The Container class is an abstraction of the specific containment technology used. More...

#include <container.h>

Inheritance diagram for softwarecontainer::Container:

Collaboration diagram for softwarecontainer::Container:

Public Types
typedef std::function< int()>	ExecFunction

Public Member Functions
	Container (const std::string id, const std::string &configFile, const std::string &containerRoot, bool writeBufferEnabled=false, int shutdownTimeout=1)
	Constructor. More...

bool	create ()
	create Creates a new lxc_container and creates it with all the initialization. More...

bool	start (pid_t *pid)
	Start the container. More...

bool	setCgroupItem (std::string subsys, std::string value)

bool	execute (const std::string &commandLine, pid_t *pid, const EnvironmentVariables &variables, const std::string &workingDirectory="/", int stdin=-1, int stdout=1, int stderr=2)
	Start a process from the given command line, with an environment consisting of the variables previously set by the gateways, plus the ones passed as parameters here. More...

bool	execute (ExecFunction function, pid_t *pid, const EnvironmentVariables &variables=EnvironmentVariables(), int stdin=-1, int stdout=1, int stderr=2)
	Executes a commandline. More...

bool	executeSync (ExecFunction function, pid_t *pid, const EnvironmentVariables &variables=EnvironmentVariables(), int stdin=-1, int stdout=1, int stderr=2)
	synchronous version of execute More...

bool	bindMountInContainer (const std::string &pathInHost, const std::string &pathInContainer, bool readOnly=true)
	Tries to bind mount a path from host to container. More...

bool	mountDevice (const std::string &pathInHost)

bool	destroy ()
	Calls shutdown, and then destroys the container. More...

bool	destroy (unsigned int timeout)

bool	shutdown ()
	Calls shutdown on the lxc container. More...

bool	shutdown (unsigned int timeout)

bool	suspend ()

bool	resume ()

bool	stop ()
	Calls stop on the lxc container(force stop) More...

bool	waitForState (LXCContainerState state, int timeout=20)

bool	ensureContainerRunning ()

bool	initialize ()
	Setup the container for startup. More...

std::string	toString ()

const char *	id () const

std::string	gatewaysDirInContainer () const

std::string	gatewaysDir () const

bool	setEnvironmentVariable (const std::string &var, const std::string &val)

Private Member Functions
bool	bindMount (const std::string &src, const std::string &dst, const std::string &tmpContainerRoot, bool readOnly, bool writeBufferEnabled=false)
	bindMount Bind mount a src directory to another position dst. More...

bool	tmpfsMount (const std::string dst, const int maxSize)
	tmpfsMount Mount a tmpfs in the dst path and limit size of the tmpfs to maxSize More...

bool	writeToFile (const std::string &path, const std::string &content)

void	markFileForDeletion (const std::string &path)

bool	overlayMount (const std::string &lower, const std::string &upper, const std::string &work, const std::string &dst)
	overlayMount Mount a directory with an overlay on top of it. More...

bool	syncOverlayMount (const std::string &lower, const std::string &upper)
	syncOverlayMount Copy the directory structure from upper layer to the lower layer More...

bool	createSharedMountPoint (const std::string &path)
	createSharedMountPoint Make the mount point shared, ie new mount points created in one bind mount will also be created in the other mount point. More...

bool	pathInList (const std::string path)
	checks whether given path is already added to clean up handlers or not More...

Private Attributes
std::vector< std::unique_ptr< CleanUpHandler > >	m_cleanupHandlers
	m_cleanupHandlers A vector of cleanupHandlers added during the lifetime of the FileToolKitWithUndo that will be run from the destructor. More...

std::vector< std::unique_ptr< CreateDir > >	m_createDirList
	m_createDirList A vector of CreateDir classes. More...

Detailed Description

The Container class is an abstraction of the specific containment technology used.

The Container class is meant to be an abstraction of the containment technology, so that SoftwareContainer can view it as a generic concept that implements the specifics behind the conceptual phases of 'Pereload', 'Launch', and 'Shutdown'.

Definition at line 42 of file container.h.

Constructor & Destructor Documentation

softwarecontainer::Container::Container	(	const std::string	id,
		const std::string &	configFile,
		const std::string &	containerRoot,
		bool	writeBufferEnabled = `false`,
		int	shutdownTimeout = `1`
	)

Constructor.

