conmonrs/
rpc.rs

1use crate::{
2    capnp_util,
3    child::Child,
4    container_io::{ContainerIO, SharedContainerIO},
5    container_log::ContainerLog,
6    pause::Pause,
7    server::{GenerateRuntimeArgs, Server},
8    telemetry::Telemetry,
9    version::Version,
10};
11use anyhow::{Context, format_err};
12use capnp::{Error, capability::Promise};
13use capnp_rpc::pry;
14use conmon_common::conmon_capnp::conmon;
15use std::{
16    path::{Path, PathBuf},
17    process, str,
18    time::Duration,
19};
20use tokio::time::Instant;
21use tracing::{Instrument, debug, debug_span, error};
22use uuid::Uuid;
23
24macro_rules! pry_err {
25    ($x:expr_2021) => {
26        pry!(capnp_err!($x))
27    };
28}
29
30macro_rules! capnp_err {
31    ($x:expr_2021) => {
32        $x.map_err(|e| Error::failed(format!("{:#}", e)))
33    };
34}
35
36macro_rules! new_root_span {
37    ($name:expr_2021, $container_id:expr_2021) => {
38        debug_span!(
39            $name,
40            container_id = $container_id,
41            uuid = Uuid::new_v4().to_string().as_str()
42        )
43    };
44}
45
46/// capnp_text_list takes text_list as an input and outputs list of text.
47macro_rules! capnp_text_list {
48    ($x:expr_2021) => {
49        pry!(pry!($x).iter().collect::<Result<Vec<_>, _>>())
50    };
51}
52
53macro_rules! capnp_vec_str {
54    ($x:expr_2021) => {
55        pry!(
56            capnp_text_list!($x)
57                .iter()
58                .map(|s| s.to_string())
59                .collect::<Result<Vec<_>, _>>()
60        )
61    };
62}
63
64macro_rules! capnp_vec_path {
65    ($x:expr_2021) => {
66        pry!(
67            capnp_text_list!($x)
68                .iter()
69                .map(|s| s.to_str().map(|x| PathBuf::from(x)))
70                .collect::<Result<Vec<_>, _>>()
71        )
72    };
73}
74
75impl conmon::Server for Server {
76    /// Retrieve version information from the server.
77    fn version(
78        &mut self,
79        params: conmon::VersionParams,
80        mut results: conmon::VersionResults,
81    ) -> Promise<(), capnp::Error> {
82        debug!("Got a version request");
83        let req = pry!(pry!(params.get()).get_request());
84
85        let span = debug_span!("version", uuid = Uuid::new_v4().to_string().as_str());
86        let _enter = span.enter();
87        pry_err!(Telemetry::set_parent_context(pry!(req.get_metadata())));
88
89        let version = Version::new(req.get_verbose());
90        let mut response = results.get().init_response();
91        response.set_process_id(process::id());
92        response.set_version(version.version());
93        response.set_tag(version.tag());
94        response.set_commit(version.commit());
95        response.set_build_date(version.build_date());
96        response.set_target(version.target());
97        response.set_rust_version(version.rust_version());
98        response.set_cargo_version(version.cargo_version());
99        response.set_cargo_tree(version.cargo_tree());
100
101        Promise::ok(())
102    }
103
104    /// Create a new container for the provided parameters.
