package org.apache.storm.container.oci;

import com.fasterxml.jackson.databind.JsonNode;
import com.fasterxml.jackson.databind.ObjectMapper;
import java.io.File;
import java.io.FileNotFoundException;
import java.io.FileReader;
import java.io.FileWriter;
import java.io.IOException;
import java.nio.file.Files;
import java.nio.file.Paths;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collections;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.concurrent.ConcurrentHashMap;
import org.apache.commons.lang.StringUtils;
import org.apache.storm.DaemonConfig;
import org.apache.storm.StormTimer;
import org.apache.storm.container.cgroup.CgroupUtils;
import org.apache.storm.container.cgroup.core.MemoryCore;
import org.apache.storm.container.oci.OciContainerExecutorConfig;
import org.apache.storm.container.oci.OciContainerManager;
import org.apache.storm.daemon.supervisor.ClientSupervisorUtils;
import org.apache.storm.daemon.supervisor.ExitCodeCallback;
import org.apache.storm.utils.ConfigUtils;
import org.apache.storm.utils.ObjectReader;
import org.apache.storm.utils.ReflectionUtils;
import org.apache.storm.utils.ServerUtils;
import org.apache.storm.utils.Utils;
import org.json.simple.JSONObject;
import org.json.simple.parser.JSONParser;
import org.json.simple.parser.ParseException;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.yaml.snakeyaml.DumperOptions;
import org.yaml.snakeyaml.Yaml;

/* loaded from: input_file:org/apache/storm/container/oci/RuncLibContainerManager.class */
public class RuncLibContainerManager extends OciContainerManager {
    private static final Logger LOG = LoggerFactory.getLogger(RuncLibContainerManager.class);
    private OciImageTagToManifestPluginInterface imageTagToManifestPlugin;
    private OciManifestToResourcesPluginInterface manifestToResourcesPlugin;
    private OciResourcesLocalizerInterface ociResourcesLocalizer;
    private ObjectMapper mapper;
    private int layersToKeep;
    private String seccomp;
    private static final String RESOLV_CONF = "/etc/resolv.conf";
    private static final String HOSTNAME = "/etc/hostname";
    private static final String HOSTS = "/etc/hosts";
    private static final String OCI_CONFIG_JSON = "oci-config.json";
    private static final String SQUASHFS_MEDIA_TYPE = "application/vnd.squashfs";
    private static final long CPU_CFS_PERIOD_US = 100000;
    private final Map<String, Long> workerToContainerPid = new ConcurrentHashMap();
    private final Map<String, ExitCodeCallback> workerToExitCallback = new ConcurrentHashMap();
    private final Map<String, String> workerToUser = new ConcurrentHashMap();
    private StormTimer checkContainerAliveTimer;

    @Override // org.apache.storm.container.oci.OciContainerManager, org.apache.storm.container.ResourceIsolationInterface
    public void prepare(Map<String, Object> map) throws IOException {
        super.prepare(map);
        this.imageTagToManifestPlugin = chooseImageTagToManifestPlugin();
        this.imageTagToManifestPlugin.init(map);
        this.manifestToResourcesPlugin = chooseManifestToResourcesPlugin();
        this.manifestToResourcesPlugin.init(map);
        this.ociResourcesLocalizer = chooseOciResourcesLocalizer();
        this.ociResourcesLocalizer.init(map);
        this.layersToKeep = ObjectReader.getInt(map.get(DaemonConfig.STORM_OCI_LAYER_MOUNTS_TO_KEEP), 100).intValue();
        this.mapper = new ObjectMapper();
        if (this.seccompJsonFile != null) {
            this.seccomp = new String(Files.readAllBytes(Paths.get(this.seccompJsonFile, new String[0])));
        }
        if (this.checkContainerAliveTimer == null) {
            this.checkContainerAliveTimer = new StormTimer("CheckRuncContainerAlive", Utils.createDefaultUncaughtExceptionHandler());
            this.checkContainerAliveTimer.scheduleRecurring(0, ((Integer) map.get(DaemonConfig.SUPERVISOR_MONITOR_FREQUENCY_SECS)).intValue(), () -> {
                try {
                    checkContainersAlive();
                } catch (Exception e) {
                    LOG.warn("The CheckRuncContainerAlive thread has exception. Ignored", e);
                }
            });
        }
    }