Parameters

name	Name of the container
configFile	Path to the configuration file (including the file name)
containerRoot	A path to the root of the container, i.e. the base path to e.g. the configurations and application root
writeBufferEnabled	Enable RAM write buffers on top of rootfs
shutdownTimeout	Timeout for shutdown of container.

Definition at line 75 of file container.cpp.

References destroy(), and shutdown().

                                           :
     m_configFile(configFile),
     m_id(id),
     m_containerRoot(containerRoot),
     m_writeBufferEnabled(writeBufferEnabled),
     m_shutdownTimeout(shutdownTimeout)
 {
     init_lxc();
     log_debug() << "Container constructed with " << id;
 }

Here is the call graph for this function:

Member Function Documentation

bool softwarecontainer::Container::create ( )

virtual

create Creates a new lxc_container and creates it with all the initialization.

Returns: false on failed creation and true on a successful creation.

Implements softwarecontainer::ContainerAbstractInterface.

Definition at line 145 of file container.cpp.

References softwarecontainer::FileToolkitWithUndo::overlayMount().

 {
     if (m_state >= ContainerState::CREATED) {
         log_warning() << "Container already created";
         return false;
     }
 
     log_debug() << "Creating container " << toString();
 
     const char *containerID = id();
     if (strlen(containerID) == 0) {
         log_error() << "ContainerID cannot be empty";
         return false;
     }
 
     setenv("GATEWAY_DIR", gatewaysDir().c_str(), true);
     log_debug() << "GATEWAY_DIR : " << Glib::getenv("GATEWAY_DIR");
 
     auto configFile = m_configFile.c_str();
     log_debug() << "Config file : " << configFile;
     log_debug() << "Template : " << LXCTEMPLATE;
     log_debug() << "creating container with ID : " << containerID;
 
     // Creating a new LXC pointer
     // After this point all failures should do rollback
     m_container = lxc_container_new(containerID, nullptr);
     if (!m_container) {
         log_error() << "Error creating a new container";
         return rollbackCreate();
     }
 
     if (m_container->is_defined(m_container)) {
         log_error() << "ContainerID '" << containerID << "' is already in use.";
         return rollbackCreate();
     }
     log_debug() << "Successfully created container struct";
 
     if (!m_container->load_config(m_container, configFile)) {
         log_error() << "Error loading container config";
         return rollbackCreate();
 
     }
     log_debug() << "Successfully loaded container config";
 
     // File system stuff
     m_rootFSPath = buildPath(s_LXCRoot, containerID, "rootfs");
 
     if (m_writeBufferEnabled) {
         const std::string rootFSPathLower = m_containerRoot + "/rootfs-lower";
         const std::string rootFSPathUpper = m_containerRoot + "/rootfs-upper";
         const std::string rootFSPathWork  = m_containerRoot + "/rootfs-work";
 
         overlayMount(rootFSPathLower, rootFSPathUpper, rootFSPathWork, m_rootFSPath);
         log_debug() << "Write buffer enabled, lowerdir=" << rootFSPathLower
                     << ", upperdir=" << rootFSPathUpper
                     << ", workdir=" << rootFSPathWork
                     << ", dst=" << m_rootFSPath;
     } else {
         log_debug() << "WriteBuffer disabled, dst=" << m_rootFSPath;
     }
 
     // Set the LXC template
     int flags = 0;
     std::vector<char *> argv;
     if (!m_container->create(m_container, LXCTEMPLATE, nullptr, nullptr, flags, &argv[0])) {
         log_error() << "Error creating container";
         m_rootFSPath.assign("");
         return rollbackCreate();
     }
 
     // Everything went fine, set state and return successfully.
     m_state = ContainerState::CREATED;
     log_debug() << "Container created. RootFS: " << m_rootFSPath;
 
     return true;
 }

Here is the call graph for this function:

bool softwarecontainer::Container::start ( pid_t * pid )

virtual

Start the container.

Returns: The pid of the init process of the container

Implements softwarecontainer::ContainerAbstractInterface.

Definition at line 265 of file container.cpp.