105    fn create_container(
106        &mut self,
107        params: conmon::CreateContainerParams,
108        mut results: conmon::CreateContainerResults,
109    ) -> Promise<(), capnp::Error> {
110        let req = pry!(pry!(params.get()).get_request());
111        let id = pry!(pry!(req.get_id()).to_string());
112
113        let span = new_root_span!("create_container", id.as_str());
114        let _enter = span.enter();
115        pry_err!(Telemetry::set_parent_context(pry!(req.get_metadata())));
116
117        let cleanup_cmd: Vec<String> = capnp_vec_str!(req.get_cleanup_cmd());
118
119        debug!("Got a create container request");
120
121        let log_drivers = pry!(req.get_log_drivers());
122        let container_log = pry_err!(ContainerLog::from(log_drivers));
123        let mut container_io =
124            pry_err!(ContainerIO::new(req.get_terminal(), container_log.clone()));
125
126        let bundle_path = Path::new(pry!(pry!(req.get_bundle_path()).to_str()));
127        let pidfile = bundle_path.join("pidfile");
128        debug!("PID file is {}", pidfile.display());
129
130        let child_reaper = self.reaper().clone();
131        let global_args = pry!(req.get_global_args());
132        let command_args = pry!(req.get_command_args());
133        let cgroup_manager = pry!(req.get_cgroup_manager());
134        let args = GenerateRuntimeArgs {
135            config: self.config(),
136            id: &id,
137            container_io: &container_io,
138            pidfile: &pidfile,
139            cgroup_manager,
140        };
141        let args = pry_err!(args.create_args(bundle_path, global_args, command_args));
142        let stdin = req.get_stdin();
143        let runtime = self.config().runtime().clone();
144        let exit_paths = capnp_vec_path!(req.get_exit_paths());
145        let oom_exit_paths = capnp_vec_path!(req.get_oom_exit_paths());
146        let env_vars = pry!(req.get_env_vars().and_then(capnp_util::into_map));
147
148        let additional_fds = pry_err!(self.fd_socket().take_all(pry!(req.get_additional_fds())));
149        let leak_fds = pry_err!(self.fd_socket().take_all(pry!(req.get_leak_fds())));
150
151        Promise::from_future(
152            async move {
153                capnp_err!(container_log.write().await.init().await)?;
154
155                let (grandchild_pid, token) = capnp_err!(match child_reaper
156                    .create_child(
157                        runtime,
158                        args,
159                        stdin,
160                        &mut container_io,
161                        &pidfile,
162                        env_vars,
163                        additional_fds,
164                    )
165                    .await
166                {
167                    Err(e) => {
168                        // Attach the stderr output to the error message
169                        let (_, stderr, _) =
170                            capnp_err!(container_io.read_all_with_timeout(None).await)?;
171                        if !stderr.is_empty() {
172                            let stderr_str = str::from_utf8(&stderr)?;
173                            Err(format_err!("{:#}: {}", e, stderr_str))
174                        } else {
175                            Err(e)
176                        }
177                    }
178                    res => res,
179                })?;
180
181                // register grandchild with server
182                let io = SharedContainerIO::new(container_io);
183                let child = Child::new(
184                    id,
185                    grandchild_pid,
186                    exit_paths,
187                    oom_exit_paths,
188                    None,
189                    io,
190                    cleanup_cmd,
191                    token,
192                );
193                capnp_err!(child_reaper.watch_grandchild(child, leak_fds))?;
194
195                results
196                    .get()
197                    .init_response()
198                    .set_container_pid(grandchild_pid);
199                Ok(())
200            }
201            .instrument(debug_span!("promise")),
202        )
203    }
204
205    /// Execute a command in sync inside of a container.
206    fn exec_sync_container(
207        &mut self,
208        params: conmon::ExecSyncContainerParams,
209        mut results: conmon::ExecSyncContainerResults,
210    ) -> Promise<(), capnp::Error> {
211        let req = pry!(pry!(params.get()).get_request());
212        let id = pry!(pry!(req.get_id()).to_string());
213
214        let span = new_root_span!("exec_sync_container", id.as_str());
215        let _enter = span.enter();
216        pry_err!(Telemetry::set_parent_context(pry!(req.get_metadata())));
217
218        let timeout = req.get_timeout_sec();
219
220        let pidfile = pry_err!(ContainerIO::temp_file_name(
221            Some(self.config().runtime_dir()),
222            "exec_sync",
223            "pid"
224        ));
225
226        debug!("Got exec sync container request with timeout {}", timeout);
227
228        let runtime = self.config().runtime().clone();
229        let child_reaper = self.reaper().clone();
230
231        let logger = ContainerLog::new();
232        let mut container_io = pry_err!(ContainerIO::new(req.get_terminal(), logger));
233
234        let command = pry!(req.get_command());
