Change kill and stop implementation to enhance compatibility

lcastellano · lcastellano · commit e68c0ff3d105 · 2018-07-31T17:17:08.000-07:00
diff --git a/lib/portlayer/exec/base.go b/lib/portlayer/exec/base.go
@@ -29,6 +29,7 @@ import (
 	"github.com/vmware/govmomi/vim25/types"
 	"github.com/vmware/vic/lib/config/executor"
 	"github.com/vmware/vic/lib/migration"
+	"github.com/vmware/vic/lib/tether/shared"
 	"github.com/vmware/vic/pkg/trace"
 	"github.com/vmware/vic/pkg/vsphere/extraconfig"
 	"github.com/vmware/vic/pkg/vsphere/extraconfig/vmomi"
@@ -220,7 +221,7 @@ func (c *containerBase) State(op trace.Operation) State {
 func (c *containerBase) ReloadConfig(op trace.Operation) error {
 	defer trace.End(trace.Begin(c.ExecConfig.ID, op))
 
-	return c.startGuestProgram(op, "reload", "")
+	return c.startGuestProgram(op, shared.GuestActionReload, "")
 }
 
 // WaitForExec waits exec'ed task to set started field or timeout
@@ -319,7 +320,7 @@ func (c *containerBase) kill(op trace.Operation) error {
 	sig := string(ssh.SIGKILL)
 	timeout.Infof("sending kill -%s %s", sig, c)
 
-	err := c.startGuestProgram(timeout, "kill", sig)
+	err := c.startGuestProgram(timeout, shared.GuestActionKill, sig)
 	if err == nil && timeout.Err() != nil {
 		timeout.Warnf("timeout (%s) waiting for %s to power off via SIG%s", wait, c, sig)
 	}
@@ -361,21 +362,30 @@ func (c *containerBase) shutdown(op trace.Operation, waitTime *int32) error {
 	}
 
 	cs := c.ExecConfig.Sessions[c.ExecConfig.ID]
-	stop := []string{cs.StopSignal, string(ssh.SIGKILL)}
-	if stop[0] == "" {
-		stop[0] = string(ssh.SIGTERM)
+
+	stopSignal := cs.StopSignal
+	if stopSignal == "" {
+		stopSignal = string(ssh.SIGTERM)
+	}
+
+	actionSignals := []struct {
+		action string
+		sig    string
+	}{
+		{shared.GuestActionKill, stopSignal},
+		{shared.GuestActionGroupKill, string(ssh.SIGKILL)},
 	}
 
 	var killed bool
 
-	for _, sig := range stop {
-		msg := fmt.Sprintf("sending kill -%s %s", sig, c)
+	for _, actionSignal := range actionSignals {
+		msg := fmt.Sprintf("sending %s -%s %s", actionSignal.action, actionSignal.sig, c)
 		op.Infof(msg)
 
 		timeout, cancel := trace.WithTimeout(&op, wait, "shutdown")
 		defer cancel()
 
-		err := c.startGuestProgram(timeout, "kill", sig)
+		err := c.startGuestProgram(timeout, actionSignal.action, actionSignal.sig)
 		if err != nil {
 			// Just warn and proceed to waiting for power state per issue https://github.com/vmware/vic/issues/5803
 			// Description above in function kill()
@@ -399,14 +409,14 @@ func (c *containerBase) shutdown(op trace.Operation, waitTime *int32) error {
 			return err // error other than timeout
 		}
 
-		timeout.Warnf("timeout (%s) waiting for %s to power off via SIG%s", wait, c, sig)
+		timeout.Warnf("timeout (%s) waiting for %s to power off via SIG%s", wait, c, actionSignal.sig)
 
 		if killed {
 			return nil
 		}
 	}
 
-	return fmt.Errorf("failed to shutdown %s via kill signals %s", c, stop)
+	return fmt.Errorf("failed to shutdown %s via kill signals %s and %s", c, stopSignal, string(ssh.SIGKILL))
 }
 
 func (c *containerBase) poweroff(op trace.Operation) error {
diff --git a/lib/tether/shared/constants.go b/lib/tether/shared/constants.go
@@ -22,4 +22,7 @@ const (
 	FilterSpecQueryName  = "filter-spec"
 	SkipRecurseQueryName = "skip-recurse"
 	SkipDataQueryName    = "skip-data"
+	GuestActionReload    = "reload"
+	GuestActionKill      = "kill"
+	GuestActionGroupKill = "group-kill"
 )
diff --git a/lib/tether/tether.go b/lib/tether/tether.go
@@ -677,10 +677,6 @@ func (t *tether) cleanupSession(session *SessionConfig) {
 func (t *tether) handleSessionExit(session *SessionConfig) {
 	defer trace.End(trace.Begin("handling exit of session " + session.ID))
 
