2016-02-05 00:03:17 +00:00
|
|
|
package executor
|
2016-02-04 00:03:43 +00:00
|
|
|
|
|
|
|
import (
|
|
|
|
"fmt"
|
2016-02-05 07:54:15 +00:00
|
|
|
"io"
|
2016-02-04 00:03:43 +00:00
|
|
|
"log"
|
|
|
|
"os"
|
|
|
|
"os/exec"
|
|
|
|
"path/filepath"
|
|
|
|
"runtime"
|
2016-02-05 18:49:54 +00:00
|
|
|
"strings"
|
2016-02-04 00:03:43 +00:00
|
|
|
"sync"
|
|
|
|
"syscall"
|
|
|
|
"time"
|
|
|
|
|
2016-02-05 18:49:54 +00:00
|
|
|
"github.com/hashicorp/go-multierror"
|
2016-02-04 00:03:43 +00:00
|
|
|
cgroupConfig "github.com/opencontainers/runc/libcontainer/configs"
|
|
|
|
|
|
|
|
"github.com/hashicorp/nomad/client/allocdir"
|
|
|
|
"github.com/hashicorp/nomad/client/driver/env"
|
2016-02-05 07:54:15 +00:00
|
|
|
"github.com/hashicorp/nomad/client/driver/logrotator"
|
2016-02-04 00:03:43 +00:00
|
|
|
"github.com/hashicorp/nomad/nomad/structs"
|
|
|
|
)
|
|
|
|
|
2016-02-05 18:49:54 +00:00
|
|
|
// ExecutorContext holds context to configure the command user
|
|
|
|
// wants to run and isolate it
|
2016-02-04 00:03:43 +00:00
|
|
|
type ExecutorContext struct {
|
2016-02-06 01:07:02 +00:00
|
|
|
// TaskEnv holds information about the environment of a Task
|
|
|
|
TaskEnv *env.TaskEnvironment
|
|
|
|
|
|
|
|
// AllocDir is the handle to do operations on the alloc dir of
|
|
|
|
// the task
|
|
|
|
AllocDir *allocdir.AllocDir
|
|
|
|
|
|
|
|
// TaskName is the name of the Task
|
|
|
|
TaskName string
|
|
|
|
|
|
|
|
// TaskResources are the resource constraints for the Task
|
|
|
|
TaskResources *structs.Resources
|
|
|
|
|
|
|
|
// FSIsolation is a flag for drivers to impose file system
|
|
|
|
// isolation on certain platforms
|
|
|
|
FSIsolation bool
|
|
|
|
|
|
|
|
// ResourceLimits is a flag for drivers to impose resource
|
|
|
|
// contraints on a Task on certain platforms
|
|
|
|
ResourceLimits bool
|
|
|
|
|
|
|
|
// UnprivilegedUser is a flag for drivers to make the process
|
|
|
|
// run as nobody
|
2016-02-04 00:09:17 +00:00
|
|
|
UnprivilegedUser bool
|
2016-02-08 18:24:27 +00:00
|
|
|
|
|
|
|
// LogConfig provides the configuration related to log rotation
|
|
|
|
LogConfig *structs.LogConfig
|
2016-02-04 00:03:43 +00:00
|
|
|
}
|
|
|
|
|
2016-02-05 18:49:54 +00:00
|
|
|
// ExecCommand holds the user command and args. It's a lightweight replacement
|
|
|
|
// of exec.Cmd for serialization purposes.
|
2016-02-04 00:03:43 +00:00
|
|
|
type ExecCommand struct {
|
|
|
|
Cmd string
|
|
|
|
Args []string
|
|
|
|
}
|
|
|
|
|
2016-02-08 21:48:26 +00:00
|
|
|
// IsolationConfig has information about the isolation mechanism the executor
|
|
|
|
// uses to put resource constraints and isolation on the user process
|
|
|
|
type IsolationConfig struct {
|
|
|
|
Cgroup *cgroupConfig.Cgroup
|
|
|
|
}
|
|
|
|
|
2016-02-05 18:49:54 +00:00
|
|
|
// ProcessState holds information about the state of a user process.
