worker: add Destroy functionality

[cirocosta]

Why do we need this PR?

As part of #4783, this PR adds the
functionality required to get garden's Destroy working with containerd.

Changes proposed in this pull request

• backend's Destroy high-level implementation
• Destroy integration
• backend's Lookup high-level implementation
• Lookup integration
• Stop task within running container before container.Delete
• add Dockerfile to help integration tests run on OSX split out to separate story Create a dev Dockerfile to support running integration tests on any OS #4850

Contributor Checklist

• Unit tests
• Integration tests (if applicable)
• Updated documentation (located at https://github.com/concourse/docs)
• Updated release notes (located at https://github.com/concourse/concourse/tree/master/release-notes)

Reviewer Checklist

• Code reviewed
• Tests reviewed
• PR acceptance performed
• Documentation reviewed
• Release notes reviewed
• New config flags added?

[deniseyu]

End of Tuesday notes:

• We learned that in order to destroy a container with a Task inside it, we first have to shut down the Task. This is something that Guardian did for us behind the scenes, but with containerd we will have to do it ourselves. To minimize surprise, it would be good to bring across the same behaviours (e.g. which termination signal is used, how long are the timeouts, etc). Here is an example of how a container must be gracefully shut down using containerd's API: https://containerd.io/docs/getting-started/

• The task shutdown API calls are asynchronous, because containerd daemon can take any length of time to actually remove the container. To handle this we'll need to Wait on an exit code or some other signal.

• There is a Container.Stop method in the Garden API which we will eventually want to connect up to the task shutdown logic that we're currently implementing inside the Destroy. We'll also want to refactor that out into its own method.

• For tomorrow: let's experiment and see if we can bring up a Container without any task defined. Containerd blocks deletion when there's a running task, but what if there's no task at all?? Update for academic curiosity we did this, and found that it is indeed possible to create a container with no task running, which is also subsequently deletable without having to do any task operations

[deniseyu]

Here's a useful script to destroy all containers across all containerd namespaces:

https://gist.github.com/deniseyu/55c573026a83e3e1b0011201bcf7b3fc

💥

[deniseyu]

End of Thursday notes (we should probably rename our branch 😭)

• We forgot that before deleting a container, we have to call Task.Delete. I've added that to the case <- ctx.Done() branch of the Task.Kill logic.

• That broke integration tests, which should now be fixed (NOTE: you have to un-comment out the Task.Delete in case <- exitStatus -- the real integration tests run fast and don't hit the timeout. It's just commented out now to remind Next Week Denise to add unit tests). We are very close to having the lifecycle of a container implemented!

• I made a failed attempt to unit-test channels. HALP ciro

Still need to do:

• Properly test the non-timeout branch of Task.Kill. The rest of the unit tests currently pass, but only because the context timeout is being triggered after I hacked some faked methods to return a channel that will never return -- this isn't the normal path and should probably not be the default behavior for "happy path" tests.

• Think about parameterizing the context cancellation deadline. It's a pain to test a 10s timeout (unless anyone knows a Go equivalent for timecop?)
  Ciro mentioned that perhaps the namespace can hold onto it - still needs some investigation.

• We may want to dig deeper into exit codes, and what non-zero exit codes might imply. But maybe we don't care and just trust that things are dandy if no error is returned from containerd.

• Consider abstracting the Task.Wait + Task.Kill + Task.delete logic into a named method that can become our implementation of Garden's Container.Stop interface. Open to debate on what philosophically constitutes a Container.Stop in the containerd world though

[deniseyu]

Going to split out Lookup into a different task, because writing that integration test would be a good opportunity to build out Handle(). We also set up a Dockerfile for running containerd integration tests which will be a separate PR.

[deniseyu]

End of Thursday notes:

@pivotal-bin-ju and I finished building out the local integration test tooling and we're able to run and develop the tests in Docker now, woo. We thought about adding a test for Lookup, but decided that since Destroy implicitly calls Lookup, for now there's not much value in adding an integration test for it - this may change if we want to do more interesting things as part of Lookup.

Next week we'll work on filling out the rest of the Garden client and container and process interfaces! Maybe once we get the process stuff working (can refer to Alex's spike branch) we'll be able to see a basic task running in the UI.

[kcmannem]

idk what containerd does to lookup containers but I feel like we should include a timeout for this context as well.

[deniseyu]

yea, that's true - we can add this in the next PR where the client timeout is configurable, we'll just decorate every context at the start of each method with the timeout.

[deniseyu]

added it as a to-do item here: #4783 (comment)

[xtreme-sameer-vohra]

Task runs don't have timeouts, but pretty much every other operation does :)

[xtreme-sameer-vohra]

This ctx has already expired. So task.Kill may or may not be a noop. Does it make more sense to have another ctx?

[xtreme-sameer-vohra]

There is an edge case where the task ran to completion prior to being killed and that result gets swallowed currently.

[xtreme-sameer-vohra]

Does it make sense for this to be a context.TODO as we intend it to be replaced ?

[deniseyu]

yes

[pivotal-bin-ju]

what about to refactor the logic as below (move killTasks into else branch, to have less return route path):

	task, err := container.Task(ctxWithTimeout, nil)
	
	if err != nil { //error occurs
		if !errdefs.IsNotFound(err) { //a real error but the task can not be found
			return ClientError { InnerError: err }
		}
                // do nothing if we could not find the task
	} else {
               // kill the task
		err = killTasks(ctxWithTimeout, task)
		if err != nil {
			return ClientError{ InnerError: err }
		}
	}
        // no matter the task exists or is killed, the container should be destroyed anyway. 
	err = b.client.Destroy(ctxWithTimeout, handle)
	if err != nil {
		return ClientError{ InnerError: err }
	}

[pivotal-bin-ju]

would it be better if the handle check is at the first line of the function.?

[pivotal-bin-ju]

Maybe we should not ignore the exitCode. From the comment of the source code:

// ExitStatus encapsulates a process's exit status.
// It is used by `Wait()` to return either a process exit code or an error

It may not return the error immediately after we SIGTERM the task.

[pivotal-bin-ju]

We may need another wait after we SIGKILL. the task.Kill will return the status of GRPC call.

[xtreme-sameer-vohra]

non-existent-handle could be changed to some existing container

[deniseyu]

yes this test is bad right now -- related to the incomplete implementation of Lookup. Will be sorted out later 😂

[xtreme-sameer-vohra]

TestDestroyWaitError -> TestDestroyTaskWaitError

[xtreme-sameer-vohra]

For correctness, assert that syscall.SIGKILL was passed to fakeTask.Kill

[xtreme-sameer-vohra]

nit: removes

[xtreme-sameer-vohra]

Added some inline comments

[deniseyu]

thanks @xtreme-sameer-vohra for the inline comments! We implemented your suggestions but we're going to fold them into the top of this branch: #4881 because in the last 2 days we restructured the backend and I'm a coward for merge conflicts 🏋️‍♀️

Implemented changes in branch at #4881

[xtreme-sameer-vohra]

Chatted with Denise and Bin, suggestions for this PR will be incorporated in https://github.com/concourse/concourse/pull/4881/files