Debian: containerd package customization with k8s-container-cleanup

This provides the Debian containerd package changes to include
k8s-container-cleanup script.

Test Plan: Debian:
PASS: Build containerd package
PASS: Build image
PASS: Install ISO for AIO-SX
PASS: Reboot host, verify we get daemon.log:
      k8s-container-cleanup(283049): info : Stopping all containers.

Closes-Bug: 1964111

Signed-off-by: Jim Gauld <james.gauld@windriver.com>
Change-Id: I56170b98cf32c2e7e51b1c35779305a90cdc6db8

kubernetes/containerd/debian/deb_folder/containerd.install

@@ -2,3 +2,5 @@ usr/bin
 debian/config.toml /etc/containerd/
 debian/bash-completion/ctr /usr/share/bash-completion/completions/
 debian/zsh-completion/_ctr /usr/share/zsh/vendor-completions/
+usr/local/sbin
+k8s-container-cleanup.sh usr/local/sbin/

kubernetes/containerd/debian/deb_folder/containerd.links

@@ -1 +1,4 @@
 /usr/bin/containerd /usr/local/bin/containerd
+
+# file renaming can be done with dh-exec, this is a simpler workaround
+/usr/local/sbin/k8s-container-cleanup.sh /usr/local/sbin/k8s-container-cleanup

kubernetes/containerd/debian/deb_folder/rules

@@ -1,5 +1,16 @@
 #!/usr/bin/make -f
 
+#
+# Copyright (c) 2022 Wind River Systems, Inc.
+#
+# SPDX-License-Identifier: Apache-2.0
+#
+
+# This file based from upstream containerd_1.4.12/debian/rules,
+# modified to install k8s-container-cleanup.sh to /usr/local/sbin.
+
+DEBIAN_BUILDDIR := $(CURDIR)/debian/tmp
+
 include /usr/share/dpkg/default.mk
 
 PKG        := github.com/containerd/containerd
@@ -17,6 +28,11 @@ export DH_GOLANG_EXCLUDES    := $(EXCLUDES)
 %:
 	dh $@ --buildsystem=golang --with=golang --builddirectory=_build
 
+# want dh_userlocal to do nothing since proper debian packages have
+# only empty directories under /usr/local.
+override_dh_usrlocal:
+	# Do Nothing
+
 override_dh_auto_build:
 	dh_auto_build -- -tags '$(TAGS)' -ldflags '$(GO_LDFLAGS)'
 
@@ -41,3 +57,5 @@ override_dh_auto_test:
 
 override_dh_auto_install:
 	DH_GOLANG_EXCLUDES="$(EXCLUDES) $(CRI_FILE)" dh_auto_install
+	install -d $(DEBIAN_BUILDDIR)/usr/local/sbin/
+	install -m 755 -p -D k8s-container-cleanup.sh $(DEBIAN_BUILDDIR)/usr/local/sbin/

kubernetes/containerd/debian/files/k8s-container-cleanup.sh

@@ -0,0 +1,53 @@
+#!/bin/bash
+# Copyright (c) 2022 Wind River Systems, Inc.
+#
+# SPDX-License-Identifier: Apache-2.0
+#
+# The script will run during containerd.service ExecStop.
+# This script detects whether systemd state is 'stopping' due to
+# shutdown/reboot, then will stop all running containers before the
+# service shuts down.
+#
+# All running containers are stopped one container at a time.
+# The internal implementation of 'crictl stop --timeout <n>'
+# sends a SIGTERM to the container, and will use SIGKILL only
+# if the timeout is reached.
+#
+
+NAME=$(basename "${0}")
+
+# Log info message to /var/log/daemon.log
+function LOG {
+    logger -p daemon.info -t "${NAME}($$): " "${@}"
+}
+
+# Log error message to /var/log/daemon.log
+function ERROR {
+    logger -p daemon.error -t "${NAME}($$): " "${@}"
+}
+
+state=$(timeout 10 systemctl is-system-running)
+RC=$?
+LOG "System state is: ${state}, RC = ${RC}."
+case ${RC} in
+    124)
+        # systemctl hung.
+        ERROR "systemctl timed out. System state unknown."
+        ;;
+
+    [01])
+        # 0 - running; 1 - initializing, starting, degraded, maintenance, stopping
+        if [ "${state}" = "stopping" ]; then
+            LOG "Stopping all containers."
+            # Use crictl to gracefully stop each container. If specified timeout is
+            # reached, it forcibly kills the container. There is no need to check
+            # return code since there is nothing more we can do, and crictl already
+            # logs to daemon.log.
+            crictl ps -q | xargs -r -I {} crictl stop --timeout 5 {}
+            LOG "Stopping all containers completed."
+            exit 0
+        fi
+        ;;
+esac
+
+exit 0