235        let env_vars = pry!(req.get_env_vars().and_then(capnp_util::into_map));
236        let cgroup_manager = pry!(req.get_cgroup_manager());
237
238        let args = GenerateRuntimeArgs {
239            config: self.config(),
240            id: &id,
241            container_io: &container_io,
242            pidfile: &pidfile,
243            cgroup_manager,
244        };
245        let args = pry_err!(args.exec_sync_args(command));
246
247        Promise::from_future(
248            async move {
249                match child_reaper
250                    .create_child(
251                        &runtime,
252                        &args,
253                        false,
254                        &mut container_io,
255                        &pidfile,
256                        env_vars,
257                        vec![],
258                    )
259                    .await
260                {
261                    Ok((grandchild_pid, token)) => {
262                        let time_to_timeout = if timeout > 0 {
263                            Some(Instant::now() + Duration::from_secs(timeout))
264                        } else {
265                            None
266                        };
267                        let mut resp = results.get().init_response();
268                        // register grandchild with server
269                        let io = SharedContainerIO::new(container_io);
270                        let io_clone = io.clone();
271                        let child = Child::new(
272                            id,
273                            grandchild_pid,
274                            vec![],
275                            vec![],
276                            time_to_timeout,
277                            io_clone,
278                            vec![],
279                            token.clone(),
280                        );
281
282                        let mut exit_rx = capnp_err!(child_reaper.watch_grandchild(child, vec![]))?;
283
284                        let (stdout, stderr, timed_out) =
285                            capnp_err!(io.read_all_with_timeout(time_to_timeout).await)?;
286
287                        let exit_data = capnp_err!(exit_rx.recv().await)?;
288                        resp.set_stdout(&stdout);
289                        resp.set_stderr(&stderr);
290                        resp.set_exit_code(*exit_data.exit_code());
291                        if timed_out || exit_data.timed_out {
292                            resp.set_timed_out(true);
293                        }
294                    }
295                    Err(e) => {
296                        error!("Unable to create child: {:#}", e);
297                        let mut resp = results.get().init_response();
298                        resp.set_exit_code(-2);
299                    }
300                }
301                Ok(())
302            }
303            .instrument(debug_span!("promise")),
304        )
305    }
306
307    /// Attach to a running container.
308    fn attach_container(
309        &mut self,
310        params: conmon::AttachContainerParams,
311        _: conmon::AttachContainerResults,
312    ) -> Promise<(), capnp::Error> {
313        let req = pry!(pry!(params.get()).get_request());
314        let id = pry_err!(pry_err!(req.get_id()).to_str());
315
316        let span = new_root_span!("attach_container", id);
317        let _enter = span.enter();
318        pry_err!(Telemetry::set_parent_context(pry!(req.get_metadata())));
319
320        debug!("Got a attach container request",);
321
322        let exec_session_id = pry_err!(pry_err!(req.get_exec_session_id()).to_str());
323        if !exec_session_id.is_empty() {
324            debug!("Using exec session id {}", exec_session_id);
325        }
326
327        let socket_path = pry!(pry!(req.get_socket_path()).to_string());
328        let child = pry_err!(self.reaper().get(id));
329        let stop_after_stdin_eof = req.get_stop_after_stdin_eof();
330
331        Promise::from_future(
332            async move {
333                capnp_err!(
334                    child
335                        .io()
336                        .attach()
337                        .await
338                        .add(&socket_path, child.token().clone(), stop_after_stdin_eof)
339                        .await
340                )
341            }
342            .instrument(debug_span!("promise")),
343        )
344    }
345
346    /// Rotate all log drivers for a running container.
347    fn reopen_log_container(
348        &mut self,
349        params: conmon::ReopenLogContainerParams,
350        _: conmon::ReopenLogContainerResults,
351    ) -> Promise<(), capnp::Error> {
352        let req = pry!(pry!(params.get()).get_request());
353        let id = pry_err!(pry_err!(req.get_id()).to_str());
354
355        let span = new_root_span!("reopen_log_container", id);
356        let _enter = span.enter();
357        pry_err!(Telemetry::set_parent_context(pry!(req.get_metadata())));
358
359        debug!("Got a reopen container log request");
360
361        let child = pry_err!(self.reaper().get(id));
362
363        Promise::from_future(
364            async move { capnp_err!(child.io().logger().await.write().await.reopen().await) }
365                .instrument(debug_span!("promise")),
366        )
367    }
368
369    /// Adjust the window size of a container running inside of a terminal.
