diff --git a/project/rkl/src/cli_commands.rs b/project/rkl/src/cli_commands.rs index d21ff82d8..6e26d5461 100644 --- a/project/rkl/src/cli_commands.rs +++ b/project/rkl/src/cli_commands.rs @@ -1,11 +1,11 @@ -use crate::commands::{create, delete, kill, load_container, start, state}; +use crate::commands::{delete, load_container, start, state}; use crate::rootpath; -use crate::task::task::{self, TaskRunner}; +use crate::task::{self, TaskRunner}; use anyhow::{Result, anyhow}; -use liboci_cli::{Create, Delete, Kill, Start, State}; +use liboci_cli::{Delete, Start, State}; use std::fs::{self, File}; use std::io::{Read, Write}; -use std::path::{Path, PathBuf}; +use std::path::Path; // store infomation of pod #[derive(Debug)] @@ -17,7 +17,7 @@ pub struct PodInfo { impl PodInfo { pub fn load(root_path: &Path, pod_name: &str) -> Result { // get path like pods/podname - let pod_info_path = root_path.join("pods").join(format!("{}", pod_name)); + let pod_info_path = root_path.join("pods").join(pod_name); let mut file = File::open(&pod_info_path).map_err(|_| anyhow!("Pod {} not found", pod_name))?; let mut contents = String::new(); @@ -44,7 +44,7 @@ impl PodInfo { pub fn save(&self, root_path: &Path, pod_name: &str) -> Result<()> { let pods_dir = root_path.join("pods"); - let pod_info_path = pods_dir.join(format!("{}", pod_name)); + let pod_info_path = pods_dir.join(pod_name); if pods_dir.exists() { if !pods_dir.is_dir() { @@ -75,7 +75,7 @@ impl PodInfo { } pub fn delete(root_path: &Path, pod_name: &str) -> Result<()> { - let pod_info_path = root_path.join("pods").join(format!("{}", pod_name)); + let pod_info_path = root_path.join("pods").join(pod_name); fs::remove_file(&pod_info_path)?; Ok(()) } @@ -177,7 +177,7 @@ pub fn start_pod(pod_name: &str) -> Result<(), anyhow::Error> { pub fn delete_pod(pod_name: &str) -> Result<(), anyhow::Error> { let root_path = rootpath::determine(None)?; let pod_info = PodInfo::load(&root_path, pod_name)?; - let container = load_container(root_path.clone(), &pod_name) + let container = load_container(root_path.clone(), pod_name) .map_err(|e| anyhow!("Failed to load container {}: {}", pod_name, e))?; let pid_i32 = container .state @@ -241,7 +241,7 @@ pub fn state_pod(pod_name: &str) -> Result<(), anyhow::Error> { println!("Pod: {}", pod_name); println!("PodSandbox ID: {}", pod_info.pod_sandbox_id); - state::state( + let _ = state::state( State { container_id: pod_info.pod_sandbox_id.clone(), }, @@ -250,7 +250,7 @@ pub fn state_pod(pod_name: &str) -> Result<(), anyhow::Error> { println!("Containers:"); for container_name in &pod_info.container_names { - let container_state = state::state( + let _container_state = state::state( State { container_id: container_name.clone(), }, diff --git a/project/rkl/src/commands/create.rs b/project/rkl/src/commands/create.rs index df3cf9e53..40893740d 100644 --- a/project/rkl/src/commands/create.rs +++ b/project/rkl/src/commands/create.rs @@ -4,7 +4,6 @@ use std::path::PathBuf; use anyhow::Result; use libcontainer::container::builder::ContainerBuilder; use libcontainer::syscall::syscall::SyscallType; -use libcontainer::workload::{Executor, ExecutorError, ExecutorValidationError}; use liboci_cli::Create; // One thing to note is that in the end, container is just another process in Linux diff --git a/project/rkl/src/commands/mod.rs b/project/rkl/src/commands/mod.rs index 7edd709da..378b59555 100644 --- a/project/rkl/src/commands/mod.rs +++ b/project/rkl/src/commands/mod.rs @@ -2,7 +2,6 @@ use std::fs; use std::path::{Path, PathBuf}; use anyhow::{Context, Result, bail}; -use libcgroups::common::AnyCgroupManager; use libcontainer::container::Container; pub mod create; @@ -38,17 +37,3 @@ fn container_exists>(root_path: P, container_id: &str) -> Result< let container_root = construct_container_root(root_path, container_id)?; Ok(container_root.exists()) } - -fn create_cgroup_manager>( - root_path: P, - container_id: &str, -) -> Result { - let container = load_container(root_path, container_id)?; - Ok(libcgroups::common::create_cgroup_manager( - libcgroups::common::CgroupConfig { - cgroup_path: container.spec()?.cgroup_path, - systemd_cgroup: container.systemd(), - container_name: container.id().to_string(), - }, - )?) -} diff --git a/project/rkl/src/cri/cri.rs b/project/rkl/src/cri/cri_api.rs similarity index 99% rename from project/rkl/src/cri/cri.rs rename to project/rkl/src/cri/cri_api.rs index 7d1a9dd8b..a1218cf04 100644 --- a/project/rkl/src/cri/cri.rs +++ b/project/rkl/src/cri/cri_api.rs @@ -50,9 +50,9 @@ pub struct PortMapping { /// * Valid host port range is 1-65535. /// * The value 0 has explicit semantic meaning: it indicates NO host port should be allocated. /// * The value 0 does NOT indicate dynamic port allocation. Future implementations - /// of dynamic allocation will use different values/semantics. + /// of dynamic allocation will use different values/semantics. /// * Implementations MUST handle the case where this field is explicitly set to 0, - /// This field SHOULD be omitted when no port is required. + /// This field SHOULD be omitted when no port is required. /// /// Default: If omitted, container port will not be exposed on the host. #[prost(int32, tag = "3")] @@ -187,7 +187,7 @@ pub struct Int64Value { /// applied to a sandbox. Note that: /// 1) It does not apply to containers in the pods. /// 2) It may not be applicable to a PodSandbox which does not contain any running -/// process. +/// process. #[derive(Clone, PartialEq, ::prost::Message)] pub struct LinuxSandboxSecurityContext { /// Configurations for the sandbox's namespaces. @@ -234,8 +234,8 @@ pub struct LinuxSandboxSecurityContext { /// * runtime/default: the default profile for the container runtime /// * unconfined: unconfined profile, ie, no seccomp sandboxing /// * localhost/: the profile installed on the node. - /// is the full path of the profile. - /// Default: "", which is identical with unconfined. + /// is the full path of the profile. + /// Default: "", which is identical with unconfined. #[deprecated] #[prost(string, tag = "7")] pub seccomp_profile_path: ::prost::alloc::string::String, @@ -980,8 +980,8 @@ pub struct LinuxContainerSecurityContext { /// * runtime/default: equivalent to not specifying a profile. /// * unconfined: no profiles are loaded /// * localhost/: profile loaded on the node - /// (localhost) by name. The possible profile names are detailed at - /// + /// (localhost) by name. The possible profile names are detailed at + /// #[deprecated] #[prost(string, tag = "9")] pub apparmor_profile: ::prost::alloc::string::String, @@ -989,8 +989,8 @@ pub struct LinuxContainerSecurityContext { /// * runtime/default: the default profile for the container runtime /// * unconfined: unconfined profile, ie, no seccomp sandboxing /// * localhost/: the profile installed on the node. - /// is the full path of the profile. - /// Default: "", which is identical with unconfined. + /// is the full path of the profile. + /// Default: "", which is identical with unconfined. #[deprecated] #[prost(string, tag = "10")] pub seccomp_profile_path: ::prost::alloc::string::String, @@ -1758,16 +1758,16 @@ pub struct UpdateRuntimeConfigResponse {} /// RuntimeCondition contains condition information for the runtime. /// There are 2 kinds of runtime conditions: /// 1. Required conditions: Conditions are required for kubelet to