|
2016-02-04 00:03:43 +00:00
|
|
|
type ProcessState struct {
|
2016-02-08 18:05:39 +00:00
|
|
|
Pid int
|
|
|
|
ExitCode int
|
|
|
|
Signal int
|
2016-02-08 21:48:26 +00:00
|
|
|
IsolationConfig *IsolationConfig
|
2016-02-08 18:05:39 +00:00
|
|
|
Time time.Time
|
2016-02-04 00:03:43 +00:00
|
|
|
}
|
|
|
|
|
2016-02-05 00:18:10 +00:00
|
|
|
// Executor is the interface which allows a driver to launch and supervise
|
2016-02-05 18:49:54 +00:00
|
|
|
// a process
|
2016-02-04 00:03:43 +00:00
|
|
|
type Executor interface {
|
|
|
|
LaunchCmd(command *ExecCommand, ctx *ExecutorContext) (*ProcessState, error)
|
|
|
|
Wait() (*ProcessState, error)
|
|
|
|
ShutDown() error
|
|
|
|
Exit() error
|
2016-02-08 18:10:01 +00:00
|
|
|
UpdateLogConfig(logConfig *structs.LogConfig) error
|
2016-02-04 00:03:43 +00:00
|
|
|
}
|
|
|
|
|
2016-02-05 00:18:10 +00:00
|
|
|
// UniversalExecutor is an implementation of the Executor which launches and
|
|
|
|
// supervises processes. In addition to process supervision it provides resource
|
|
|
|
// and file system isolation
|
2016-02-04 00:03:43 +00:00
|
|
|
type UniversalExecutor struct {
|
|
|
|
cmd exec.Cmd
|
|
|
|
ctx *ExecutorContext
|
|
|
|
|
2016-02-04 00:26:10 +00:00
|
|
|
taskDir string
|
|
|
|
groups *cgroupConfig.Cgroup
|
|
|
|
exitState *ProcessState
|
|
|
|
processExited chan interface{}
|
2016-02-08 18:10:01 +00:00
|
|
|
lre *logrotator.LogRotator
|
|
|
|
lro *logrotator.LogRotator
|
2016-02-04 00:03:43 +00:00
|
|
|
|
|
|
|
logger *log.Logger
|
|
|
|
lock sync.Mutex
|
|
|
|
}
|
|
|
|
|
2016-02-05 00:18:10 +00:00
|
|
|
// NewExecutor returns an Executor
|
2016-02-04 00:03:43 +00:00
|
|
|
func NewExecutor(logger *log.Logger) Executor {
|
2016-02-04 00:26:10 +00:00
|
|
|
return &UniversalExecutor{logger: logger, processExited: make(chan interface{})}
|
2016-02-04 00:03:43 +00:00
|
|
|
}
|
|
|
|
|
2016-02-05 00:18:10 +00:00
|
|
|
// LaunchCmd launches a process and returns it's state. It also configures an
|
|
|
|
// applies isolation on certain platforms.
|
2016-02-04 00:03:43 +00:00
|
|
|
func (e *UniversalExecutor) LaunchCmd(command *ExecCommand, ctx *ExecutorContext) (*ProcessState, error) {
|
2016-02-05 18:49:54 +00:00
|
|
|
e.logger.Printf("[DEBUG] executor: launching command %v %v", command.Cmd, strings.Join(command.Args, ""))
|
2016-02-05 01:36:31 +00:00
|
|
|
|
2016-02-04 00:03:43 +00:00
|
|
|
e.ctx = ctx
|
2016-02-04 19:51:43 +00:00
|
|
|
|
2016-02-05 08:11:09 +00:00
|
|
|
// configuring the task dir
|
