func (p *LinuxResourcePool) Acquire(spec garden.ContainerSpec) (linux_backend.LinuxContainerSpec, error) {
	id := <-p.containerIDs
	containerPath := path.Join(p.depotPath, id)
	pLog := p.logger.Session(id)

	pLog.Info("creating")

	resources, err := p.acquirePoolResources(spec, id)
	if err != nil {
		return linux_backend.LinuxContainerSpec{}, err
	}
	defer cleanup(&err, func() {
		p.releasePoolResources(resources)
	})

	pLog.Info("acquired-pool-resources")

	handle := getHandle(spec.Handle, id)

	var quota int64 = int64(spec.Limits.Disk.ByteHard)
	if quota == 0 {
		quota = math.MaxInt64
	}

	containerRootFSPath, rootFSEnv, err := p.acquireSystemResources(id, handle, containerPath, spec.RootFSPath, resources, spec.BindMounts, quota, pLog)
	if err != nil {
		return linux_backend.LinuxContainerSpec{}, err
	}

	pLog.Info("created")

	specEnv, err := process.NewEnv(spec.Env)
	if err != nil {
		p.tryReleaseSystemResources(p.logger, id)
		return linux_backend.LinuxContainerSpec{}, err
	}

	pLog.Debug("calculate-environment", lager.Data{
		"rootfs-env": rootFSEnv,
	})

	spec.Env = rootFSEnv.Merge(specEnv).Array()
	spec.Handle = handle

	return linux_backend.LinuxContainerSpec{
		ID:                  id,
		ContainerPath:       containerPath,
		ContainerRootFSPath: containerRootFSPath,
		Resources:           resources,
		Events:              []string{},
		Version:             p.currentContainerVersion,
		State:               linux_backend.StateBorn,

		ContainerSpec: spec,
	}, nil
}
func (factory *gardenContainerSpecFactory) BuildResourceContainerSpec(
	spec ResourceTypeContainerSpec,
	gardenSpec garden.ContainerSpec,
	resourceTypes []atc.WorkerResourceType,
) (garden.ContainerSpec, error) {
	if len(spec.Mounts) > 0 && spec.Cache.Volume != nil {
		return gardenSpec, errors.New("a container may not have mounts and a cache")
	}

	gardenSpec.Privileged = true
	gardenSpec.Env = append(gardenSpec.Env, spec.Env...)

	if spec.Ephemeral {
		gardenSpec.Properties[ephemeralPropertyName] = "true"
	}

	if spec.Cache.Volume != nil && spec.Cache.MountPath != "" {
		gardenSpec.BindMounts = []garden.BindMount{
			{
				SrcPath: spec.Cache.Volume.Path(),
				DstPath: spec.Cache.MountPath,
				Mode:    garden.BindMountModeRW,
			},
		}

		factory.volumeHandles = append(factory.volumeHandles, spec.Cache.Volume.Handle())
		factory.volumeMounts[spec.Cache.Volume.Handle()] = spec.Cache.MountPath
	}

	var err error
	gardenSpec, err = factory.createVolumes(gardenSpec, spec.Mounts)
	if err != nil {
		return gardenSpec, err
	}

	if spec.ImageResourcePointer == nil {
		for _, t := range resourceTypes {
			if t.Type == spec.Type {
				gardenSpec.RootFSPath = t.Image
				return gardenSpec, nil
			}
		}

		return gardenSpec, ErrUnsupportedResourceType
	}

	return gardenSpec, nil
}
Exemple #3
0
func (p *LinuxResourcePool) Acquire(spec garden.ContainerSpec) (linux_backend.LinuxContainerSpec, error) {
	id := <-p.containerIDs
	containerPath := path.Join(p.depotPath, id)
	handle := getHandle(spec.Handle, id)
	pLog := p.logger.Session("acquire", lager.Data{"handle": handle})

	iptablesCh := make(chan error, 1)

