func (p *LinuxResourcePool) Acquire(spec garden.ContainerSpec) (linux_backend.LinuxContainerSpec, error) { id := <-p.containerIDs containerPath := path.Join(p.depotPath, id) pLog := p.logger.Session(id) pLog.Info("creating") resources, err := p.acquirePoolResources(spec, id) if err != nil { return linux_backend.LinuxContainerSpec{}, err } defer cleanup(&err, func() { p.releasePoolResources(resources) }) pLog.Info("acquired-pool-resources") handle := getHandle(spec.Handle, id) var quota int64 = int64(spec.Limits.Disk.ByteHard) if quota == 0 { quota = math.MaxInt64 } containerRootFSPath, rootFSEnv, err := p.acquireSystemResources(id, handle, containerPath, spec.RootFSPath, resources, spec.BindMounts, quota, pLog) if err != nil { return linux_backend.LinuxContainerSpec{}, err } pLog.Info("created") specEnv, err := process.NewEnv(spec.Env) if err != nil { p.tryReleaseSystemResources(p.logger, id) return linux_backend.LinuxContainerSpec{}, err } pLog.Debug("calculate-environment", lager.Data{ "rootfs-env": rootFSEnv, }) spec.Env = rootFSEnv.Merge(specEnv).Array() spec.Handle = handle return linux_backend.LinuxContainerSpec{ ID: id, ContainerPath: containerPath, ContainerRootFSPath: containerRootFSPath, Resources: resources, Events: []string{}, Version: p.currentContainerVersion, State: linux_backend.StateBorn, ContainerSpec: spec, }, nil }
func (factory *gardenContainerSpecFactory) BuildResourceContainerSpec( spec ResourceTypeContainerSpec, gardenSpec garden.ContainerSpec, resourceTypes []atc.WorkerResourceType, ) (garden.ContainerSpec, error) { if len(spec.Mounts) > 0 && spec.Cache.Volume != nil { return gardenSpec, errors.New("a container may not have mounts and a cache") } gardenSpec.Privileged = true gardenSpec.Env = append(gardenSpec.Env, spec.Env...) if spec.Ephemeral { gardenSpec.Properties[ephemeralPropertyName] = "true" } if spec.Cache.Volume != nil && spec.Cache.MountPath != "" { gardenSpec.BindMounts = []garden.BindMount{ { SrcPath: spec.Cache.Volume.Path(), DstPath: spec.Cache.MountPath, Mode: garden.BindMountModeRW, }, } factory.volumeHandles = append(factory.volumeHandles, spec.Cache.Volume.Handle()) factory.volumeMounts[spec.Cache.Volume.Handle()] = spec.Cache.MountPath } var err error gardenSpec, err = factory.createVolumes(gardenSpec, spec.Mounts) if err != nil { return gardenSpec, err } if spec.ImageResourcePointer == nil { for _, t := range resourceTypes { if t.Type == spec.Type { gardenSpec.RootFSPath = t.Image return gardenSpec, nil } } return gardenSpec, ErrUnsupportedResourceType } return gardenSpec, nil }
func (p *LinuxResourcePool) Acquire(spec garden.ContainerSpec) (linux_backend.LinuxContainerSpec, error) { id := <-p.containerIDs containerPath := path.Join(p.depotPath, id) handle := getHandle(spec.Handle, id) pLog := p.logger.Session("acquire", lager.Data{"handle": handle}) iptablesCh := make(chan error, 1) go func(iptablesCh chan error) { pLog.Debug("setup-iptables-starting") if err := p.filterProvider.ProvideFilter(id).Setup(handle); err != nil { pLog.Error("setup-iptables-failed", err) iptablesCh <- fmt.Errorf("resource_pool: set up filter: %v", err) } else { pLog.Debug("setup-iptables-ended") iptablesCh <- nil } }(iptablesCh) pLog.Info("creating") resources, err := p.acquirePoolResources(spec, id, pLog) if err != nil { return linux_backend.LinuxContainerSpec{}, err } defer cleanup(&err, func() { p.releasePoolResources(resources, pLog) }) pLog.Info("acquired-pool-resources") pLog.Info("running-graph-cleanup") if err := p.rootFSProvider.GC(pLog); err != nil { pLog.Error("graph-cleanup-failed", err) } containerRootFSPath, rootFSEnv, err := p.acquireSystemResources( spec, id, resources, pLog, ) if err != nil { return linux_backend.LinuxContainerSpec{}, err } err = <-iptablesCh if err != nil { p.tryReleaseSystemResources(p.logger, id) return linux_backend.LinuxContainerSpec{}, err } pLog.Info("created") specEnv, err := process.NewEnv(spec.Env) if err != nil { p.tryReleaseSystemResources(p.logger, id) return linux_backend.LinuxContainerSpec{}, err } spec.Env = rootFSEnv.Merge(specEnv).Array() spec.Handle = handle return linux_backend.LinuxContainerSpec{ ID: id, ContainerPath: containerPath, ContainerRootFSPath: containerRootFSPath, Resources: resources, Events: []string{}, Version: p.currentContainerVersion, State: linux_backend.StateBorn, ContainerSpec: spec, }, nil }
