diff --git a/components/engine/daemon/daemon_unix.go b/components/engine/daemon/daemon_unix.go index 031cdc4a8bc..f190ce47ca1 100644 --- a/components/engine/daemon/daemon_unix.go +++ b/components/engine/daemon/daemon_unix.go @@ -68,17 +68,17 @@ func getMemoryResources(config containertypes.Resources) *specs.LinuxMemory { memory := specs.LinuxMemory{} if config.Memory > 0 { - limit := uint64(config.Memory) + limit := config.Memory memory.Limit = &limit } if config.MemoryReservation > 0 { - reservation := uint64(config.MemoryReservation) + reservation := config.MemoryReservation memory.Reservation = &reservation } if config.MemorySwap > 0 { - swap := uint64(config.MemorySwap) + swap := config.MemorySwap memory.Swap = &swap } @@ -88,7 +88,7 @@ func getMemoryResources(config containertypes.Resources) *specs.LinuxMemory { } if config.KernelMemory != 0 { - kernelMemory := uint64(config.KernelMemory) + kernelMemory := config.KernelMemory memory.Kernel = &kernelMemory } diff --git a/components/engine/hack/dockerfile/binaries-commits b/components/engine/hack/dockerfile/binaries-commits index 545aae26218..6d397ed0da7 100644 --- a/components/engine/hack/dockerfile/binaries-commits +++ b/components/engine/hack/dockerfile/binaries-commits @@ -3,8 +3,8 @@ TOMLV_COMMIT=9baf8a8a9f2ed20a8e54160840c492f937eeaf9a # When updating RUNC_COMMIT, also update runc in vendor.conf accordingly -RUNC_COMMIT=2d41c047c83e09a6d61d464906feb2a2f3c52aa4 -CONTAINERD_COMMIT=cfb82a876ecc11b5ca0977d1733adbe58599088a +RUNC_COMMIT=810190ceaa507aa2727d7ae6f4790c76ec150bd2 +CONTAINERD_COMMIT=6e23458c129b551d5c9871e5174f6b1b7f6d1170 TINI_COMMIT=949e6facb77383876aeff8a6944dde66b3089574 LIBNETWORK_COMMIT=7b2b1feb1de4817d522cc372af149ff48d25028e VNDR_COMMIT=c56e082291115e369f77601f9c071dd0b87c7120 diff --git a/components/engine/hack/dockerfile/install-binaries.sh b/components/engine/hack/dockerfile/install-binaries.sh index 2bfe06d8295..c1881a205e6 100755 --- a/components/engine/hack/dockerfile/install-binaries.sh +++ b/components/engine/hack/dockerfile/install-binaries.sh @@ -29,7 +29,7 @@ install_runc() { install_containerd() { echo "Install containerd version $CONTAINERD_COMMIT" - git clone https://github.com/containerd/containerd.git "$GOPATH/src/github.com/containerd/containerd" + git clone https://github.com/docker/containerd.git "$GOPATH/src/github.com/containerd/containerd" cd "$GOPATH/src/github.com/containerd/containerd" git checkout -q "$CONTAINERD_COMMIT" make $1 diff --git a/components/engine/vendor.conf b/components/engine/vendor.conf index f1b6a2ae3a8..a427fc8c78f 100644 --- a/components/engine/vendor.conf +++ b/components/engine/vendor.conf @@ -61,8 +61,8 @@ google.golang.org/grpc v1.0.4 github.com/miekg/pkcs11 df8ae6ca730422dba20c768ff38ef7d79077a59f # When updating, also update RUNC_COMMIT in hack/dockerfile/binaries-commits accordingly -github.com/opencontainers/runc 2d41c047c83e09a6d61d464906feb2a2f3c52aa4 https://github.com/docker/runc -github.com/opencontainers/runtime-spec v1.0.0-rc5 # specs +github.com/opencontainers/runc 810190ceaa507aa2727d7ae6f4790c76ec150bd2 https://github.com/docker/runc +github.com/opencontainers/runtime-spec a45ba0989fc26c695fe166a49c45bb8b7618ab36 https://github.com/docker/runtime-spec # specs github.com/opencontainers/image-spec f03dbe35d449c54915d235f1a3cf8f585a24babe github.com/seccomp/libseccomp-golang 