cadey
/
propellor
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Detect #774376 and refuse to use docker if the system is so broken that docker exec doesn't enter a chroot.

This commit is contained in:
Joey Hess 2015-01-01 15:41:31 -04:00
parent 858ded043b
commit d5cfadd899
3 changed files with 774 additions and 757 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
debian/changelog vendored
View File

@ -2,6 +2,8 @@ propellor (1.2.3) UNRELEASED; urgency=medium
* --spin checks if the DNS matches any configured IP address property * --spin checks if the DNS matches any configured IP address property
of the host, and if not, sshes to the host by IP address. of the host, and if not, sshes to the host by IP address.
* Detect #774376 and refuse to use docker if the system is so broken
that docker exec doesn't enter a chroot.
-- Joey Hess <id@joeyh.name> Thu, 01 Jan 2015 13:27:23 -0400 -- Joey Hess <id@joeyh.name> Thu, 01 Jan 2015 13:27:23 -0400

1498
privdata.joey/privdata.gpg
View File

File diff suppressed because it is too large Load Diff

29
src/Propellor/Property/Docker.hs
View File

@ -351,29 +351,44 @@ runningContainer cid@(ContainerId hn cn) image runps = containerDesc cid $ prope
-- Check if the ident has changed; if so the -- Check if the ident has changed; if so the
-- parameters of the container differ and it must -- parameters of the container differ and it must
-- be restarted. -- be restarted.
checkident runningident checkident (Right runningident)
| runningident == Just ident = noChange | runningident == Just ident = noChange
| otherwise = do | otherwise = do
void $ liftIO $ stopContainer cid void $ liftIO $ stopContainer cid
restartcontainer restartcontainer
checkident (Left errmsg) = do
warningMessage errmsg
return FailedChange
restartcontainer = do restartcontainer = do
oldimage <- liftIO $ fromMaybe image <$> commitContainer cid oldimage <- liftIO $ fromMaybe image <$> commitContainer cid
void $ liftIO $ removeContainer cid void $ liftIO $ removeContainer cid
go oldimage go oldimage
getrunningident = readish getrunningident = withTmpFile "dockerrunsane" $ \t h -> do
<$> readProcess' (inContainerProcess cid [] ["cat", propellorIdent]) -- detect #774376 which caused docker exec to not enter
-- the container namespace, and be able to access files
-- outside
hClose h
void . checkSuccessProcess . processHandle =<<
createProcess (inContainerProcess cid []
["rm", "-f", t])
ifM (doesFileExist t)
( Right . readish <$>
readProcess' (inContainerProcess cid []
["cat", propellorIdent])
, return $ Left "docker exec failed to enter chroot properly (maybe an old kernel version?)"
)
retry :: Int -> IO (Maybe a) -> IO (Maybe a) retry :: Int -> IO (Either e (Maybe a)) -> IO (Either e (Maybe a))
retry 0 _ = return Nothing retry 0 _ = return (Right Nothing)
retry n a = do retry n a = do
v <- a v <- a
case v of case v of
Just _ -> return v Right Nothing -> do
Nothing -> do
threadDelaySeconds (Seconds 1) threadDelaySeconds (Seconds 1)
retry (n-1) a retry (n-1) a
_ -> return v
go img = do go img = do
liftIO $ do liftIO $ do