	go func(iptablesCh chan error) {
		pLog.Debug("setup-iptables-starting")
		if err := p.filterProvider.ProvideFilter(id).Setup(handle); err != nil {
			pLog.Error("setup-iptables-failed", err)
			iptablesCh <- fmt.Errorf("resource_pool: set up filter: %v", err)
		} else {
			pLog.Debug("setup-iptables-ended")
			iptablesCh <- nil
		}
	}(iptablesCh)

	pLog.Info("creating")

	resources, err := p.acquirePoolResources(spec, id, pLog)
	if err != nil {
		return linux_backend.LinuxContainerSpec{}, err
	}
	defer cleanup(&err, func() {
		p.releasePoolResources(resources, pLog)
	})

	pLog.Info("acquired-pool-resources")

	pLog.Info("running-graph-cleanup")
	if err := p.rootFSProvider.GC(pLog); err != nil {
		pLog.Error("graph-cleanup-failed", err)
	}

	containerRootFSPath, rootFSEnv, err := p.acquireSystemResources(
		spec, id, resources, pLog,
	)
	if err != nil {
		return linux_backend.LinuxContainerSpec{}, err
	}

	err = <-iptablesCh
	if err != nil {
		p.tryReleaseSystemResources(p.logger, id)
		return linux_backend.LinuxContainerSpec{}, err
	}

	pLog.Info("created")

	specEnv, err := process.NewEnv(spec.Env)
	if err != nil {
		p.tryReleaseSystemResources(p.logger, id)
		return linux_backend.LinuxContainerSpec{}, err
	}

	spec.Env = rootFSEnv.Merge(specEnv).Array()
	spec.Handle = handle

	return linux_backend.LinuxContainerSpec{
		ID:                  id,
		ContainerPath:       containerPath,
		ContainerRootFSPath: containerRootFSPath,
		Resources:           resources,
		Events:              []string{},
		Version:             p.currentContainerVersion,
		State:               linux_backend.StateBorn,

		ContainerSpec: spec,
	}, nil
}
Exemple #4
0
func (exchanger exchanger) CreateInGarden(logger lager.Logger, gardenClient GardenClient, executorContainer executor.Container) (executor.Container, error) {
	logger = logger.Session("create-in-garden", lager.Data{"container-guid": executorContainer.Guid})
	containerSpec := garden.ContainerSpec{
		Handle:     executorContainer.Guid,
		Privileged: executorContainer.Privileged,
		RootFSPath: executorContainer.RootFSPath,
	}

	if executorContainer.MemoryMB != 0 {
		logger.Debug("setting-up-memory-limits")
		containerSpec.Limits.Memory.LimitInBytes = uint64(executorContainer.MemoryMB * 1024 * 1024)
	}

	logger.Debug("setting-up-disk-limits")
	gardenScope := garden.DiskLimitScopeExclusive
	if executorContainer.DiskScope == executor.TotalDiskLimit {
		gardenScope = garden.DiskLimitScopeTotal
	}
	containerSpec.Limits.Disk = garden.DiskLimits{
		ByteHard:  uint64(executorContainer.DiskMB * 1024 * 1024),
		InodeHard: exchanger.containerInodeLimit,
		Scope:     gardenScope,
	}

	logger.Debug("setting-up-cpu-limits")
	containerSpec.Limits.CPU.LimitInShares = uint64(float64(exchanger.containerMaxCPUShares) * float64(executorContainer.CPUWeight) / 100.0)

	logJson, err := json.Marshal(executorContainer.LogConfig)
	if err != nil {
		logger.Error("failed-marshal-log", err)
		return executor.Container{}, err
	}

	metricsConfigJson, err := json.Marshal(executorContainer.MetricsConfig)
	if err != nil {
		logger.Error("failed-marshal-metrics-config", err)
		return executor.Container{}, err
	}

	resultJson, err := json.Marshal(executorContainer.RunResult)
	if err != nil {
		logger.Error("failed-marshal-run-result", err)
		return executor.Container{}, err
	}