func (exchanger exchanger) CreateInGarden(logger lager.Logger, gardenClient GardenClient, executorContainer executor.Container) (executor.Container, error) { logger = logger.Session("create-in-garden", lager.Data{"container-guid": executorContainer.Guid}) containerSpec := garden.ContainerSpec{ Handle: executorContainer.Guid, Privileged: executorContainer.Privileged, RootFSPath: executorContainer.RootFSPath, } if executorContainer.MemoryMB != 0 { logger.Debug("setting-up-memory-limits") containerSpec.Limits.Memory.LimitInBytes = uint64(executorContainer.MemoryMB * 1024 * 1024) } logger.Debug("setting-up-disk-limits") gardenScope := garden.DiskLimitScopeExclusive if executorContainer.DiskScope == executor.TotalDiskLimit { gardenScope = garden.DiskLimitScopeTotal } containerSpec.Limits.Disk = garden.DiskLimits{ ByteHard: uint64(executorContainer.DiskMB * 1024 * 1024), InodeHard: exchanger.containerInodeLimit, Scope: gardenScope, } logger.Debug("setting-up-cpu-limits") containerSpec.Limits.CPU.LimitInShares = uint64(float64(exchanger.containerMaxCPUShares) * float64(executorContainer.CPUWeight) / 100.0) logJson, err := json.Marshal(executorContainer.LogConfig) if err != nil { logger.Error("failed-marshal-log", err) return executor.Container{}, err } metricsConfigJson, err := json.Marshal(executorContainer.MetricsConfig) if err != nil { logger.Error("failed-marshal-metrics-config", err) return executor.Container{}, err } resultJson, err := json.Marshal(executorContainer.RunResult) if err != nil { logger.Error("failed-marshal-run-result", err) return executor.Container{}, err } containerSpec.Properties = garden.Properties{ ContainerOwnerProperty: exchanger.containerOwnerName, ContainerStateProperty: string(executorContainer.State), ContainerAllocatedAtProperty: fmt.Sprintf("%d", executorContainer.AllocatedAt), ContainerStartTimeoutProperty: fmt.Sprintf("%d", executorContainer.StartTimeout), ContainerRootfsProperty: executorContainer.RootFSPath, ContainerLogProperty: string(logJson), ContainerMetricsConfigProperty: string(metricsConfigJson), ContainerResultProperty: string(resultJson), ContainerMemoryMBProperty: fmt.Sprintf("%d", executorContainer.MemoryMB), ContainerDiskMBProperty: fmt.Sprintf("%d", executorContainer.DiskMB), ContainerCPUWeightProperty: fmt.Sprintf("%d", executorContainer.CPUWeight), } for name, value := range executorContainer.Tags { containerSpec.Properties[TagPropertyPrefix+name] = value } for _, env := range executorContainer.Env { containerSpec.Env = append(containerSpec.Env, env.Name+"="+env.Value) } for _, securityRule := range executorContainer.EgressRules { if err := securityRule.Validate(); err != nil { logger.Error("invalid-security-rule", err, lager.Data{"security_group_rule": securityRule}) return executor.Container{}, executor.ErrInvalidSecurityGroup } } logger.Debug("creating-garden-container") gardenContainer, err := gardenClient.Create(containerSpec) if err != nil { logger.Error("failed-creating-garden-container", err) return executor.Container{}, err } logger.Debug("succeeded-creating-garden-container") if executorContainer.Ports != nil { actualPortMappings := make([]executor.PortMapping, len(executorContainer.Ports)) logger.Debug("setting-up-ports") for i, ports := range executorContainer.Ports { actualHostPort, actualContainerPort, err := gardenContainer.NetIn(uint32(ports.HostPort), uint32(ports.ContainerPort)) if err != nil { logger.Error("failed-setting-up-ports", err) exchanger.destroyContainer(logger, gardenClient, gardenContainer) return executor.Container{}, err } actualPortMappings[i].ContainerPort = uint16(actualContainerPort) actualPortMappings[i].HostPort = uint16(actualHostPort) } logger.Debug("succeeded-setting-up-ports") executorContainer.Ports = actualPortMappings } for _, securityRule := range executorContainer.EgressRules { netOutRule, err := securityGroupRuleToNetOutRule(securityRule) if err != nil { logger.Error("failed-to-build-net-out-rule", err, lager.Data{"security_group_rule": securityRule}) return executor.Container{}, err } logger.Debug("setting-up-net-out") err = gardenContainer.NetOut(netOutRule) if err != nil { logger.Error("failed-setting-up-net-out", err, lager.Data{"net-out-rule": netOutRule}) exchanger.destroyContainer(logger, gardenClient, gardenContainer) return executor.Container{}, err } logger.Debug("succeeded-setting-up-net-out") } logger.Debug("getting-garden-container-info") info, err := gardenContainer.Info() if err != nil { logger.Error("failed-getting-garden-container-info", err) gardenErr := gardenClient.Destroy(gardenContainer.Handle()) if gardenErr != nil { logger.Error("failed-destroy-garden-container", gardenErr) } return executor.Container{}, err } logger.Debug("succeeded-getting-garden-container-info") executorContainer.ExternalIP = info.ExternalIP return executorContainer, nil }