    private OciImageTagToManifestPluginInterface chooseImageTagToManifestPlugin() throws IllegalArgumentException {
        String string = ObjectReader.getString(this.conf.get(DaemonConfig.STORM_OCI_IMAGE_TAG_TO_MANIFEST_PLUGIN));
        LOG.info("imageTag-to-manifest Plugin is: {}", string);
        return (OciImageTagToManifestPluginInterface) ReflectionUtils.newInstance(string);
    }

    private OciManifestToResourcesPluginInterface chooseManifestToResourcesPlugin() throws IllegalArgumentException {
        String string = ObjectReader.getString(this.conf.get(DaemonConfig.STORM_OCI_MANIFEST_TO_RESOURCES_PLUGIN));
        LOG.info("manifest to resource Plugin is: {}", string);
        return (OciManifestToResourcesPluginInterface) ReflectionUtils.newInstance(string);
    }

    private OciResourcesLocalizerInterface chooseOciResourcesLocalizer() throws IllegalArgumentException {
        String string = ObjectReader.getString(this.conf.get(DaemonConfig.STORM_OCI_RESOURCES_LOCALIZER));
        LOG.info("oci resource localizer is: {}", string);
        return (OciResourcesLocalizerInterface) ReflectionUtils.newInstance(string);
    }

    private String containerPidFile(String str) {
        return ConfigUtils.workerArtifactsSymlink(this.conf, str) + ConfigUtils.FILE_SEPARATOR + "container-" + str + ".pid";
    }

    @Override // org.apache.storm.container.ResourceIsolationInterface
    public void launchWorkerProcess(String str, String str2, Map<String, Object> map, int i, String str3, List<String> list, Map<String, String> map2, String str4, ExitCodeCallback exitCodeCallback, File file) throws IOException {
        String imageName = getImageName(map);
        if (imageName == null) {
            LOG.error("Image name for {} is not configured properly; will not continue to launch the worker", str2);
            return;
        }
        String containerId = getContainerId(str3, i);
        ImageManifest manifestFromImageTag = this.imageTagToManifestPlugin.getManifestFromImageTag(imageName);
        LOG.debug("workerId {}: Got manifest: {}", str3, manifestFromImageTag.toString());
        OciResource configResource = this.manifestToResourcesPlugin.getConfigResource(manifestFromImageTag);
        LOG.info("workerId {}: Got config metadata: {}", str3, configResource.toString());
        saveRuncYaml(str2, i, containerId, imageName, configResource);
        List<OciResource> layerResources = this.manifestToResourcesPlugin.getLayerResources(manifestFromImageTag);
        LOG.info("workerId {}: Got layers metadata: {}", str3, layerResources.toString());
        String localize = this.ociResourcesLocalizer.localize(configResource);
        List<String> arrayList = new ArrayList<>();
        List<String> arrayList2 = new ArrayList<>();
        ArrayList arrayList3 = new ArrayList();
        File file2 = new File(localize);
        List<String> extractImageEnv = extractImageEnv(file2);
        if (extractImageEnv != null && !extractImageEnv.isEmpty()) {
            arrayList.addAll(extractImageEnv);
        }
        for (Map.Entry<String, String> entry : map2.entrySet()) {
            arrayList.add(entry.getKey() + "=" + entry.getValue());
        }
        LOG.debug("workerId {}: ociEnv: {}", str3, arrayList);
        List<String> extractImageEntrypoint = extractImageEntrypoint(file2);
        if (extractImageEntrypoint != null && !extractImageEntrypoint.isEmpty()) {
            arrayList2.addAll(extractImageEntrypoint);
        }
        LOG.debug("workerId {}: args: {}", str3, arrayList2);
        Iterator<String> it = this.ociResourcesLocalizer.localize(layerResources).iterator();
        while (it.hasNext()) {
            arrayList3.add(new OciContainerExecutorConfig.OciLayer(SQUASHFS_MEDIA_TYPE, it.next()));
        }
        LOG.debug("workerId {}: layers: {}", str3, arrayList3);
        ArrayList<OciContainerExecutorConfig.OciRuntimeConfig.OciMount> arrayList4 = new ArrayList<>();
        setContainerMounts(arrayList4, str2, str3, Integer.valueOf(i));
        LOG.debug("workerId {}: mounts: {}", str3, arrayList4);
        Long valueOf = this.workerToCpu.containsKey(str3) ? Long.valueOf((this.workerToCpu.get(str3).intValue() * CPU_CFS_PERIOD_US) / 100) : null;
        Long valueOf2 = this.workerToMemoryMb.containsKey(str3) ? Long.valueOf(this.workerToMemoryMb.get(str3).intValue() * 1024 * 1024) : null;
        LOG.info("workerId {}: memoryInBytes set to {}; cpusQuotas set to {}", new Object[]{str3, valueOf2, valueOf});
        String absolutePath = file.getAbsolutePath();
        String writeScript = ServerUtils.writeScript(absolutePath, list, map2, "0027");
        arrayList2.add("bash");
        arrayList2.add(writeScript);
        String writeOciExecutorConfigToJsonFile = writeOciExecutorConfigToJsonFile(this.mapper, createOciContainerExecutorConfig(str, containerId, containerPidFile(str3), writeScript, arrayList3, new OciContainerExecutorConfig.OciRuntimeConfig(null, arrayList4, createOciProcessConfig(absolutePath, arrayList, arrayList2), null, null, null, createOciLinuxConfig(valueOf, valueOf2, this.cgroupParent + "/" + containerId, this.seccomp, str3))), absolutePath);
        LOG.info("workerId {}: oci-config.json file path: {}", str3, writeOciExecutorConfigToJsonFile);
        int processLauncherAndWait = ClientSupervisorUtils.processLauncherAndWait(this.conf, str, Arrays.asList(OciContainerManager.CmdType.RUN_OCI_CONTAINER.toString(), absolutePath, writeOciExecutorConfigToJsonFile, ConfigUtils.workerArtifactsSymlink(this.conf, str3)), map2, str4, file);
        if (processLauncherAndWait != 0) {
            LOG.error("launchWorkerProcess RuncCommand {} exited with code: {}", "LaunchWorker-" + containerId, Integer.valueOf(processLauncherAndWait));
            throw new RuntimeException("launchWorkerProcess Failed to create Runc Container. ContainerId: " + containerId);
        }
        LOG.debug("Adding {} to the watched workers list", str3);
        this.workerToExitCallback.put(str3, exitCodeCallback);
        this.workerToUser.put(str3, str);
    }