370    fn set_window_size_container(
371        &mut self,
372        params: conmon::SetWindowSizeContainerParams,
373        _: conmon::SetWindowSizeContainerResults,
374    ) -> Promise<(), capnp::Error> {
375        let req = pry!(pry!(params.get()).get_request());
376        let id = pry_err!(pry_err!(req.get_id()).to_str());
377
378        let span = new_root_span!("set_window_size_container", id);
379        let _enter = span.enter();
380        pry_err!(Telemetry::set_parent_context(pry!(req.get_metadata())));
381
382        debug!("Got a set window size container request");
383
384        let child = pry_err!(self.reaper().get(id));
385        let width = req.get_width();
386        let height = req.get_height();
387
388        Promise::from_future(
389            async move { capnp_err!(child.io().resize(width, height).await) }
390                .instrument(debug_span!("promise")),
391        )
392    }
393
394    /// Create a new set of namespaces.
395    fn create_namespaces(
396        &mut self,
397        params: conmon::CreateNamespacesParams,
398        mut results: conmon::CreateNamespacesResults,
399    ) -> Promise<(), capnp::Error> {
400        debug!("Got a create namespaces request");
401        let req = pry!(pry!(params.get()).get_request());
402        let pod_id = pry_err!(pry_err!(req.get_pod_id()).to_str());
403
404        if pod_id.is_empty() {
405            return Promise::err(Error::failed("no pod ID provided".into()));
406        }
407
408        let span = new_root_span!("create_namespaces", pod_id);
409        let _enter = span.enter();
410        pry_err!(Telemetry::set_parent_context(pry!(req.get_metadata())));
411
412        let pause = pry_err!(Pause::init_shared(
413            pry!(pry!(req.get_base_path()).to_str()),
414            pod_id,
415            pry!(req.get_namespaces()),
416            capnp_vec_str!(req.get_uid_mappings()),
417            capnp_vec_str!(req.get_gid_mappings()),
418        ));
419
420        let response = results.get().init_response();
421        let mut namespaces =
422            response.init_namespaces(pry_err!(pause.namespaces().len().try_into()));
423
424        for (idx, namespace) in pause.namespaces().iter().enumerate() {
425            let mut ns = namespaces.reborrow().get(pry_err!(idx.try_into()));
426            ns.set_path(
427                namespace
428                    .path(pause.base_path(), pod_id)
429                    .display()
430                    .to_string(),
431            );
432            ns.set_type(namespace.to_capnp_namespace());
433        }
434
435        Promise::ok(())
436    }
437
438    fn start_fd_socket(
439        &mut self,
440        params: conmon::StartFdSocketParams,
441        mut results: conmon::StartFdSocketResults,
442    ) -> Promise<(), capnp::Error> {
443        let req = pry!(pry!(params.get()).get_request());
444
445        let span = debug_span!(
446            "start_fd_socket",
447            uuid = Uuid::new_v4().to_string().as_str()
448        );
449        let _enter = span.enter();
450        pry_err!(Telemetry::set_parent_context(pry!(req.get_metadata())));
451
452        debug!("Got a start fd socket request");
453
454        let path = self.config().fd_socket();
455        let fd_socket = self.fd_socket().clone();
456
457        Promise::from_future(
458            async move {
459                let path = capnp_err!(fd_socket.start(path).await)?;
460
461                let mut resp = results.get().init_response();
462                resp.set_path(capnp_err!(path.to_str().context("fd_socket path to str"))?);
463
464                Ok(())
465            }
466            .instrument(debug_span!("promise")),
467        )
468    }
469
470    fn serve_exec_container(
471        &mut self,
472        params: conmon::ServeExecContainerParams,
473        mut results: conmon::ServeExecContainerResults,
474    ) -> Promise<(), capnp::Error> {
475        debug!("Got a serve exec container request");
476        let req = pry!(pry!(params.get()).get_request());
477
478        let span = debug_span!(
479            "serve_exec_container",
480            uuid = Uuid::new_v4().to_string().as_str()
481        );
482        let _enter = span.enter();
483        pry_err!(Telemetry::set_parent_context(pry!(req.get_metadata())));
484
485        let id = pry_err!(pry_err!(req.get_id()).to_string());
486
487        // Validate that the container actually exists
488        pry_err!(self.reaper().get(&id));
489
490        let command = capnp_vec_str!(req.get_command());
491        let (tty, stdin, stdout, stderr) = (
492            req.get_tty(),
493            req.get_stdin(),
