forked from wrenn/wrenn
Add tini as PID 1, guest clock sync, and fix PATH in guest VMs
- Use tini as PID 1 in wrenn-init.sh so zombie processes are reaped and signals are forwarded correctly to envd - Set standard PATH in wrenn-init.sh so child processes spawned by envd can find common binaries (fixes "nice: ls command not found") - Add envdclient.Init() to POST /init on envd after every boot/resume, syncing the guest clock via unix.ClockSettime — critical after snapshot resume where the guest clock is frozen - Run Init in a background goroutine so it doesn't block the CreateSandbox RPC response; a slow Init (vCPU busy with envd startup) was causing the RPC context to be canceled before the response reached the control plane - Update rootfs-from-container.sh and update-debug-rootfs.sh to inject tini into the rootfs, checking the container image and host first, downloading from GitHub releases as fallback
This commit is contained in:
@ -3,12 +3,14 @@ package envdclient
|
||||
import (
|
||||
"bytes"
|
||||
"context"
|
||||
"encoding/json"
|
||||
"fmt"
|
||||
"io"
|
||||
"log/slog"
|
||||
"mime/multipart"
|
||||
"net/http"
|
||||
"net/url"
|
||||
"time"
|
||||
|
||||
"connectrpc.com/connect"
|
||||
|
||||
@ -47,6 +49,35 @@ func (c *Client) BaseURL() string {
|
||||
return c.base
|
||||
}
|
||||
|
||||
// Init calls POST /init on envd to sync the guest clock with the host.
|
||||
// This is important after snapshot resume where the guest clock is frozen.
|
||||
func (c *Client) Init(ctx context.Context) error {
|
||||
now := time.Now().UTC()
|
||||
body, err := json.Marshal(map[string]any{"timestamp": now})
|
||||
if err != nil {
|
||||
return fmt.Errorf("marshal init body: %w", err)
|
||||
}
|
||||
|
||||
req, err := http.NewRequestWithContext(ctx, http.MethodPost, c.base+"/init", bytes.NewReader(body))
|
||||
if err != nil {
|
||||
return fmt.Errorf("create init request: %w", err)
|
||||
}
|
||||
req.Header.Set("Content-Type", "application/json")
|
||||
|
||||
resp, err := c.httpClient.Do(req)
|
||||
if err != nil {
|
||||
return fmt.Errorf("init request: %w", err)
|
||||
}
|
||||
defer resp.Body.Close()
|
||||
|
||||
if resp.StatusCode != http.StatusNoContent {
|
||||
respBody, _ := io.ReadAll(resp.Body)
|
||||
return fmt.Errorf("init: status %d: %s", resp.StatusCode, string(respBody))
|
||||
}
|
||||
|
||||
return nil
|
||||
}
|
||||
|
||||
// ExecResult holds the output of a command execution.
|
||||
type ExecResult struct {
|
||||
Stdout []byte
|
||||
|
||||
@ -197,6 +197,16 @@ func (m *Manager) Create(ctx context.Context, sandboxID, template string, vcpus,
|
||||
return nil, fmt.Errorf("wait for envd: %w", err)
|
||||
}
|
||||
|
||||
// Sync guest clock in background. Non-fatal — sandbox is usable before this completes.
|
||||
// Run in a goroutine so Init latency doesn't block the RPC response back to the control plane.
|
||||
go func() {
|
||||
initCtx, initCancel := context.WithTimeout(context.Background(), 10*time.Second)
|
||||
defer initCancel()
|
||||
if err := client.Init(initCtx); err != nil {
|
||||
slog.Warn("envd init (clock sync) failed", "sandbox", sandboxID, "error", err)
|
||||
}
|
||||
}()
|
||||
|
||||
now := time.Now()
|
||||
sb := &sandboxState{
|
||||
Sandbox: models.Sandbox{
|
||||
@ -617,6 +627,16 @@ func (m *Manager) Resume(ctx context.Context, sandboxID string, timeoutSec int)
|
||||
return nil, fmt.Errorf("wait for envd: %w", err)
|
||||
}
|
||||
|
||||
// Sync guest clock in background. Non-fatal — sandbox is usable before this completes.
|
||||
// Run in a goroutine so Init latency doesn't block the RPC response back to the control plane.
|
||||
go func() {
|
||||
initCtx, initCancel := context.WithTimeout(context.Background(), 10*time.Second)
|
||||
defer initCancel()
|
||||
if err := client.Init(initCtx); err != nil {
|
||||
slog.Warn("envd init (clock sync) failed", "sandbox", sandboxID, "error", err)
|
||||
}
|
||||
}()
|
||||
|
||||
now := time.Now()
|
||||
sb := &sandboxState{
|
||||
Sandbox: models.Sandbox{
|
||||
@ -926,6 +946,16 @@ func (m *Manager) createFromSnapshot(ctx context.Context, sandboxID, snapshotNam
|
||||
return nil, fmt.Errorf("wait for envd: %w", err)
|
||||
}
|
||||
|
||||
// Sync guest clock in background. Non-fatal — sandbox is usable before this completes.
|
||||
// Run in a goroutine so Init latency doesn't block the RPC response back to the control plane.
|
||||
go func() {
|
||||
initCtx, initCancel := context.WithTimeout(context.Background(), 10*time.Second)
|
||||
defer initCancel()
|
||||
if err := client.Init(initCtx); err != nil {
|
||||
slog.Warn("envd init (clock sync) failed", "sandbox", sandboxID, "error", err)
|
||||
}
|
||||
}()
|
||||
|
||||
now := time.Now()
|
||||
sb := &sandboxState{
|
||||
Sandbox: models.Sandbox{
|
||||
|
||||
Reference in New Issue
Block a user