    private void checkContainersAlive() {
        this.workerToUser.forEach((str, str2) -> {
            if (isContainerDead(str, str2)) {
                invokeProcessExitCallback(str);
            }
        });
    }

    private boolean isContainerDead(String str, String str2) {
        boolean z = true;
        Long containerPid = getContainerPid(str);
        LOG.debug("Checking container {}, pid {}, user {}", new Object[]{str, containerPid, str2});
        if (containerPid != null && str2 != null) {
            try {
                z = ServerUtils.areAllProcessesDead(this.conf, str2, str, Collections.singleton(containerPid));
            } catch (IOException e) {
                LOG.debug("Error while checking if container is dead.", e);
            }
        }
        return z;
    }

    private void invokeProcessExitCallback(String str) {
        LOG.info("processExitCallback returned for workerId {}", str);
        ExitCodeCallback exitCodeCallback = this.workerToExitCallback.get(str);
        if (exitCodeCallback != null) {
            exitCodeCallback.call(0);
        }
    }

    private String getContainerId(String str, int i) throws IOException {
        return i <= 0 ? getContainerIdFromOciJson(str) : i + "-" + str;
    }

    private String getContainerIdFromOciJson(String str) throws IOException {
        String str2 = ConfigUtils.workerRoot(this.conf, str) + ConfigUtils.FILE_SEPARATOR + OCI_CONFIG_JSON;
        LOG.info("port unknown for workerId {}, looking up from {}", str, str2);
        JSONParser jSONParser = new JSONParser();
        try {
            FileReader fileReader = new FileReader(str2);
            Throwable th = null;
            try {
                try {
                    String str3 = (String) ((JSONObject) jSONParser.parse(fileReader)).get("containerId");
                    if (fileReader != null) {
                        if (0 != 0) {
                            try {
                                fileReader.close();
                            } catch (Throwable th2) {
                                th.addSuppressed(th2);
                            }
                        } else {
                            fileReader.close();
                        }
                    }
                    return str3;
                } finally {
                }
            } finally {
            }
        } catch (ParseException e) {
            throw new IOException("Unable to parse {}", e);
        }
    }