32f571b70023028bd57d9288c20efbcb237f3ce0 @@ -103,7 +103,7 @@ google.golang.org/genproto b3e7c2fb04031add52c4817f53f43757ccbf9c18 github.com/docker/docker-credential-helpers v0.5.0 # containerd -github.com/containerd/containerd cfb82a876ecc11b5ca0977d1733adbe58599088a +github.com/containerd/containerd 6e23458c129b551d5c9871e5174f6b1b7f6d1170 https://github.com/docker/containerd github.com/tonistiigi/fifo 1405643975692217d6720f8b54aeee1bf2cd5cf4 # cluster diff --git a/components/engine/vendor/github.com/containerd/containerd/runtime/container_linux.go b/components/engine/vendor/github.com/containerd/containerd/runtime/container_linux.go index 9f3526a1048..5608b2190da 100644 --- a/components/engine/vendor/github.com/containerd/containerd/runtime/container_linux.go +++ b/components/engine/vendor/github.com/containerd/containerd/runtime/container_linux.go @@ -112,11 +112,11 @@ func i64Ptr(i int64) *int64 { return &i } func (c *container) UpdateResources(r *Resource) error { sr := ocs.LinuxResources{ Memory: &ocs.LinuxMemory{ - Limit: u64Ptr(uint64(r.Memory)), - Reservation: u64Ptr(uint64(r.MemoryReservation)), - Swap: u64Ptr(uint64(r.MemorySwap)), - Kernel: u64Ptr(uint64(r.KernelMemory)), - KernelTCP: u64Ptr(uint64(r.KernelTCPMemory)), + Limit: i64Ptr(r.Memory), + Reservation: i64Ptr(r.MemoryReservation), + Swap: i64Ptr(r.MemorySwap), + Kernel: i64Ptr(r.KernelMemory), + KernelTCP: i64Ptr(r.KernelTCPMemory), }, CPU: &ocs.LinuxCPU{ Shares: u64Ptr(uint64(r.CPUShares)), diff --git a/components/engine/vendor/github.com/containerd/containerd/runtime/process.go b/components/engine/vendor/github.com/containerd/containerd/runtime/process.go index 2df67d95a9b..f5dd3ee155e 100644 --- a/components/engine/vendor/github.com/containerd/containerd/runtime/process.go +++ b/components/engine/vendor/github.com/containerd/containerd/runtime/process.go @@ -262,10 +262,27 @@ func (p *process) handleSigkilledShim(rst uint32, rerr error) (uint32, error) { } if ppid == "1" { logrus.Warnf("containerd: %s:%s shim died, killing associated process", p.container.id, p.id) + // Before sending SIGKILL to container, we need to make sure + // the container is not in Paused state. If the container is + // Paused, the container will not response to any signal + // we should Resume it after sending SIGKILL + var ( + s State + err1 error + ) + if p.container != nil { + s, err1 = p.container.Status() + } + unix.Kill(p.pid, syscall.SIGKILL) if err != nil && err != syscall.ESRCH { return UnknownStatus, fmt.Errorf("containerd: unable to SIGKILL %s:%s (pid %v): %v", p.container.id, p.id, p.pid, err) } + if p.container != nil { + if err1 == nil && s == Paused { + p.container.Resume() + } + } // wait for the process to die for { @@ -289,6 +306,17 @@ func (p *process) handleSigkilledShim(rst uint32, rerr error) (uint32, error) { return rst, rerr } + // The shim was SIGKILLED + // We should get the container state first + // to make sure the container is not in + // Pause state, if it's Paused, we should resume it + // and it will exit immediately because shim will send sigkill to + // container when died. + s, err1 := p.container.Status() + if err1 == nil && s == Paused { + p.container.Resume() + } + // Ensure we got the shim ProcessState <-p.cmdDoneCh diff --git a/components/engine/vendor/github.com/opencontainers/runc/libcontainer/configs/cgroup_unix.go