-	log.Debugf("Waiting on session.wait")
-	session.wait.Wait()
-	log.Debugf("Wait on session.wait completed")
-
 	log.Debugf("Calling wait on cmd")
 	if err := session.Cmd.Wait(); err != nil {
 		// we expect this to get an error because the child reaper will have gathered it
diff --git a/lib/tether/tether_linux.go b/lib/tether/tether_linux.go
@@ -138,7 +138,15 @@ func (t *tether) childReaper() error {
 						log.Debugf("Removed child pid: %d", pid)
 						session.Lock()
 						session.ExitStatus = exitCode
+						session.Unlock()
+
+						// Don't hold the lock while waiting for the file descriptors
+						// to close as these can be held open by child processes
+						log.Debugf("Waiting on session.wait")
+						session.wait.Wait()
+						log.Debugf("Wait on session.wait completed")
 
+						session.Lock()
 						t.handleSessionExit(session)
 						session.Unlock()
 						continue
diff --git a/lib/tether/toolbox.go b/lib/tether/toolbox.go
@@ -32,6 +32,7 @@ import (
 
 	log "github.com/Sirupsen/logrus"
 	dar "github.com/docker/docker/pkg/archive"
+
 	"golang.org/x/crypto/ssh"
 
 	"github.com/vmware/govmomi/toolbox"
@@ -181,10 +182,21 @@ func (t *Toolbox) kill(_ context.Context, name string) error {
 
 	session.Lock()
 	defer session.Unlock()
-	return t.killHelper(session, name)
+	return t.killHelper(session, name, false)
+}
+
+func (t *Toolbox) groupKill(_ context.Context, name string) error {
+	session := t.session()
+	if session == nil {
+		return fmt.Errorf("failed to kill container: process not found")
+	}
+
+	session.Lock()
+	defer session.Unlock()
+	return t.killHelper(session, name, true)
 }
 
-func (t *Toolbox) killHelper(session *SessionConfig, name string) error {
+func (t *Toolbox) killHelper(session *SessionConfig, name string, groupKill bool) error {
 	if name == "" {
 		name = string(ssh.SIGTERM)
 	}
@@ -201,9 +213,19 @@ func (t *Toolbox) killHelper(session *SessionConfig, name string) error {
 
 	num := syscall.Signal(sig.Signum())
 
-	log.Infof("sending signal %s (%d) to process group for %s", sig.Signal, num, session.ID)
-	if err := syscall.Kill(-session.Cmd.Process.Pid, num); err != nil {
-		return fmt.Errorf("failed to signal %s group: %s", session.ID, err)
+	var pid int
+	if groupKill == false {
+		// Send signal to a single process
+		pid = session.Cmd.Process.Pid
+		log.Infof("sending signal %s (%d) to process %d for %s", sig.Signal, num, session.Cmd.Process.Pid, session.ID)
+	} else {
+		// Send signal to the whole process group
+		pid = -session.Cmd.Process.Pid
+		log.Infof("sending signal %s (%d) to process group %d for %s", sig.Signal, num, session.Cmd.Process.Pid, session.ID)
+	}
+
+	if err := syscall.Kill(pid, num); err != nil {
+		return fmt.Errorf("failed to signal %s: %s", session.ID, err)
 	}
 
 	return nil
@@ -220,7 +242,9 @@ func (t *Toolbox) containerAuthenticate(_ vix.CommandRequestHeader, data []byte)
 		return errors.New("not yet initialized")
 	}
 