    private void saveRuncYaml(String str, int i, String str2, String str3, OciResource ociResource) {
        File file = new File(ConfigUtils.workerArtifactsRoot(this.conf, str, Integer.valueOf(i)), String.format("runc-%s.yaml", str2));
        DumperOptions dumperOptions = new DumperOptions();
        dumperOptions.setIndent(2);
        dumperOptions.setPrettyFlow(true);
        dumperOptions.setDefaultFlowStyle(DumperOptions.FlowStyle.BLOCK);
        Yaml yaml = new Yaml(dumperOptions);
        HashMap hashMap = new HashMap();
        hashMap.put("imageName", str3);
        hashMap.put("manifest", ociResource.getFileName());
        hashMap.put("configPath", ociResource.getPath());
        try {
            FileWriter fileWriter = new FileWriter(file);
            Throwable th = null;
            try {
                try {
                    yaml.dump(hashMap, fileWriter);
                    if (fileWriter != null) {
                        if (0 != 0) {
                            try {
                                fileWriter.close();
                            } catch (Throwable th2) {
                                th.addSuppressed(th2);
                            }
                        } else {
                            fileWriter.close();
                        }
                    }
                } finally {
                }
            } finally {
            }
        } catch (IOException e) {
            throw new RuntimeException(e);
        }
    }

    private String writeOciExecutorConfigToJsonFile(ObjectMapper objectMapper, OciContainerExecutorConfig ociContainerExecutorConfig, String str) throws IOException {
        File file = new File(str);
        if (!file.exists()) {
            throw new IOException(str + " doesn't exist");
        }
        File file2 = new File(file + ConfigUtils.FILE_SEPARATOR + OCI_CONFIG_JSON);
        objectMapper.writeValue(file2, ociContainerExecutorConfig);
        return file2.getAbsolutePath();
    }

    private void setContainerMounts(ArrayList<OciContainerExecutorConfig.OciRuntimeConfig.OciMount> arrayList, String str, String str2, Integer num) throws IOException {
        for (String str3 : this.readonlyBindmounts) {
            addOciMountLocation(arrayList, str3, str3, false, false);
        }
        for (String str4 : this.readwriteBindmounts) {
            addOciMountLocation(arrayList, str4, str4, false, true);
        }
        addOciMountLocation(arrayList, RESOLV_CONF, RESOLV_CONF, false, false);
        addOciMountLocation(arrayList, HOSTNAME, HOSTNAME, false, false);
        addOciMountLocation(arrayList, HOSTS, HOSTS, false, false);
        addOciMountLocation(arrayList, this.nscdPath, this.nscdPath, false, false);
        addOciMountLocation(arrayList, this.stormHome, this.stormHome, false, false);
        addOciMountLocation(arrayList, this.cgroupRootPath, this.cgroupRootPath, false, false);
        String supervisorLocalDir = ConfigUtils.supervisorLocalDir(this.conf);
        addOciMountLocation(arrayList, supervisorLocalDir, supervisorLocalDir, false, false);
        String workerRoot = ConfigUtils.workerRoot(this.conf, str2);
        addOciMountLocation(arrayList, workerRoot, workerRoot, false, true);
        String workerArtifactsRoot = ConfigUtils.workerArtifactsRoot(this.conf, str, num);
        addOciMountLocation(arrayList, workerArtifactsRoot, workerArtifactsRoot, false, true);
        String workerUserFile = ConfigUtils.workerUserFile(this.conf, str2);
        addOciMountLocation(arrayList, workerUserFile, workerUserFile, false, true);
        String sharedByTopologyDir = ConfigUtils.sharedByTopologyDir(this.conf, str);
        addOciMountLocation(arrayList, sharedByTopologyDir, sharedByTopologyDir, false, true);
        addOciMountLocation(arrayList, ConfigUtils.workerTmpRoot(this.conf, str2), TMP_DIR, false, true);
    }

