From a51aca2e768017e850bee752d0cf630ae1389419 Mon Sep 17 00:00:00 2001 From: apostasie Date: Sat, 24 Aug 2024 20:59:24 -0700 Subject: [PATCH] Prevent presumably bogus reentrancy onPostStop when onCreateRuntime errored Signed-off-by: apostasie --- pkg/ocihook/ocihook.go | 25 +++++++++++++++++++------ pkg/ocihook/state/state.go | 5 +++-- 2 files changed, 22 insertions(+), 8 deletions(-) diff --git a/pkg/ocihook/ocihook.go b/pkg/ocihook/ocihook.go index e37f4083a51..922e6ff8c96 100644 --- a/pkg/ocihook/ocihook.go +++ b/pkg/ocihook/ocihook.go @@ -505,24 +505,37 @@ func onCreateRuntime(opts *handlerOpts) error { log.L.WithError(err).Error("failed re-acquiring name - see https://github.com/containerd/nerdctl/issues/2992") } + var netError error if opts.cni != nil { - if err = applyNetworkSettings(opts); err != nil { - return err - } + netError = applyNetworkSettings(opts) } - // Set StartedAt lf := state.NewLifecycleState(opts.state.Annotations[labels.StateDir]) - return lf.WithLock(func() error { + + return errors.Join(netError, lf.WithLock(func() error { // Errors are voluntarily ignored here, as they should not be fatal. // The lifecycle struct is also already warning about the issue. _ = lf.Load() lf.StartedAt = time.Now() + lf.CreateError = netError != nil return lf.Save() - }) + })) } func onPostStop(opts *handlerOpts) error { + // See https://github.com/containerd/nerdctl/issues/3357 + // Check if we actually errored during runtimeCreate + // If that is the case, CreateError is set, and we are in postStop while the container will NOT be deleted (see ticket). + // In that case, do NOT treat this as a deletion, as the container is still there. + // Reset CreateError, and return. + lf := state.NewLifecycleState(opts.state.Annotations[labels.StateDir]) + if lf.WithLock(lf.Load) == nil { + if lf.CreateError { + lf.CreateError = false + return lf.WithLock(lf.Save) + } + } + ctx := context.Background() ns := opts.state.Annotations[labels.Namespace] if opts.cni != nil { diff --git a/pkg/ocihook/state/state.go b/pkg/ocihook/state/state.go index bcb6278d14b..849b7133e79 100644 --- a/pkg/ocihook/state/state.go +++ b/pkg/ocihook/state/state.go @@ -51,8 +51,9 @@ func NewLifecycleState(stateDir string) *LifecycleState { } type LifecycleState struct { - stateDir string - StartedAt time.Time `json:"started_at"` + stateDir string + StartedAt time.Time `json:"started_at"` + CreateError bool `json:"create_error"` } func (lf *LifecycleState) WithLock(fun func() error) error {