You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@openwhisk.apache.org by ra...@apache.org on 2018/01/11 16:31:17 UTC
[incubator-openwhisk] branch master updated: Sanitize error message
returned by a failed container startup. (#3159)
This is an automated email from the ASF dual-hosted git repository.
rabbah pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/incubator-openwhisk.git
The following commit(s) were added to refs/heads/master by this push:
new 496f1b0 Sanitize error message returned by a failed container startup. (#3159)
496f1b0 is described below
commit 496f1b0022313c59b342ec10f4dd2498c2ed2739
Author: Markus Thömmes <ma...@me.com>
AuthorDate: Thu Jan 11 17:31:14 2018 +0100
Sanitize error message returned by a failed container startup. (#3159)
The error message returned by a failing container startup contains internal information (like the internally configured images, various exception messages). Returning a sanitized string is better design in general here.
All error cases are logged fine for operators to find the root-cause of the failing run.
---
common/scala/src/main/scala/whisk/http/ErrorResponse.scala | 6 ++++++
.../src/main/scala/whisk/core/containerpool/ContainerProxy.scala | 2 +-
.../scala/whisk/core/containerpool/docker/DockerContainer.scala | 9 ++++-----
3 files changed, 11 insertions(+), 6 deletions(-)
diff --git a/common/scala/src/main/scala/whisk/http/ErrorResponse.scala b/common/scala/src/main/scala/whisk/http/ErrorResponse.scala
index d26ebf3..e89fad9 100644
--- a/common/scala/src/main/scala/whisk/http/ErrorResponse.scala
+++ b/common/scala/src/main/scala/whisk/http/ErrorResponse.scala
@@ -191,6 +191,12 @@ object Messages {
val actionRemovedWhileInvoking = "Action could not be found or may have been deleted."
val actionMismatchWhileInvoking = "Action version is not compatible and cannot be invoked."
val actionFetchErrorWhileInvoking = "Action could not be fetched."
+
+ /** Indicates that the image could not be pulled. */
+ def imagePullError(image: String) = s"Failed to pull container image '$image'."
+
+ /** Indicates that the container for the action could not be started. */
+ val resourceProvisionError = "Failed to provision resources to run the action."
}
/** Replaces rejections with Json object containing cause and transaction id. */
diff --git a/core/invoker/src/main/scala/whisk/core/containerpool/ContainerProxy.scala b/core/invoker/src/main/scala/whisk/core/containerpool/ContainerProxy.scala
index 93d4798..23d0965 100644
--- a/core/invoker/src/main/scala/whisk/core/containerpool/ContainerProxy.scala
+++ b/core/invoker/src/main/scala/whisk/core/containerpool/ContainerProxy.scala
@@ -148,7 +148,7 @@ class ContainerProxy(
val response = t match {
case WhiskContainerStartupError(msg) => ActivationResponse.whiskError(msg)
case BlackboxStartupError(msg) => ActivationResponse.applicationError(msg)
- case _ => ActivationResponse.whiskError(t.getMessage)
+ case _ => ActivationResponse.whiskError(Messages.resourceProvisionError)
}
// construct an appropriate activation and record it in the datastore,
// also update the feed and active ack; the container cleanup is queued
diff --git a/core/invoker/src/main/scala/whisk/core/containerpool/docker/DockerContainer.scala b/core/invoker/src/main/scala/whisk/core/containerpool/docker/DockerContainer.scala
index f24b35b..2fc5f75 100644
--- a/core/invoker/src/main/scala/whisk/core/containerpool/docker/DockerContainer.scala
+++ b/core/invoker/src/main/scala/whisk/core/containerpool/docker/DockerContainer.scala
@@ -104,7 +104,7 @@ object DockerContainer {
params
val pulled = if (userProvidedImage) {
docker.pull(image).recoverWith {
- case _ => Future.failed(BlackboxStartupError(s"Failed to pull container image '${image}'."))
+ case _ => Future.failed(BlackboxStartupError(Messages.imagePullError(image)))
}
} else Future.successful(())
@@ -115,17 +115,16 @@ object DockerContainer {
// Remove the broken container - but don't wait or check for the result.
// If the removal fails, there is nothing we could do to recover from the recovery.
docker.rm(brokenId)
- Future.failed(
- WhiskContainerStartupError(s"Failed to run container with image '${image}'. Removing broken container."))
+ Future.failed(WhiskContainerStartupError(Messages.resourceProvisionError))
case _ =>
- Future.failed(WhiskContainerStartupError(s"Failed to run container with image '${image}'."))
+ Future.failed(WhiskContainerStartupError(Messages.resourceProvisionError))
}
ip <- docker.inspectIPAddress(id, network).recoverWith {
// remove the container immediately if inspect failed as
// we cannot recover that case automatically
case _ =>
docker.rm(id)
- Future.failed(WhiskContainerStartupError(s"Failed to obtain IP address of container '${id.asString}'."))
+ Future.failed(WhiskContainerStartupError(Messages.resourceProvisionError))
}
} yield new DockerContainer(id, ip, useRunc)
}
--
To stop receiving notification emails like this one, please contact
['"commits@openwhisk.apache.org" <co...@openwhisk.apache.org>'].