    private List<String> extractImageEnv(File file) throws IOException {
        JsonNode path = this.mapper.readTree(file).path("config").path("Env");
        if (path.isMissingNode()) {
            return null;
        }
        return (List) this.mapper.treeToValue(path, List.class);
    }

    private List<String> extractImageEntrypoint(File file) throws IOException {
        JsonNode path = this.mapper.readTree(file).path("config").path("Entrypoint");
        if (path.isMissingNode()) {
            return null;
        }
        return (List) this.mapper.treeToValue(path, List.class);
    }

    private OciContainerExecutorConfig createOciContainerExecutorConfig(String str, String str2, String str3, String str4, List<OciContainerExecutorConfig.OciLayer> list, OciContainerExecutorConfig.OciRuntimeConfig ociRuntimeConfig) {
        return new OciContainerExecutorConfig(str, str2, str3, str4, list, this.layersToKeep, ociRuntimeConfig);
    }

    private OciContainerExecutorConfig.OciRuntimeConfig.OciProcessConfig createOciProcessConfig(String str, List<String> list, List<String> list2) {
        return new OciContainerExecutorConfig.OciRuntimeConfig.OciProcessConfig(false, null, str, list, list2, null, null, null, true, 0, null, null);
    }

    private OciContainerExecutorConfig.OciRuntimeConfig.OciLinuxConfig createOciLinuxConfig(Long l, Long l2, String str, String str2, String str3) {
        OciContainerExecutorConfig.OciRuntimeConfig.OciLinuxConfig.Resources.Cpu cpu = null;
        if (l != null) {
            cpu = new OciContainerExecutorConfig.OciRuntimeConfig.OciLinuxConfig.Resources.Cpu(0L, l.longValue(), CPU_CFS_PERIOD_US, 0L, 0L, null, null);
            if (this.workerToCores.containsKey(str3)) {
                cpu.setCpus(StringUtils.join(this.workerToCores.get(str3), ","));
                cpu.setMems(this.workerToMemoryZone.get(str3));
            }
        }
        OciContainerExecutorConfig.OciRuntimeConfig.OciLinuxConfig.Resources.Memory memory = null;
        if (l2 != null) {
            memory = new OciContainerExecutorConfig.OciRuntimeConfig.OciLinuxConfig.Resources.Memory(l2.longValue(), 0L, 0L, 0L, 0L, 0L, false);
        }
        return new OciContainerExecutorConfig.OciRuntimeConfig.OciLinuxConfig(null, null, null, null, str, new OciContainerExecutorConfig.OciRuntimeConfig.OciLinuxConfig.Resources(null, memory, cpu, null, null, null, null, null), null, null, str2, null, null, null, null);
    }

    private void addOciMountLocation(List<OciContainerExecutorConfig.OciRuntimeConfig.OciMount> list, String str, String str2, boolean z, boolean z2) throws IOException {
        if (!z && !new File(str).exists()) {
            throw new IOException("SourcePath " + str + " doesn't exit");
        }
        ArrayList arrayList = new ArrayList();
        if (z2) {
            arrayList.add("rw");
        } else {
            arrayList.add("ro");
        }
        arrayList.add("rbind");
        arrayList.add("rprivate");
        list.add(new OciContainerExecutorConfig.OciRuntimeConfig.OciMount(str2, "bind", str, arrayList));
    }

    @Override // org.apache.storm.container.ResourceIsolationInterface
    public long getMemoryUsage(String str, String str2, int i) throws IOException {
        String containerId = getContainerId(str2, i);
        String str3 = this.memoryCgroupRootPath + File.separator + containerId;
        MemoryCore memoryCore = new MemoryCore(str3);
        LOG.debug("ContainerId {} : Got memory getPhysicalUsage {} from {}", new Object[]{containerId, Long.valueOf(memoryCore.getPhysicalUsage()), str3});
        return memoryCore.getPhysicalUsage();
    }