494            req.get_stdout(),
495            req.get_stderr(),
496        );
497
498        let streaming_server = self.streaming_server().clone();
499        let child_reaper = self.reaper().clone();
500        let container_io = pry_err!(ContainerIO::new(tty, ContainerLog::new()));
501        let config = self.config().clone();
502        let cgroup_manager = pry!(req.get_cgroup_manager());
503
504        Promise::from_future(
505            async move {
506                capnp_err!(
507                    streaming_server
508                        .write()
509                        .await
510                        .start_if_required()
511                        .await
512                        .context("start streaming server if required")
513                )?;
514
515                let url = streaming_server
516                    .read()
517                    .await
518                    .exec_url(
519                        child_reaper,
520                        container_io,
521                        config,
522                        cgroup_manager,
523                        id,
524                        command,
525                        stdin,
526                        stdout,
527                        stderr,
528                    )
529                    .await;
530
531                results.get().init_response().set_url(&url);
532                Ok(())
533            }
534            .instrument(debug_span!("promise")),
535        )
536    }
537
538    fn serve_attach_container(
539        &mut self,
540        params: conmon::ServeAttachContainerParams,
541        mut results: conmon::ServeAttachContainerResults,
542    ) -> Promise<(), capnp::Error> {
543        debug!("Got a serve attach container request");
544        let req = pry!(pry!(params.get()).get_request());
545
546        let span = debug_span!(
547            "serve_attach_container",
548            uuid = Uuid::new_v4().to_string().as_str()
549        );
550        let _enter = span.enter();
551        pry_err!(Telemetry::set_parent_context(pry!(req.get_metadata())));
552
553        let id = pry_err!(pry_err!(req.get_id()).to_str());
554        let (stdin, stdout, stderr) = (req.get_stdin(), req.get_stdout(), req.get_stderr());
555
556        let streaming_server = self.streaming_server().clone();
557        let child = pry_err!(self.reaper().get(id));
558
559        Promise::from_future(
560            async move {
561                capnp_err!(
562                    streaming_server
563                        .write()
564                        .await
565                        .start_if_required()
566                        .await
567                        .context("start streaming server")
568                )?;
569
570                let url = streaming_server
571                    .read()
572                    .await
573                    .attach_url(child, stdin, stdout, stderr)
574                    .await;
575
576                results.get().init_response().set_url(&url);
577                Ok(())
578            }
579            .instrument(debug_span!("promise")),
580        )
581    }
582
583    fn serve_port_forward_container(
584        &mut self,
585        params: conmon::ServePortForwardContainerParams,
586        mut results: conmon::ServePortForwardContainerResults,
587    ) -> Promise<(), capnp::Error> {
588        debug!("Got a serve port forward container request");
589        let req = pry!(pry!(params.get()).get_request());
590
591        let span = debug_span!(
592            "serve_port_forward_container",
593            uuid = Uuid::new_v4().to_string().as_str()
594        );
595        let _enter = span.enter();
596        pry_err!(Telemetry::set_parent_context(pry!(req.get_metadata())));
597
598        let net_ns_path = pry_err!(pry_err!(req.get_net_ns_path()).to_string());
599        let streaming_server = self.streaming_server().clone();
600
601        Promise::from_future(
602            async move {
603                capnp_err!(
604                    streaming_server
605                        .write()
606                        .await
607                        .start_if_required()
608                        .await
609                        .context("start streaming server if required")
610                )?;
611
612                let url = streaming_server
613                    .read()
614                    .await
615                    .port_forward_url(net_ns_path)
616                    .await;
617
618                results.get().init_response().set_url(&url);
619                Ok(())
620            }
621            .instrument(debug_span!("promise")),
622        )
623    }
624}