 {
     if (m_state < ContainerState::CREATED) {
         log_warning() << "Trying to start container that isn't created. Please create the container first";
         return false;
     }
 
     if (pid == nullptr) {
         log_error() << "Supplied pid argument is nullptr";
         return false;
     }
 
     // For some reason the LXC start function does not work out
     log_debug() << "Starting container";
 
     char commandEnv[] = "env";
     char commandSleep[] = "/bin/sleep";
     char commandSleepTime[] = "100000000";
     char* const args[] = { commandEnv, commandSleep, commandSleepTime, nullptr };
 
     if (!m_container->start(m_container, false, args)) {
         log_error() << "Error starting container";
         return false;
     }
 
     log_debug() << "Container started: " << toString();
     *pid = m_container->init_pid(m_container);
     m_state = ContainerState::STARTED;
 
     if (!ensureContainerRunning()) {
         log_error() << "Container started but is not running";
         return false;
     }
 
     log_info() << "To connect to this container : lxc-attach -n " << id();
     return true;
 }

bool softwarecontainer::Container::execute	(	const std::string &	commandLine,
		pid_t *	pid,
		const EnvironmentVariables &	variables,
		const std::string &	workingDirectory = `"/"`,
		int	stdin = `-1`,
		int	stdout = `1`,
		int	stderr = `2`
	)

virtual

Start a process from the given command line, with an environment consisting of the variables previously set by the gateways, plus the ones passed as parameters here.

Implements softwarecontainer::Executable.

Definition at line 429 of file container.cpp.

Referenced by executeSync().

 {
     if (!ensureContainerRunning()) {
         log_error() << "Container is not running or in bad state, can't attach";
         return false;
     }
 
     if (pid == nullptr) {
         log_error() << "Supplied pid argument is nullptr";
         return false;
     }
 
     log_debug() << "Attach " << commandLine ;
 
     std::vector<std::string> executeCommandVec = Glib::shell_parse_argv(commandLine);
     std::vector<char *> args;
 
     for (size_t i = 0; i < executeCommandVec.size(); i++) {
         executeCommandVec[i].c_str(); // ensure the string is null-terminated. not sure thas is required.
         auto s = &executeCommandVec[i][0];
         args.push_back(s);
     }
 
     // We need a null terminated array
     args.push_back(nullptr);
 
     bool result = execute([&] () {
                 if (workingDirectory.length() != 0) {
                     auto ret = chdir(workingDirectory.c_str());
                     if (ret != 0) {
                         log_error() << "Error when changing current directory : "
                                     << strerror(errno);
                     }
                 }
                 execvp(args[0], args.data());
                 return 1;
             }, pid, variables, stdin, stdout, stderr);
     if (!result) {
         log_error() << "Could not execute in container";
         return false;
     }
 
     return true;
 }

Here is the caller graph for this function:

bool softwarecontainer::Container::execute	(	ExecFunction	function,
		pid_t *	pid,
		const EnvironmentVariables &	variables = `EnvironmentVariables()`,
		int	stdin = `-1`,
		int	stdout = `1`,
		int	stderr = `2`
	)

virtual

Executes a commandline.

Implements softwarecontainer::Executable.

Definition at line 349 of file container.cpp.

 {
     if (pid == nullptr) {
         log_error() << "Supplied pid argument is nullptr";
         return false;
     }
 
     if (!ensureContainerRunning()) {
         log_error() << "Container is not running or in bad state, can't execute";
         return false;
     }
 
     lxc_attach_options_t options = LXC_ATTACH_OPTIONS_DEFAULT;
     options.stdin_fd = stdin;
     options.stdout_fd = stdout;
     options.stderr_fd = stderr;
 
     options.uid = ROOT_UID;
     options.gid = ROOT_UID;
 
     // List of vars to use when executing the function
     EnvironmentVariables actualVariables = variables;
 
     // Add the variables set by gateways, variables passed with the 'variables' argument
     // will take precedence over previously set variables.
     for (auto &var : m_gatewayEnvironmentVariables) {
         if (variables.count(var.first) != 0) {
             if (m_gatewayEnvironmentVariables.at(var.first) != variables.at(var.first)) {
                 // Inform user that GW config will be overridden, it might be unintentionally done
                 log_info() << "Variable \"" << var.first
                            << "\" set by gateway will be overwritten with the value: \""
                            << variables.at(var.first) << "\"";
             }
             actualVariables[var.first] = variables.at(var.first);
         } else {
             // The variable was not set again, just keep the original value set by GW
             actualVariables[var.first] = var.second;
         }
     }
 
     log_debug() << "Starting function in container " << toString();
 