+	log.Debugf("containerAuthenticate, acquiring session lock: %s ..", session.ID)
 	session.Lock()
+	log.Debugf("containerAuthenticate, acquired session lock: %s", session.ID)
 	defer session.Unlock()
 
 	// no authentication yet, just using container ID and device IDs as a sanity check for now
@@ -235,9 +259,11 @@ func (t *Toolbox) containerStartCommand(m *toolbox.ProcessManager, r *vix.StartP
 	var p *toolbox.Process
 
 	switch r.ProgramPath {
-	case "kill":
+	case shared.GuestActionKill:
 		p = toolbox.NewProcessFunc(t.kill)
-	case "reload":
+	case shared.GuestActionGroupKill:
+		p = toolbox.NewProcessFunc(t.groupKill)
+	case shared.GuestActionReload:
 		p = toolbox.NewProcessFunc(func(_ context.Context, _ string) error {
 			return ReloadConfig()
 		})
@@ -263,7 +289,7 @@ func (t *Toolbox) halt() error {
 
 	log.Infof("stopping %s", session.ID)
 
-	if err := t.killHelper(session, session.StopSignal); err != nil {
+	if err := t.killHelper(session, session.StopSignal, false); err != nil {
 		return err
 	}
 
diff --git a/tests/test-cases/Group1-Docker-Commands/1-14-Docker-Kill.robot b/tests/test-cases/Group1-Docker-Commands/1-14-Docker-Kill.robot
@@ -37,6 +37,12 @@ Assert Container Output
     Should Be Equal As Integers  ${rc}  0
     Should Contain  ${output}  ${match}
 
+Assert Not In Container Output
+    [Arguments]  ${id}  ${match}
+    ${rc}  ${output}=  Run And Return Rc And Output  docker %{VCH-PARAMS} logs ${id}
+    Should Be Equal As Integers  ${rc}  0
+    Should Not Contain  ${output}  ${match}
+
 Check That Container Was Killed
     [Arguments]  ${container}
     ${rc}  ${out}=  Run And Return Rc And Output  docker %{VCH-PARAMS} inspect -f {{.State.Running}} ${container}
@@ -82,7 +88,7 @@ Signal a container with SIGHUP
     Should Be Equal As Integers  ${rc}  0
     ${rc}  ${output}=  Run And Return Rc And Output  docker %{VCH-PARAMS} logs --follow ${id}
 
-Confirm signal delivered to entire process group
+Confirm signal is not delivered to entire process group
     ${rc}=  Run And Return Rc  docker %{VCH-PARAMS} pull ${busybox}
     Should Be Equal As Integers  ${rc}  0
     ${trap}=  Nested Trap Signal Command  HUP
@@ -96,9 +102,10 @@ Confirm signal delivered to entire process group
     Should Be Equal As Integers  ${rc}  1
     ${rc}  ${output}=  Run And Return Rc And Output  docker %{VCH-PARAMS} kill -s HUP ${id}
     Should Be Equal As Integers  ${rc}  0
-    Wait Until Keyword Succeeds  20x  200 milliseconds  Assert Container Output  ${id}  KillSignalChildHUP
-    ${rc}  ${output}=  Run And Return Rc And Output  docker %{VCH-PARAMS} kill -s TERM ${id}
+    Wait Until Keyword Succeeds  20x  200 milliseconds  Assert Container Output  ${id}  KillSignalParentHUP
+    ${rc}=  Run And Return Rc  docker %{VCH-PARAMS} stop ${id}
     Should Be Equal As Integers  ${rc}  0
+    Assert Not In Container Output  ${id}  KillSignalChildHUP
     ${rc}  ${output}=  Run And Return Rc And Output  docker %{VCH-PARAMS} logs --follow ${id}
 
 Signal a non-existent container

Original file line number	Diff line number	Diff line change
`@@ -22,4 +22,7 @@ const (`
`22`	`22`	`FilterSpecQueryName = "filter-spec"`
`23`	`23`	`SkipRecurseQueryName = "skip-recurse"`
`24`	`24`	`SkipDataQueryName = "skip-data"`
	`25`	`+ GuestActionReload = "reload"`
	`26`	`+ GuestActionKill = "kill"`
	`27`	`+ GuestActionGroupKill = "group-kill"`
`25`	`28`	`)`