You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@openwhisk.apache.org by ra...@apache.org on 2018/01/11 16:31:17 UTC

[incubator-openwhisk] branch master updated: Sanitize error message returned by a failed container startup. (#3159)

This is an automated email from the ASF dual-hosted git repository.

rabbah pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/incubator-openwhisk.git


The following commit(s) were added to refs/heads/master by this push:
     new 496f1b0  Sanitize error message returned by a failed container startup. (#3159)
496f1b0 is described below

commit 496f1b0022313c59b342ec10f4dd2498c2ed2739
Author: Markus Thömmes <ma...@me.com>
AuthorDate: Thu Jan 11 17:31:14 2018 +0100

    Sanitize error message returned by a failed container startup. (#3159)
    
    The error message returned by a failing container startup contains internal information (like the internally configured images, various exception messages). Returning a sanitized string is better design in general here.
    
    All error cases are logged fine for operators to find the root-cause of the failing run.
---
 common/scala/src/main/scala/whisk/http/ErrorResponse.scala       | 6 ++++++
 .../src/main/scala/whisk/core/containerpool/ContainerProxy.scala | 2 +-
 .../scala/whisk/core/containerpool/docker/DockerContainer.scala  | 9 ++++-----
 3 files changed, 11 insertions(+), 6 deletions(-)

diff --git a/common/scala/src/main/scala/whisk/http/ErrorResponse.scala b/common/scala/src/main/scala/whisk/http/ErrorResponse.scala
index d26ebf3..e89fad9 100644
--- a/common/scala/src/main/scala/whisk/http/ErrorResponse.scala
+++ b/common/scala/src/main/scala/whisk/http/ErrorResponse.scala
@@ -191,6 +191,12 @@ object Messages {
   val actionRemovedWhileInvoking = "Action could not be found or may have been deleted."
   val actionMismatchWhileInvoking = "Action version is not compatible and cannot be invoked."
   val actionFetchErrorWhileInvoking = "Action could not be fetched."
+
+  /** Indicates that the image could not be pulled. */
+  def imagePullError(image: String) = s"Failed to pull container image '$image'."
+
+  /** Indicates that the container for the action could not be started. */
+  val resourceProvisionError = "Failed to provision resources to run the action."
 }
 
 /** Replaces rejections with Json object containing cause and transaction id. */
diff --git a/core/invoker/src/main/scala/whisk/core/containerpool/ContainerProxy.scala b/core/invoker/src/main/scala/whisk/core/containerpool/ContainerProxy.scala
index 93d4798..23d0965 100644
--- a/core/invoker/src/main/scala/whisk/core/containerpool/ContainerProxy.scala
+++ b/core/invoker/src/main/scala/whisk/core/containerpool/ContainerProxy.scala
@@ -148,7 +148,7 @@ class ContainerProxy(
             val response = t match {
               case WhiskContainerStartupError(msg) => ActivationResponse.whiskError(msg)
               case BlackboxStartupError(msg)       => ActivationResponse.applicationError(msg)
-              case _                               => ActivationResponse.whiskError(t.getMessage)
+              case _                               => ActivationResponse.whiskError(Messages.resourceProvisionError)
             }
             // construct an appropriate activation and record it in the datastore,
             // also update the feed and active ack; the container cleanup is queued
diff --git a/core/invoker/src/main/scala/whisk/core/containerpool/docker/DockerContainer.scala b/core/invoker/src/main/scala/whisk/core/containerpool/docker/DockerContainer.scala
index f24b35b..2fc5f75 100644
--- a/core/invoker/src/main/scala/whisk/core/containerpool/docker/DockerContainer.scala
+++ b/core/invoker/src/main/scala/whisk/core/containerpool/docker/DockerContainer.scala
@@ -104,7 +104,7 @@ object DockerContainer {
       params
     val pulled = if (userProvidedImage) {
       docker.pull(image).recoverWith {
-        case _ => Future.failed(BlackboxStartupError(s"Failed to pull container image '${image}'."))
+        case _ => Future.failed(BlackboxStartupError(Messages.imagePullError(image)))
       }
     } else Future.successful(())
 
@@ -115,17 +115,16 @@ object DockerContainer {
           // Remove the broken container - but don't wait or check for the result.
           // If the removal fails, there is nothing we could do to recover from the recovery.
           docker.rm(brokenId)
-          Future.failed(
-            WhiskContainerStartupError(s"Failed to run container with image '${image}'. Removing broken container."))
+          Future.failed(WhiskContainerStartupError(Messages.resourceProvisionError))
         case _ =>
-          Future.failed(WhiskContainerStartupError(s"Failed to run container with image '${image}'."))
+          Future.failed(WhiskContainerStartupError(Messages.resourceProvisionError))
       }
       ip <- docker.inspectIPAddress(id, network).recoverWith {
         // remove the container immediately if inspect failed as
         // we cannot recover that case automatically
         case _ =>
           docker.rm(id)
-          Future.failed(WhiskContainerStartupError(s"Failed to obtain IP address of container '${id.asString}'."))
+          Future.failed(WhiskContainerStartupError(Messages.resourceProvisionError))
       }
     } yield new DockerContainer(id, ip, useRunc)
   }

-- 
To stop receiving notification emails like this one, please contact
['"commits@openwhisk.apache.org" <co...@openwhisk.apache.org>'].