	}

	var pmb []byte
	var err error
	if len(cfg.PodManifest) > 0 {
		pmb, err = validatePodManifest(cfg, dir)
	} else {
		pmb, err = generatePodManifest(cfg, dir)
	}
	if err != nil {
		return err
	}

	cfg.CommonConfig.ManifestData = string(pmb)

	// create pod lock file for app add/rm operations.
	f, err := os.OpenFile(common.PodManifestLockPath(dir), os.O_CREATE|os.O_RDWR, 0600)
	if err != nil {
		return err
	}
	f.Close()

	debug("Writing pod manifest")
	fn := common.PodManifestPath(dir)
	if err := ioutil.WriteFile(fn, pmb, common.DefaultRegularFilePerm); err != nil {
		return errwrap.Wrap(errors.New("error writing pod manifest"), err)
	}

	f, err = os.OpenFile(common.PodCreatedPath(dir), os.O_CREATE|os.O_RDWR, common.DefaultRegularFilePerm)
	if err != nil {
		return err
	}
	f.Close()

	if cfg.UseOverlay {
		// mark the pod as prepared with overlay
		f, err := os.Create(filepath.Join(dir, common.OverlayPreparedFilename))
		if err != nil {
			return errwrap.Wrap(errors.New("error writing overlay marker file"), err)
		}
		defer f.Close()
	}

	if cfg.PrivateUsers.Shift > 0 {
		// mark the pod as prepared for user namespaces
		uidrangeBytes := cfg.PrivateUsers.Serialize()

		if err := ioutil.WriteFile(filepath.Join(dir, common.PrivateUsersPreparedFilename), uidrangeBytes, common.DefaultRegularFilePerm); err != nil {
			return errwrap.Wrap(errors.New("error writing userns marker file"), err)
		}
	}

	return nil
}