	containerSpec.Properties = garden.Properties{
		ContainerOwnerProperty:         exchanger.containerOwnerName,
		ContainerStateProperty:         string(executorContainer.State),
		ContainerAllocatedAtProperty:   fmt.Sprintf("%d", executorContainer.AllocatedAt),
		ContainerStartTimeoutProperty:  fmt.Sprintf("%d", executorContainer.StartTimeout),
		ContainerRootfsProperty:        executorContainer.RootFSPath,
		ContainerLogProperty:           string(logJson),
		ContainerMetricsConfigProperty: string(metricsConfigJson),
		ContainerResultProperty:        string(resultJson),
		ContainerMemoryMBProperty:      fmt.Sprintf("%d", executorContainer.MemoryMB),
		ContainerDiskMBProperty:        fmt.Sprintf("%d", executorContainer.DiskMB),
		ContainerCPUWeightProperty:     fmt.Sprintf("%d", executorContainer.CPUWeight),
	}

	for name, value := range executorContainer.Tags {
		containerSpec.Properties[TagPropertyPrefix+name] = value
	}

	for _, env := range executorContainer.Env {
		containerSpec.Env = append(containerSpec.Env, env.Name+"="+env.Value)
	}

	for _, securityRule := range executorContainer.EgressRules {
		if err := securityRule.Validate(); err != nil {
			logger.Error("invalid-security-rule", err, lager.Data{"security_group_rule": securityRule})
			return executor.Container{}, executor.ErrInvalidSecurityGroup
		}
	}

	logger.Debug("creating-garden-container")
	gardenContainer, err := gardenClient.Create(containerSpec)
	if err != nil {
		logger.Error("failed-creating-garden-container", err)
		return executor.Container{}, err
	}
	logger.Debug("succeeded-creating-garden-container")

	if executorContainer.Ports != nil {
		actualPortMappings := make([]executor.PortMapping, len(executorContainer.Ports))

		logger.Debug("setting-up-ports")
		for i, ports := range executorContainer.Ports {
			actualHostPort, actualContainerPort, err := gardenContainer.NetIn(uint32(ports.HostPort), uint32(ports.ContainerPort))
			if err != nil {
				logger.Error("failed-setting-up-ports", err)
				exchanger.destroyContainer(logger, gardenClient, gardenContainer)
				return executor.Container{}, err
			}

			actualPortMappings[i].ContainerPort = uint16(actualContainerPort)
			actualPortMappings[i].HostPort = uint16(actualHostPort)
		}
		logger.Debug("succeeded-setting-up-ports")

		executorContainer.Ports = actualPortMappings
	}

	for _, securityRule := range executorContainer.EgressRules {
		netOutRule, err := securityGroupRuleToNetOutRule(securityRule)
		if err != nil {
			logger.Error("failed-to-build-net-out-rule", err, lager.Data{"security_group_rule": securityRule})
			return executor.Container{}, err
		}

		logger.Debug("setting-up-net-out")
		err = gardenContainer.NetOut(netOutRule)
		if err != nil {
			logger.Error("failed-setting-up-net-out", err, lager.Data{"net-out-rule": netOutRule})
			exchanger.destroyContainer(logger, gardenClient, gardenContainer)
			return executor.Container{}, err
		}
		logger.Debug("succeeded-setting-up-net-out")
	}

	logger.Debug("getting-garden-container-info")
	info, err := gardenContainer.Info()
	if err != nil {
		logger.Error("failed-getting-garden-container-info", err)

		gardenErr := gardenClient.Destroy(gardenContainer.Handle())
		if gardenErr != nil {
			logger.Error("failed-destroy-garden-container", gardenErr)
		}

		return executor.Container{}, err
	}
	logger.Debug("succeeded-getting-garden-container-info")

	executorContainer.ExternalIP = info.ExternalIP

	return executorContainer, nil
}