2016-02-04 00:03:43 +00:00
|
|
|
if err := e.configureTaskDir(); err != nil {
|
|
|
|
return nil, err
|
|
|
|
}
|
2016-02-05 08:11:09 +00:00
|
|
|
|
2016-02-06 01:40:06 +00:00
|
|
|
// configuring the chroot, cgroup and enters the plugin process in the
|
|
|
|
// chroot
|
2016-02-04 00:03:43 +00:00
|
|
|
if err := e.configureIsolation(); err != nil {
|
|
|
|
return nil, err
|
|
|
|
}
|
|
|
|
|
2016-02-05 08:11:09 +00:00
|
|
|
// setting the user of the process
|
2016-02-04 00:09:17 +00:00
|
|
|
if e.ctx.UnprivilegedUser {
|
|
|
|
if err := e.runAs("nobody"); err != nil {
|
|
|
|
return nil, err
|
|
|
|
}
|
2016-02-04 00:03:43 +00:00
|
|
|
}
|
|
|
|
|
2016-02-05 07:54:15 +00:00
|
|
|
logFileSize := int64(ctx.LogConfig.MaxFileSizeMB * 1024 * 1024)
|
|
|
|
|
|
|
|
stdor, stdow := io.Pipe()
|
2016-02-08 18:24:27 +00:00
|
|
|
lro, err := logrotator.NewLogRotator(filepath.Join(e.taskDir, allocdir.TaskLocal),
|
|
|
|
fmt.Sprintf("%v.stdout", ctx.TaskName), ctx.LogConfig.MaxFiles,
|
|
|
|
logFileSize, e.logger)
|
2016-02-04 00:03:43 +00:00
|
|
|
if err != nil {
|
2016-02-05 07:54:15 +00:00
|
|
|
return nil, fmt.Errorf("error creating log rotator for stdout of task %v", err)
|
2016-02-04 00:03:43 +00:00
|
|
|
}
|
2016-02-05 07:54:15 +00:00
|
|
|
e.cmd.Stdout = stdow
|
2016-02-08 18:10:01 +00:00
|
|
|
e.lro = lro
|
2016-02-05 07:54:15 +00:00
|
|
|
go lro.Start(stdor)
|
2016-02-04 00:03:43 +00:00
|
|
|
|
2016-02-05 07:54:15 +00:00
|
|
|
stder, stdew := io.Pipe()
|
2016-02-08 18:24:27 +00:00
|
|
|
lre, err := logrotator.NewLogRotator(filepath.Join(e.taskDir, allocdir.TaskLocal),
|
|
|
|
fmt.Sprintf("%v.stderr", ctx.TaskName), ctx.LogConfig.MaxFiles,
|
|
|
|
logFileSize, e.logger)
|
2016-02-04 00:03:43 +00:00
|
|
|
if err != nil {
|
2016-02-05 07:54:15 +00:00
|
|
|
return nil, fmt.Errorf("error creating log rotator for stderr of task %v", err)
|
2016-02-04 00:03:43 +00:00
|
|
|
}
|
2016-02-05 07:54:15 +00:00
|
|
|
e.cmd.Stderr = stdew
|
2016-02-08 18:10:01 +00:00
|
|
|
e.lre = lre
|
2016-02-05 07:54:15 +00:00
|
|
|
go lre.Start(stder)
|
2016-02-04 00:03:43 +00:00
|
|
|
|
2016-02-05 08:11:09 +00:00
|
|
|
// setting the env, path and args for the command
|
2016-02-05 18:49:54 +00:00
|
|
|
e.ctx.TaskEnv.Build()
|
2016-02-04 00:03:43 +00:00
|
|
|
e.cmd.Env = ctx.TaskEnv.EnvList()
|
2016-02-04 19:51:43 +00:00
|
|
|
e.cmd.Path = ctx.TaskEnv.ReplaceEnv(command.Cmd)
|
2016-02-04 20:21:06 +00:00
|
|
|
e.cmd.Args = append([]string{e.cmd.Path}, ctx.TaskEnv.ParseAndReplace(command.Args)...)