     // prepare array of env variable strings to be set when launching the process in the container
     std::vector<std::string> strings;
     for (auto &var : actualVariables) {
         strings.push_back(var.first + "=" + var.second);
     }
 
     const size_t stringCount = strings.size() + 1;
     const char **envVariablesArray = new const char* [stringCount];
     for (size_t i = 0; i < strings.size(); i++) {
         envVariablesArray[i] = strings[i].c_str();
         log_debug() << "Passing env variable: " << strings[i];
     }
     // Null terminate
     envVariablesArray[strings.size()] = nullptr;
     options.extra_env_vars = (char **)envVariablesArray;
 
     // Do the actual attach call to the container
     int attach_res = m_container->attach(m_container,
                                          &Container::executeInContainerEntryFunction,
                                          &function,
                                          &options,
                                          pid);
 
     delete[] envVariablesArray;
     if (attach_res == 0) {
         log_info() << " Attached PID: " << *pid;
         return true;
     } else  {
         log_error() << "Attach call to LXC container failed: " << std::string(strerror(errno));
         return false;
     }
 }

bool softwarecontainer::Container::executeSync	(	ExecFunction	function,
		pid_t *	pid,
		const EnvironmentVariables &	variables = `EnvironmentVariables()`,
		int	stdin = `-1`,
		int	stdout = `1`,
		int	stderr = `2`
	)

synchronous version of execute

Definition at line 335 of file container.cpp.

References execute(), and softwarecontainer::waitForProcessTermination().

Referenced by bindMountInContainer().

 {
     bool execResult = execute(function, pid, variables, stdin_var, stdout_var, stderr_var);
 
     // Make sure the container execution finishes and was successful
     int status = waitForProcessTermination(*pid);
     return execResult && (0 == status);
 }

Here is the call graph for this function:

Here is the caller graph for this function:

bool softwarecontainer::Container::bindMountInContainer	(	const std::string &	pathInHost,
		const std::string &	pathInContainer,
		bool	readOnly = `true`
	)

virtual

Tries to bind mount a path from host to container.

Any missing parent paths will be created.

Parameters

pathInHost	The path on the host that shall be bind mounted into the container
pathInContainer	Where to mount the path in the container.
readonly	Sets if the mount should be read only or read write

Returns: SUCCESS if everything worked as expected, FAILURE otherwise

Implements softwarecontainer::ContainerAbstractInterface.

Definition at line 571 of file container.cpp.

References softwarecontainer::FileToolkitWithUndo::bindMount(), executeSync(), softwarecontainer::existsInFileSystem(), softwarecontainer::isDirectory(), softwarecontainer::FileToolkitWithUndo::m_cleanupHandlers, softwarecontainer::FileToolkitWithUndo::m_createDirList, and softwarecontainer::FileToolkitWithUndo::pathInList().

 {
     if (!existsInFileSystem(pathInHost)) {
         log_error() << "Path on host does not exist: " << pathInHost;
         return false;
     }
 
     // Check that there is nothing already mounted on the target path
     pid_t pid = INVALID_PID;
     bool checkIfAlreadyMountpoint = executeSync([pathInContainer] () {
         FILE *mountsfile = setmntent("/proc/mounts", "r");
         struct mntent *mounts;
         while ((mounts = getmntent(mountsfile)) != nullptr) {
             std::string mountDir(mounts->mnt_dir);
             if (0 == mountDir.compare(pathInContainer)) {
                 return -1;
             }
         }
         return 0;
     }, &pid);
 
     if (!checkIfAlreadyMountpoint) {
         log_error() << pathInContainer << " is already mounted to.";
         return false;
     }
 