b/components/engine/vendor/github.com/opencontainers/runc/libcontainer/configs/cgroup_unix.go index 75722890a53..e6549606972 100644 --- a/components/engine/vendor/github.com/opencontainers/runc/libcontainer/configs/cgroup_unix.go +++ b/components/engine/vendor/github.com/opencontainers/runc/libcontainer/configs/cgroup_unix.go @@ -45,19 +45,19 @@ type Resources struct { Devices []*Device `json:"devices"` // Memory limit (in bytes) - Memory uint64 `json:"memory"` + Memory int64 `json:"memory"` // Memory reservation or soft_limit (in bytes) - MemoryReservation uint64 `json:"memory_reservation"` + MemoryReservation int64 `json:"memory_reservation"` // Total memory usage (memory + swap); set `-1` to enable unlimited swap - MemorySwap uint64 `json:"memory_swap"` + MemorySwap int64 `json:"memory_swap"` // Kernel memory limit (in bytes) - KernelMemory uint64 `json:"kernel_memory"` + KernelMemory int64 `json:"kernel_memory"` // Kernel memory limit for TCP use (in bytes) - KernelMemoryTCP uint64 `json:"kernel_memory_tcp"` + KernelMemoryTCP int64 `json:"kernel_memory_tcp"` // CPU shares (relative weight vs. other containers) CpuShares uint64 `json:"cpu_shares"` diff --git a/components/engine/vendor/github.com/opencontainers/runc/vendor.conf b/components/engine/vendor/github.com/opencontainers/runc/vendor.conf index 6ab9bf87a54..b961707434b 100644 --- a/components/engine/vendor/github.com/opencontainers/runc/vendor.conf +++ b/components/engine/vendor/github.com/opencontainers/runc/vendor.conf @@ -1,7 +1,7 @@ # OCI runtime-spec. When updating this, make sure you use a version tag rather # than a commit ID so it's much more obvious what version of the spec we are # using. -github.com/opencontainers/runtime-spec v1.0.0-rc5 +github.com/opencontainers/runtime-spec a45ba0989fc26c695fe166a49c45bb8b7618ab36 https://github.com/docker/runtime-spec # Core libcontainer functionality. github.com/mrunalp/fileutils ed869b029674c0e9ce4c0dfa781405c2d9946d08 github.com/opencontainers/selinux v1.0.0-rc1 diff --git a/components/engine/vendor/github.com/opencontainers/runtime-spec/specs-go/config.go b/components/engine/vendor/github.com/opencontainers/runtime-spec/specs-go/config.go index bd8e96a8a6f..6d2a02653e2 100644 --- a/components/engine/vendor/github.com/opencontainers/runtime-spec/specs-go/config.go +++ b/components/engine/vendor/github.com/opencontainers/runtime-spec/specs-go/config.go @@ -281,16 +281,16 @@ type LinuxBlockIO struct { // LinuxMemory for Linux cgroup 'memory' resource management type LinuxMemory struct { // Memory limit (in bytes). - Limit *uint64 `json:"limit,omitempty"` + Limit *int64 `json:"limit,omitempty"` // Memory reservation or soft_limit (in bytes). - Reservation *uint64 `json:"reservation,omitempty"` + Reservation *int64 `json:"reservation,omitempty"` // Total memory limit (memory + swap). - Swap *uint64 `json:"swap,omitempty"` + Swap *int64 `json:"swap,omitempty"` // Kernel memory limit (in bytes). - Kernel *uint64 `json:"kernel,omitempty"` + Kernel *int64 `json:"kernel,omitempty"` // Kernel memory limit for tcp (in bytes) - KernelTCP *uint64 `json:"kernelTCP,omitempty"` - // How aggressive the kernel will swap memory pages. Range from 0 to 100. + KernelTCP *int64 `json:"kernelTCP,omitempty"` + // How aggressive the kernel will swap memory pages. Swappiness *uint64 `json:"swappiness,omitempty"` }