|
2016-02-04 19:51:43 +00:00
|
|
|
if filepath.Base(command.Cmd) == command.Cmd {
|
|
|
|
if lp, err := exec.LookPath(command.Cmd); err != nil {
|
|
|
|
} else {
|
|
|
|
e.cmd.Path = lp
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2016-02-05 08:11:09 +00:00
|
|
|
// starting the process
|
2016-02-04 00:03:43 +00:00
|
|
|
if err := e.cmd.Start(); err != nil {
|
|
|
|
return nil, fmt.Errorf("error starting command: %v", err)
|
|
|
|
}
|
2016-02-04 00:26:10 +00:00
|
|
|
go e.wait()
|
2016-02-08 21:48:26 +00:00
|
|
|
ic := &IsolationConfig{Cgroup: e.groups}
|
|
|
|
return &ProcessState{Pid: e.cmd.Process.Pid, ExitCode: -1, IsolationConfig: ic, Time: time.Now()}, nil
|
2016-02-04 00:03:43 +00:00
|
|
|
}
|
|
|
|
|
2016-02-05 00:18:10 +00:00
|
|
|
// Wait waits until a process has exited and returns it's exitcode and errors
|
2016-02-04 00:03:43 +00:00
|
|
|
func (e *UniversalExecutor) Wait() (*ProcessState, error) {
|
2016-02-04 00:26:10 +00:00
|
|
|
<-e.processExited
|
|
|
|
return e.exitState, nil
|
|
|
|
}
|
|
|
|
|
2016-02-10 16:13:08 +00:00
|
|
|
// UpdateLogConfig updates the log configuration
|
2016-02-08 18:10:01 +00:00
|
|
|
func (e *UniversalExecutor) UpdateLogConfig(logConfig *structs.LogConfig) error {
|
|
|
|
e.ctx.LogConfig = logConfig
|
|
|
|
if e.lro == nil {
|
|
|
|
return fmt.Errorf("log rotator for stdout doesn't exist")
|
|
|
|
}
|
|
|
|
e.lro.MaxFiles = logConfig.MaxFiles
|
|
|
|
e.lro.FileSize = int64(logConfig.MaxFileSizeMB * 1024 * 1024)
|
|
|
|
|
|
|
|
if e.lre == nil {
|
|
|
|
return fmt.Errorf("log rotator for stderr doesn't exist")
|
|
|
|
}
|
|
|
|
e.lre.MaxFiles = logConfig.MaxFiles
|
|
|
|
e.lre.FileSize = int64(logConfig.MaxFileSizeMB * 1024 * 1024)
|
|
|
|
return nil
|
|
|
|
}
|
|
|
|
|
2016-02-04 00:26:10 +00:00
|
|
|
func (e *UniversalExecutor) wait() {
|
2016-02-04 18:21:33 +00:00
|
|
|
defer close(e.processExited)
|
2016-02-04 00:03:43 +00:00
|
|
|
err := e.cmd.Wait()
|
|
|
|
if err == nil {
|
2016-02-04 00:26:10 +00:00
|
|
|
e.exitState = &ProcessState{Pid: 0, ExitCode: 0, Time: time.Now()}
|
|
|
|
return
|
2016-02-04 00:03:43 +00:00
|
|
|
}
|
|
|
|
exitCode := 1
|
|
|
|
if exitErr, ok := err.(*exec.ExitError); ok {
|
|
|
|
if status, ok := exitErr.Sys().(syscall.WaitStatus); ok {
|
|
|
|
exitCode = status.ExitStatus()
|
|
|
|
}
|
|
|
|
}
|
2016-02-04 00:09:17 +00:00
|
|
|
if e.ctx.FSIsolation {
|
2016-02-04 00:03:43 +00:00
|
|
|
e.removeChrootMounts()
|
|
|
|
}
|
2016-02-04 00:09:17 +00:00
|
|
|
if e.ctx.ResourceLimits {
|
2016-02-09 00:08:29 +00:00
|
|
|
e.lock.Lock()
|
|
|
|
DestroyCgroup(e.groups)
|
|
|
|
e.lock.Unlock()
|
2016-02-04 00:03:43 +00:00
|
|
|
}
|
2016-02-04 00:26:10 +00:00
|
|
|
e.exitState = &ProcessState{Pid: 0, ExitCode: exitCode, Time: time.Now()}
|
2016-02-04 00:03:43 +00:00
|
|
|
}
|
|
|
|
|
2016-02-09 18:00:42 +00:00
|
|
|
var (
|
|
|
|
// finishedErr is the error message received when trying to kill and already
|
|
|
|
// exited process.