work -/// properly. If any required condition is unmet, the node will be not ready. -/// The required conditions include: +/// properly. If any required condition is unmet, the node will be not ready. +/// The required conditions include: /// * RuntimeReady: RuntimeReady means the runtime is up and ready to accept -/// basic containers e.g. container only needs host network. +/// basic containers e.g. container only needs host network. /// * NetworkReady: NetworkReady means the runtime network is up and ready to -/// accept containers which require container network. +/// accept containers which require container network. /// 2. Optional conditions: Conditions are informative to the user, but kubelet -/// will not rely on. Since condition type is an arbitrary string, all conditions -/// not required are optional. These conditions will be exposed to users to help -/// them understand the status of the system. +/// will not rely on. Since condition type is an arbitrary string, all conditions +/// not required are optional. These conditions will be exposed to users to help +/// them understand the status of the system. #[derive(Clone, PartialEq, ::prost::Message)] pub struct RuntimeCondition { /// Type of runtime condition. @@ -2314,6 +2314,7 @@ impl Protocol { } #[derive(Clone, Copy, Debug, PartialEq, Eq, Hash, PartialOrd, Ord, ::prost::Enumeration)] #[repr(i32)] +#[allow(clippy::enum_variant_names)] pub enum MountPropagation { /// No mount propagation ("rprivate" in Linux terminology). PropagationPrivate = 0, @@ -2676,6 +2677,7 @@ impl Signal { } #[derive(Clone, Copy, Debug, PartialEq, Eq, Hash, PartialOrd, Ord, ::prost::Enumeration)] #[repr(i32)] +#[allow(clippy::enum_variant_names)] pub enum ContainerState { ContainerCreated = 0, ContainerRunning = 1, @@ -2708,6 +2710,7 @@ impl ContainerState { } #[derive(Clone, Copy, Debug, PartialEq, Eq, Hash, PartialOrd, Ord, ::prost::Enumeration)] #[repr(i32)] +#[allow(clippy::enum_variant_names)] pub enum ContainerEventType { /// Container created ContainerCreatedEvent = 0, diff --git a/project/rkl/src/cri/mod.rs b/project/rkl/src/cri/mod.rs index ae4229b2a..eb8708171 100644 --- a/project/rkl/src/cri/mod.rs +++ b/project/rkl/src/cri/mod.rs @@ -1 +1 @@ -pub mod cri; +pub mod cri_api; diff --git a/project/rkl/src/main.rs b/project/rkl/src/main.rs index c98c63a5b..c24e5e4d7 100644 --- a/project/rkl/src/main.rs +++ b/project/rkl/src/main.rs @@ -4,8 +4,6 @@ mod cri; mod rootpath; mod task; use clap::{Parser, Subcommand}; -use std::error::Error; -use task::task::TaskRunner; #[derive(Parser)] #[command(name = "rkl")] diff --git a/project/rkl/src/task/task.rs b/project/rkl/src/task.rs similarity index 98% rename from project/rkl/src/task/task.rs rename to project/rkl/src/task.rs index fdce0b234..6a3af5a09 100644 --- a/project/rkl/src/task/task.rs +++ b/project/rkl/src/task.rs @@ -1,5 +1,5 @@ -use crate::commands::{create, delete, kill, load_container, start, state}; -use crate::cri::cri::{ +use crate::commands::{create, delete, kill, load_container, start}; +use crate::cri::cri_api::{ ContainerConfig, ContainerMetadata, CreateContainerRequest, CreateContainerResponse, ImageSpec, KeyValue, Mount, PodSandboxConfig, PodSandboxMetadata, PortMapping, Protocol, RemovePodSandboxRequest, RemovePodSandboxResponse, RunPodSandboxRequest, RunPodSandboxResponse, @@ -10,10 +10,9 @@ use anyhow::{Result, anyhow}; use libcontainer::oci_spec::runtime::{ LinuxBuilder, LinuxNamespaceBuilder, LinuxNamespaceType, ProcessBuilder, Spec, }; -use liboci_cli::{Create, Delete, Kill, Start, State}; +use liboci_cli::{Create, Delete, Kill, Start}; use rust_cni::cni::Libcni; use serde::{Deserialize, Serialize}; -use serde_json::json; use std::fs::File; use std::io::{BufWriter, Read, Write}; use std::path::{Path, PathBuf}; @@ -187,7 +186,7 @@ impl TaskRunner { request: RunPodSandboxRequest, ) -> Result { let config = request.config.unwrap_or_default(); - let sandbox_id = format!