add support for recursive volume/mounts #2880
Conversation
steveej
changed the title
| @@ -124,7 +124,8 @@ Each ACI can define a [list of mount points](https://github.com/appc/spec/blob/m | |||
| { | |||
| "name": "data", | |||
| "path": "/var/data", | |||
| "readOnly": false | |||
| "readOnly": false, | |||
| "recursiive": true | |||
| // See the License for the specific language governing permissions and | ||
| // limitations under the License. | ||
|
|
||
| // +build kvm |
There was a problem hiding this comment.
There's no difference between this and the nspawn one.
Can this just be one file of rkt_volume_mount_non_fly or such, and either be !fly or coreos host kvm?
We can split out stage specific files if/when we need to.
|
LGTM, regardless of my nit. I would prefer if another pair of eyes looked at it. cc @alban |
| if child.Cmd == nil || | ||
| child.Cmd.Process == nil || | ||
| child.Cmd.ProcessState == nil { | ||
| continue |
There was a problem hiding this comment.
If the child isn't fully initialized there might be a panic due to nil-pointer. I ran into this while testing locally and I think the cleanup function should be able to tolerate this.
|
@steveej Could you describe the refactoring in the patch "tests: cover recursive volume/mounts"? It is a big change. |
Given it's a refactor I assume the motivation is obvious. What would you like to have explained? |
|
The Jenkins failure on fedora-23, flavor coreos does not seem to be related to this PR:
Things like:
|
| if manifestFile != "" { | ||
| runCmd += fmt.Sprintf(" --pod-manifest=%s", manifestFile) | ||
| } else { | ||
| runCmd += fmt.Sprintf(" %s %s", tt.cmdArgs, hashesToRemove[0]) |
There was a problem hiding this comment.
Do you mean to use hash instead of hashesToRemove[0]?
There was a problem hiding this comment.
hash is defined in the previous for-loop and not available here. This code doesn't actually run the test for each image provided, but only for the first one. This can be improved and I'll add a comment.
| for _, mnt := range mnts { | ||
| innerRelPath := tuple.M.Path + strings.Replace(mnt.MountPoint, tuple.V.Source, "", -1) | ||
| argFlyMounts = append(argFlyMounts, | ||
| flyMount{"", rfs, innerRelPath, "none", flags | syscall.MS_REMOUNT | syscall.MS_RDONLY}, |
There was a problem hiding this comment.
Not tested, but I think MS_BIND is missing as well.
Also, we should test if the remount does not change the other flags such as nosuid, nodev. They are probably not important in the kvm flavor but they should not be changed in the fly flavor. See get_mount_flags.
There was a problem hiding this comment.
MS_BIND should no be used in this case because it's a pure remount. Besides that, if it was necessary the current test would fail.
There was a problem hiding this comment.
man mount(2) says about MS_REMOUNT:
The mountflags and data arguments should match the values used in the original mount() call, except for those parameters that are being deliberately changed.
So MS_BIND should be passed.
Also, do_remount (performing the MS_REMOUNT) behaves differently if the flag MS_BIND is not given.
In my manual test above, /tmp/data/RW was a bind mount. But in the functional test, tmpdir2path (/tmp/rkt-tests-flyxxxx/dir2) is a new mount (tmpfs). Maybe that's the difference explaining why the tests passed? I don't know.
There was a problem hiding this comment.
The codepath you linked convinces me more that we don't want MS_BIND. The else case will attempt to use do_remount_sb() which IIUC is what we want.
There was a problem hiding this comment.
I don't think so: the "sb" in do_remount_sb means superblock, and the superblock is the data structure which is common to all mounts of the same underlying storage.
So if you have one tmpfs, that's one superblock. If you create bind mounts of it, that creates several mounts but still all referring to the same superblock. But in our case, we want to change the RW/RO bit only for one mount, not for all mounts with the same superblock.
There was a problem hiding this comment.
I think we want the change_mount_flags -> mnt_make_readonly instead.
There was a problem hiding this comment.
I don't think so: the "sb" in do_remount_sb means superblock, and the superblock is the data structure which is common to all mounts of the same underlying storage.
This is beyond my knowledge about mounts and I wonder how this relates to shared mounts. Do shared mounts automatically shared the same superblock? What happens if a shared mount gets remounted private or unshared?
Besides, seems like in all our cases we need MS_BIND to do achieve what we want.
Based on Stefan Junker's work from rkt#2880
Based on Stefan Junker's work from rkt#2880
Based on Stefan Junker's work from rkt#2880
|
We split the vendoring part out of this into #3063. |
|
@steveej pinging, sorry that this got so much delay. Are you still up for rebasing this one, or should we bump to the next release? |
|
@s-urbaniak I'll rebase it again! |
The volumes defined in the pod manifest now have a 'recursive' bool field. The default is recursive for nspawn containers and non-recursive for fly containers.
Refactors:
- move duplicate verifyHostFile implementation from rkt_fly_test.go and
rkt_run_pod_manifest_test.go to rkt_tests.go
- Refactor TestFlyMount{CLI,PodManifest} to new tests using a TestVolumeMount
-
New Tests:
- Recursive mount functionality for flavors kvm, fly, coreos
- New test cases use the volumeMountTestCase struct type
This practically duplicates some of the cases for kvm and coreos
flavors
* remount every recursive sub-mount read-only * modify stage0 code to export GetMountsForPrefix * add tests to cover recursive/read-only mounts
|
A couple of passes were done, a green CI, and in the beginning of the next release cycle should give us enough headroom to let these changes cook in upcoming tests, merging. |
Based on Stefan Junker's work from rkt#2880
Depends on #2852
Closes #2827 (duplicate)
Fixes #2567
Follow-Up Issues