|
|
|
|
finishedErr = "os: process already finished"
|
|
|
|
)
|
|
|
|
|
2016-02-05 00:18:10 +00:00
|
|
|
// Exit cleans up the alloc directory, destroys cgroups and kills the user
|
|
|
|
// process
|
2016-02-04 00:03:43 +00:00
|
|
|
func (e *UniversalExecutor) Exit() error {
|
2016-02-05 18:49:54 +00:00
|
|
|
var merr multierror.Error
|
|
|
|
if e.cmd.Process != nil {
|
|
|
|
proc, err := os.FindProcess(e.cmd.Process.Pid)
|
|
|
|
if err != nil {
|
2016-02-08 19:56:48 +00:00
|
|
|
e.logger.Printf("[ERROR] executor: can't find process with pid: %v, err: %v",
|
|
|
|
e.cmd.Process.Pid, err)
|
2016-02-09 18:00:42 +00:00
|
|
|
} else if err := proc.Kill(); err != nil && err.Error() != finishedErr {
|
2016-02-08 19:56:48 +00:00
|
|
|
merr.Errors = append(merr.Errors,
|
|
|
|
fmt.Errorf("can't kill process with pid: %v, err: %v", e.cmd.Process.Pid, err))
|
2016-02-05 18:49:54 +00:00
|
|
|
}
|
2016-02-04 00:03:43 +00:00
|
|
|
}
|
2016-02-05 18:49:54 +00:00
|
|
|
|
2016-02-04 00:09:17 +00:00
|
|
|
if e.ctx.FSIsolation {
|
2016-02-05 18:49:54 +00:00
|
|
|
if err := e.removeChrootMounts(); err != nil {
|
|
|
|
merr.Errors = append(merr.Errors, err)
|
|
|
|
}
|
2016-02-04 00:03:43 +00:00
|
|
|
}
|
2016-02-04 00:09:17 +00:00
|
|
|
if e.ctx.ResourceLimits {
|
2016-02-09 00:08:29 +00:00
|
|
|
e.lock.Lock()
|
|
|
|
if err := DestroyCgroup(e.groups); err != nil {
|
2016-02-05 18:49:54 +00:00
|
|
|
merr.Errors = append(merr.Errors, err)
|
|
|
|
}
|
2016-02-09 00:08:29 +00:00
|
|
|
e.lock.Unlock()
|
2016-02-04 20:40:48 +00:00
|
|
|
}
|
2016-02-05 18:49:54 +00:00
|
|
|
return merr.ErrorOrNil()
|
2016-02-04 00:03:43 +00:00
|
|
|
}
|
|
|
|
|
2016-02-05 00:18:10 +00:00
|
|
|
// Shutdown sends an interrupt signal to the user process
|
2016-02-04 00:03:43 +00:00
|
|
|
func (e *UniversalExecutor) ShutDown() error {
|
2016-02-04 21:22:38 +00:00
|
|
|
if e.cmd.Process == nil {
|
|
|
|
return fmt.Errorf("executor.shutdown error: no process found")
|
|
|
|
}
|
2016-02-04 00:03:43 +00:00
|
|
|
proc, err := os.FindProcess(e.cmd.Process.Pid)
|
|
|
|
if err != nil {
|
2016-02-04 20:40:48 +00:00
|
|
|
return fmt.Errorf("executor.shutdown error: %v", err)
|
2016-02-04 00:03:43 +00:00
|
|
|
}
|
|
|
|
if runtime.GOOS == "windows" {
|
|
|
|
return proc.Kill()
|
|
|
|
}
|
2016-02-04 20:40:48 +00:00
|
|
|
if err = proc.Signal(os.Interrupt); err != nil {
|
|
|
|
return fmt.Errorf("executor.shutdown error: %v", err)
|
|
|
|
}
|
|
|
|
return nil
|
2016-02-04 00:03:43 +00:00
|
|
|
}
|
|
|
|
|
2016-02-08 19:56:48 +00:00
|
|
|
// configureTaskDir sets the task dir in the executor
|
2016-02-04 00:03:43 +00:00
|
|
|
func (e *UniversalExecutor) configureTaskDir() error {
|
2016-02-04 18:09:52 +00:00
|
|
|
taskDir, ok := e.ctx.AllocDir.TaskDirs[e.ctx.TaskName]
|
2016-02-04 00:03:43 +00:00
|
|
|
e.taskDir = taskDir
|
|
|
|
if !ok {
|
2016-02-08 19:56:48 +00:00
|
|
|
return fmt.Errorf("couldn't find task directory for task %v", e.ctx.TaskName)
|
2016-02-04 00:03:43 +00:00
|
|
|
}
|
|
|
|
e.cmd.Dir = taskDir
|
|
|
|
return nil
|
|
|
|
}
|