From c1b1d85a9321cda634968931788d10f840c89615 Mon Sep 17 00:00:00 2001 From: Jim Gauld Date: Fri, 15 Apr 2022 02:28:55 +0000 Subject: [PATCH] Debian: containerd package customization with k8s-container-cleanup This provides the Debian containerd package changes to include k8s-container-cleanup script. Test Plan: Debian: PASS: Build containerd package PASS: Build image PASS: Install ISO for AIO-SX PASS: Reboot host, verify we get daemon.log: k8s-container-cleanup(283049): info : Stopping all containers. Closes-Bug: 1964111 Signed-off-by: Jim Gauld Change-Id: I56170b98cf32c2e7e51b1c35779305a90cdc6db8 --- .../debian/deb_folder/containerd.install | 2 + .../debian/deb_folder/containerd.links | 3 ++ kubernetes/containerd/debian/deb_folder/rules | 18 +++++++ .../debian/files/k8s-container-cleanup.sh | 53 +++++++++++++++++++ 4 files changed, 76 insertions(+) mode change 100644 => 100755 kubernetes/containerd/debian/deb_folder/containerd.install create mode 100755 kubernetes/containerd/debian/files/k8s-container-cleanup.sh diff --git a/kubernetes/containerd/debian/deb_folder/containerd.install b/kubernetes/containerd/debian/deb_folder/containerd.install old mode 100644 new mode 100755 index 01f39d5f3..b0f0ed4a8 --- a/kubernetes/containerd/debian/deb_folder/containerd.install +++ b/kubernetes/containerd/debian/deb_folder/containerd.install @@ -2,3 +2,5 @@ usr/bin debian/config.toml /etc/containerd/ debian/bash-completion/ctr /usr/share/bash-completion/completions/ debian/zsh-completion/_ctr /usr/share/zsh/vendor-completions/ +usr/local/sbin +k8s-container-cleanup.sh usr/local/sbin/ diff --git a/kubernetes/containerd/debian/deb_folder/containerd.links b/kubernetes/containerd/debian/deb_folder/containerd.links index dd9f3d020..0b85069a0 100644 --- a/kubernetes/containerd/debian/deb_folder/containerd.links +++ b/kubernetes/containerd/debian/deb_folder/containerd.links @@ -1 +1,4 @@ /usr/bin/containerd /usr/local/bin/containerd + +# file renaming can be done with dh-exec, this is a simpler workaround +/usr/local/sbin/k8s-container-cleanup.sh /usr/local/sbin/k8s-container-cleanup diff --git a/kubernetes/containerd/debian/deb_folder/rules b/kubernetes/containerd/debian/deb_folder/rules index e9c505750..bdd5d4b02 100755 --- a/kubernetes/containerd/debian/deb_folder/rules +++ b/kubernetes/containerd/debian/deb_folder/rules @@ -1,5 +1,16 @@ #!/usr/bin/make -f +# +# Copyright (c) 2022 Wind River Systems, Inc. +# +# SPDX-License-Identifier: Apache-2.0 +# + +# This file based from upstream containerd_1.4.12/debian/rules, +# modified to install k8s-container-cleanup.sh to /usr/local/sbin. + +DEBIAN_BUILDDIR := $(CURDIR)/debian/tmp + include /usr/share/dpkg/default.mk PKG := github.com/containerd/containerd @@ -17,6 +28,11 @@ export DH_GOLANG_EXCLUDES := $(EXCLUDES) %: dh $@ --buildsystem=golang --with=golang --builddirectory=_build +# want dh_userlocal to do nothing since proper debian packages have +# only empty directories under /usr/local. +override_dh_usrlocal: + # Do Nothing + override_dh_auto_build: dh_auto_build -- -tags '$(TAGS)' -ldflags '$(GO_LDFLAGS)' @@ -41,3 +57,5 @@ override_dh_auto_test: override_dh_auto_install: DH_GOLANG_EXCLUDES="$(EXCLUDES) $(CRI_FILE)" dh_auto_install + install -d $(DEBIAN_BUILDDIR)/usr/local/sbin/ + install -m 755 -p -D k8s-container-cleanup.sh $(DEBIAN_BUILDDIR)/usr/local/sbin/ diff --git a/kubernetes/containerd/debian/files/k8s-container-cleanup.sh b/kubernetes/containerd/debian/files/k8s-container-cleanup.sh new file mode 100755 index 000000000..5d9776770 --- /dev/null +++ b/kubernetes/containerd/debian/files/k8s-container-cleanup.sh @@ -0,0 +1,53 @@ +#!/bin/bash +# Copyright (c) 2022 Wind River Systems, Inc. +# +# SPDX-License-Identifier: Apache-2.0 +# +# The script will run during containerd.service ExecStop. +# This script detects whether systemd state is 'stopping' due to +# shutdown/reboot, then will stop all running containers before the +# service shuts down. +# +# All running containers are stopped one container at a time. +# The internal implementation of 'crictl stop --timeout ' +# sends a SIGTERM to the container, and will use SIGKILL only +# if the timeout is reached. +# + +NAME=$(basename "${0}") + +# Log info message to /var/log/daemon.log +function LOG { + logger -p daemon.info -t "${NAME}($$): " "${@}" +} + +# Log error message to /var/log/daemon.log +function ERROR { + logger -p daemon.error -t "${NAME}($$): " "${@}" +} + +state=$(timeout 10 systemctl is-system-running) +RC=$? +LOG "System state is: ${state}, RC = ${RC}." +case ${RC} in + 124) + # systemctl hung. + ERROR "systemctl timed out. System state unknown." + ;; + + [01]) + # 0 - running; 1 - initializing, starting, degraded, maintenance, stopping + if [ "${state}" = "stopping" ]; then + LOG "Stopping all containers." + # Use crictl to gracefully stop each container. If specified timeout is + # reached, it forcibly kills the container. There is no need to check + # return code since there is nothing more we can do, and crictl already + # logs to daemon.log. + crictl ps -q | xargs -r -I {} crictl stop --timeout 5 {} + LOG "Stopping all containers completed." + exit 0 + fi + ;; +esac + +exit 0