("{}", config.metadata.unwrap_or_default().name); + let sandbox_id = config.metadata.unwrap_or_default().name.to_string(); // get bundle path of pause container from labels let bundle_path = self @@ -231,7 +230,7 @@ impl TaskRunner { .pid .ok_or_else(|| anyhow!("PID not found for container {}", sandbox_id))?; - Self::setup_pod_network(pid_i32.clone())?; + Self::setup_pod_network(pid_i32)?; self.pause_pid = Some(pid_i32); let response = RunPodSandboxResponse { @@ -330,7 +329,7 @@ impl TaskRunner { &self, request: CreateContainerRequest, ) -> Result { - let pod_sandbox_id = request.pod_sandbox_id.clone(); + let _pod_sandbox_id = request.pod_sandbox_id.clone(); let config = request .config .as_ref() @@ -385,7 +384,7 @@ impl TaskRunner { .iter() .find(|c| c.name == container_id) .ok_or_else(|| anyhow!("Container spec not found for ID: {}", container_id))?; - let mut process = ProcessBuilder::default() + let process = ProcessBuilder::default() .args(container_spec.args.clone()) .build()?; @@ -644,7 +643,7 @@ pub fn get_cni() -> Result { } plugin_conf_dir.push("rkl/test"); - let mut cni = Libcni::new( + let cni = Libcni::new( Some(plugin_dirs), Some(plugin_conf_dir.to_string_lossy().to_string()), None, diff --git a/project/rkl/src/task/mod.rs b/project/rkl/src/task/mod.rs deleted file mode 100644 index cdafe4ad6..000000000 --- a/project/rkl/src/task/mod.rs +++ /dev/null @@ -1 +0,0 @@ -pub mod task; diff --git a/project/rkl/test/bundles/busybox/config.json b/project/rkl/test/bundles/busybox/config.json index 6d2caa7e4..a472e4534 100644 --- a/project/rkl/test/bundles/busybox/config.json +++ b/project/rkl/test/bundles/busybox/config.json @@ -97,29 +97,29 @@ "cwd": "/", "capabilities": { "bounding": [ + "CAP_NET_BIND_SERVICE", "CAP_AUDIT_WRITE", - "CAP_KILL", - "CAP_NET_BIND_SERVICE" + "CAP_KILL" ], "effective": [ + "CAP_NET_BIND_SERVICE", "CAP_AUDIT_WRITE", - "CAP_KILL", - "CAP_NET_BIND_SERVICE" + "CAP_KILL" ], "inheritable": [ + "CAP_NET_BIND_SERVICE", "CAP_AUDIT_WRITE", - "CAP_KILL", - "CAP_NET_BIND_SERVICE" + "CAP_KILL" ], "permitted": [ + "CAP_NET_BIND_SERVICE", "CAP_AUDIT_WRITE", - "CAP_KILL", - "CAP_NET_BIND_SERVICE" + "CAP_KILL" ], "ambient": [ + "CAP_NET_BIND_SERVICE", "CAP_AUDIT_WRITE", - "CAP_KILL", - "CAP_NET_BIND_SERVICE" + "CAP_KILL" ] }, "rlimits": [ @@ -140,19 +140,19 @@ "namespaces": [ { "type": "pid", - "path": "/proc/84833/ns/pid" + "path": "/proc/21563/ns/pid" }, { "type": "network", - "path": "/proc/84833/ns/net" + "path": "/proc/21563/ns/net" }, { "type": "ipc", - "path": "/proc/84833/ns/ipc" + "path": "/proc/21563/ns/ipc" }, { "type": "uts", - "path": "/proc/84833/ns/uts" + "path": "/proc/21563/ns/uts" }, { "type": "mount" diff --git a/project/rkl/test/pod-with-a-container.yaml b/project/rkl/test/pod-with-a-container.yaml index 8648a446b..0a3cf79b0 100644 --- a/project/rkl/test/pod-with-a-container.yaml +++ b/project/rkl/test/pod-with-a-container.yaml @@ -4,11 +4,11 @@ metadata: name: simple-container-task labels: app: my-app - bundle: /home/tcy/project/rk8s/project/rkl/test/bundles/pause # bundle path of pause container + bundle: /home/ich/rk8s/project/rkl/test/bundles/pause # bundle path of pause container spec: containers: - name: main-container1 - image: /home/tcy/project/rk8s/project/rkl/test/bundles/busybox # bundle path + image: /home/ich/rk8s/project/rkl/test/bundles/busybox # bundle path args: #the arguments of config.json file - "sleep" - "10000"