     // Create a file to mount to in gateways
     std::string filePart = baseName(pathInContainer);
     std::string tempPath = buildPath(gatewaysDir(), filePart);
     bool pathIsDirectory = false;
     std::unique_ptr<CreateDir> createDirInstance = std::unique_ptr<CreateDir>(new CreateDir());
     //
     // If the path is a directory, we create the tempPath (which adds a cleanup handler).
     //
     // If it is a file, we touch the file and add a cleanup handler for it.
     //
     if (isDirectory(pathInHost)) {
         pathIsDirectory = true;
         log_debug() << "Path on host (" << pathInHost << ") is directory, mounting as a directory";
 
         log_debug() << "Creating folder : " << tempPath;
         if (!createDirInstance->createDirectory(tempPath)) {
             log_error() << "Could not create folder " << tempPath;
             return false;
         }
     } else {
         // This goes for sockets, fifos etc as well.
         log_debug() << "Path on host (" << pathInHost << ") is not a directory, "
                     << "mounting assuming it behaves like a file";
 
         if (!pathInList(tempPath)) {
             if (!touch(tempPath)) {
                 log_error() << "Could not create file " << tempPath;
                 return false;
             }
         }
     }
 
     if (!bindMountCore(pathInHost, pathInContainer, tempPath, readOnly)) {
         // bindMountInContainer operation is not successful. Clean mounted tempPath.
         MountCleanUpHandler rollback{tempPath};
         rollback.clean();
         return false;
     }
 
     // bindMountInContainer succeed. Add cleanup for mounted tempPath
     m_createDirList.push_back(std::move(createDirInstance));
     if (!pathIsDirectory) {
         m_cleanupHandlers.emplace_back(new FileCleanUpHandler(tempPath));
     }
 
     m_cleanupHandlers.emplace_back(new MountCleanUpHandler(tempPath));
     return true;
 }

Here is the call graph for this function:

bool softwarecontainer::Container::destroy ( )

virtual

Calls shutdown, and then destroys the container.

Implements softwarecontainer::ContainerAbstractInterface.

Definition at line 530 of file container.cpp.

References shutdown().

Referenced by Container().

 {
     return destroy(m_shutdownTimeout);
 }

Here is the call graph for this function:

Here is the caller graph for this function:

bool softwarecontainer::Container::shutdown ( )

virtual

Calls shutdown on the lxc container.

Implements softwarecontainer::ContainerAbstractInterface.

Definition at line 497 of file container.cpp.

References stop().

Referenced by Container(), and destroy().

 {
     return shutdown(m_shutdownTimeout);
 }

Here is the call graph for this function:

Here is the caller graph for this function:

bool softwarecontainer::Container::stop ( )

virtual

Calls stop on the lxc container(force stop)

Implements softwarecontainer::ContainerAbstractInterface.

Definition at line 477 of file container.cpp.

Referenced by shutdown().

 {
     bool ret = true;
     if (m_state >= ContainerState::STARTED) {
         log_debug() << "Stopping the container";
         if (m_container->stop(m_container)) {
             log_debug() << "Container stopped, waiting for stop state";
             waitForState(LXCContainerState::STOPPED);
         } else {
             log_error() << "Unable to stop container";
             ret = false;
         }
     } else {
         log_error() << "Can't stop container that has not been started";
         ret = false;
     }
 
     return ret;
 }

Here is the caller graph for this function:

bool softwarecontainer::Container::initialize ( )

virtual

Setup the container for startup.

Setup the container so directories are available for later use when setApplication is called.

Returns: true or false

Implements softwarecontainer::ContainerAbstractInterface.

Definition at line 109 of file container.cpp.

References softwarecontainer::FileToolkitWithUndo::createSharedMountPoint(), and softwarecontainer::FileToolkitWithUndo::m_createDirList.

 {
     if (m_state < ContainerState::PREPARED) {
         std::string gatewayDir = gatewaysDir();
         std::unique_ptr<CreateDir> createDirInstance = std::unique_ptr<CreateDir>(new CreateDir());
         if (!createDirInstance->createDirectory(gatewayDir)) {
             log_error() << "Could not create gateway directory "
                         << gatewayDir << ": " << strerror(errno);
             return false;
         }
 
         if (!createSharedMountPoint(gatewayDir)) {
             log_error() << "Could not create shared mount point for dir: " << gatewayDir;
             return false;
         }
         m_createDirList.push_back(std::move(createDirInstance));
         m_state = ContainerState::PREPARED;
     }
     return true;
 }

Here is the call graph for this function:

The documentation for this class was generated from the following files:

libsoftwarecontainer/src/container.h
libsoftwarecontainer/src/container.cpp

Public Types

Public Member Functions

Private Member Functions

Private Attributes

Detailed Description

Constructor & Destructor Documentation

Member Function Documentation