    @Override // org.apache.storm.container.ResourceIsolationInterface
    public void kill(String str, String str2) throws IOException {
        LOG.info("Killing {}", str2);
        Long containerPid = getContainerPid(str2);
        if (containerPid != null) {
            signal(containerPid.longValue(), 15, str);
        } else {
            LOG.warn("Trying to kill container {} but pidfile is not found", str2);
        }
    }

    private void signal(long j, int i, String str) throws IOException {
        ClientSupervisorUtils.processLauncherAndWait(this.conf, str, Arrays.asList("signal", String.valueOf(j), String.valueOf(i)), (Map) null, "kill -" + i + " " + j);
    }

    @Override // org.apache.storm.container.ResourceIsolationInterface
    public void forceKill(String str, String str2) throws IOException {
        LOG.debug("ForceKilling {}", str2);
        Long containerPid = getContainerPid(str2);
        if (containerPid != null) {
            signal(containerPid.longValue(), 9, str);
        } else {
            LOG.warn("Trying to forceKill container for workerId {} but pidfile is not found", str2);
        }
    }

    private Long getContainerPid(String str) {
        Long l = this.workerToContainerPid.get(str);
        if (l == null) {
            String containerPidFile = containerPidFile(str);
            if (new File(containerPidFile).exists()) {
                try {
                    l = Long.valueOf(Long.parseLong((String) CgroupUtils.readFileByLine(containerPidFile).get(0)));
                    this.workerToContainerPid.put(str, l);
                } catch (IOException e) {
                    LOG.warn("failed to read {}", containerPidFile);
                }
            } else {
                LOG.warn("{} doesn't exist", containerPidFile);
            }
        }
        return l;
    }

    @Override // org.apache.storm.container.ResourceIsolationInterface
    public boolean areAllProcessesDead(String str, String str2) throws IOException {
        boolean isContainerDead = isContainerDead(str2, str);
        LOG.debug("WorkerId {}: Checking areAllProcessesDead: {}", str2, Boolean.valueOf(isContainerDead));
        return isContainerDead;
    }

    @Override // org.apache.storm.container.oci.OciContainerManager, org.apache.storm.container.ResourceIsolationInterface
    public void cleanup(String str, String str2, int i) throws IOException {
        super.cleanup(str, str2, i);
        LOG.debug("clean up worker {}", str2);
        try {
            if (ClientSupervisorUtils.processLauncherAndWait(this.conf, str, Arrays.asList(OciContainerManager.CmdType.REAP_OCI_CONTAINER.toString(), getContainerId(str2, i), String.valueOf(this.layersToKeep)), (Map) null, "Worker Process " + str2) != 0) {
                LOG.warn("Failed cleaning up RuncWorker {}", str2);
            }
        } catch (FileNotFoundException e) {
            LOG.error("Failed to find container id for {} ({}), unable to reap container", str2, e.getMessage());
        }
        LOG.debug("Removing {} from the watched workers list", str2);
        this.workerToUser.remove(str2);
        this.workerToExitCallback.remove(str2);
        this.workerToContainerPid.remove(str2);
    }

    @Override // org.apache.storm.container.ResourceIsolationInterface
    public boolean runProfilingCommand(String str, String str2, List<String> list, Map<String, String> map, String str3, File file) throws IOException, InterruptedException {
        String writeToCommandFile = writeToCommandFile(file.getAbsolutePath(), StringUtils.join(list, " "), "profile");
        Long containerPid = getContainerPid(str2);
        if (containerPid == null) {
            LOG.error("Couldn't get container PID for the worker {}. Skip profiling", str2);
            return false;
        }
        int processLauncherAndWait = ClientSupervisorUtils.processLauncherAndWait(this.conf, str, Arrays.asList(OciContainerManager.CmdType.PROFILE_OCI_CONTAINER.toString(), containerPid.toString(), writeToCommandFile), map, str3, file);
        LOG.debug("WorkerId {} : exitCode from {}: {}", new Object[]{str2, OciContainerManager.CmdType.PROFILE_OCI_CONTAINER.toString(), Integer.valueOf(processLauncherAndWait)});
        return processLauncherAndWait == 0;
    }

    @Override // org.apache.storm.container.ResourceIsolationInterface
    public boolean isResourceManaged() {
        return true;
    }
}
