Container runtime detection cache and rootless check

Karm · Karm · commit 5c58a03dddd3 · 2023-03-14T00:57:35.000+01:00
With this change, the detected container runtime is cached per JVM run
so as it is not checked again regardless of the classloader
loading the ContainerRuntimeUtil class.
The rootless attribute of such runtime is lazily fetched once as needed.
diff --git a/core/deployment/src/main/java/io/quarkus/deployment/IsDockerWorking.java b/core/deployment/src/main/java/io/quarkus/deployment/IsDockerWorking.java
@@ -1,7 +1,8 @@
 
 package io.quarkus.deployment;
 
-import java.io.File;
+import static io.quarkus.runtime.util.ContainerRuntimeUtil.ContainerRuntime.UNAVAILABLE;
+
 import java.io.IOException;
 import java.lang.reflect.InvocationTargetException;
 import java.lang.reflect.Method;
@@ -11,23 +12,20 @@
 import java.net.URISyntaxException;
 import java.nio.file.Files;
 import java.nio.file.Path;
-import java.time.Duration;
 import java.util.List;
 import java.util.Optional;
 import java.util.function.BooleanSupplier;
 import java.util.function.Supplier;
 
-import org.eclipse.microprofile.config.ConfigProvider;
 import org.jboss.logging.Logger;
 
 import io.quarkus.deployment.console.StartupLogCompressor;
-import io.quarkus.deployment.util.ExecUtil;
+import io.quarkus.runtime.util.ContainerRuntimeUtil;
 
 public class IsDockerWorking implements BooleanSupplier {
 
     private static final Logger LOGGER = Logger.getLogger(IsDockerWorking.class.getName());
     public static final int DOCKER_HOST_CHECK_TIMEOUT = 1000;
-    public static final int DOCKER_CMD_CHECK_TIMEOUT = 3000;
 
     private final List<Strategy> strategies;
 
@@ -36,8 +34,7 @@ public IsDockerWorking() {
     }
 
     public IsDockerWorking(boolean silent) {
-        this.strategies = List.of(new TestContainersStrategy(silent), new DockerHostStrategy(),
-                new DockerBinaryStrategy(silent));
+        this.strategies = List.of(new TestContainersStrategy(silent), new DockerHostStrategy(), new DockerBinaryStrategy());
     }
 
     @Override
@@ -170,41 +167,11 @@ public Result get() {
 
     private static class DockerBinaryStrategy implements Strategy {
 
-        private final boolean silent;
-        private final String binary;
-
-        private DockerBinaryStrategy(boolean silent) {
-            this.silent = silent;
-            this.binary = ConfigProvider.getConfig().getOptionalValue("quarkus.native.container-runtime", String.class)
-                    .orElse("docker");
-        }
-
         @Override
         public Result get() {
-            try {
-                if (!ExecUtil.execSilentWithTimeout(Duration.ofMillis(DOCKER_CMD_CHECK_TIMEOUT), binary, "-v")) {
-                    LOGGER.warnf("'%s -v' returned an error code. Make sure your Docker binary is correct", binary);
-                    return Result.UNKNOWN;
-                }
-            } catch (Exception e) {
-                LOGGER.warnf("No %s binary found or general error: %s", binary, e);
-                return Result.UNKNOWN;
-            }
-
-            try {
-                OutputFilter filter = new OutputFilter();
-                if (ExecUtil.execWithTimeout(new File("."), filter, Duration.ofMillis(DOCKER_CMD_CHECK_TIMEOUT),
-                        binary, "version", "--format", "'{{.Server.Version}}'")) {
-                    LOGGER.debugf("Docker daemon found. Version: %s", filter.getOutput());
-                    return Result.AVAILABLE;
-                } else {
-                    if (!silent) {
-                        LOGGER.warn("Could not determine version of Docker daemon");
-                    }
-                    return Result.UNAVAILABLE;
-                }
-            } catch (Exception e) {
-                LOGGER.warn("Unexpected error occurred while determining Docker daemon version", e);
+            if (ContainerRuntimeUtil.detectContainerRuntime(false) != UNAVAILABLE) {
+                return Result.AVAILABLE;
+            } else {
                 return Result.UNKNOWN;
             }
         }
diff --git a/core/deployment/src/main/java/io/quarkus/deployment/pkg/steps/NativeImageBuildLocalContainerRunner.java b/core/deployment/src/main/java/io/quarkus/deployment/pkg/steps/NativeImageBuildLocalContainerRunner.java
@@ -1,6 +1,8 @@
 package io.quarkus.deployment.pkg.steps;
 
 import static io.quarkus.deployment.pkg.steps.LinuxIDUtil.getLinuxID;
+import static io.quarkus.runtime.util.ContainerRuntimeUtil.ContainerRuntime.DOCKER;
+import static io.quarkus.runtime.util.ContainerRuntimeUtil.ContainerRuntime.PODMAN;
 
 import java.nio.file.Path;
 import java.util.ArrayList;
@@ -12,24 +14,21 @@
 
 import io.quarkus.deployment.pkg.NativeConfig;
 import io.quarkus.deployment.util.FileUtil;
-import io.quarkus.runtime.util.ContainerRuntimeUtil;
 
 public class NativeImageBuildLocalContainerRunner extends NativeImageBuildContainerRunner {
 
     public NativeImageBuildLocalContainerRunner(NativeConfig nativeConfig, Path outputDir) {
         super(nativeConfig, outputDir);
         if (SystemUtils.IS_OS_LINUX) {
-            ArrayList<String> containerRuntimeArgs = new ArrayList<>(Arrays.asList(baseContainerRuntimeArgs));
-            if (containerRuntime == ContainerRuntimeUtil.ContainerRuntime.DOCKER
-                    && containerRuntime.isRootless()) {
+            final ArrayList<String> containerRuntimeArgs = new ArrayList<>(Arrays.asList(baseContainerRuntimeArgs));
+            if (containerRuntime == DOCKER && containerRuntime.isRootless()) {
                 Collections.addAll(containerRuntimeArgs, "--user", String.valueOf(0));
             } else {
                 String uid = getLinuxID("-ur");
                 String gid = getLinuxID("-gr");
                 if (uid != null && gid != null && !uid.isEmpty() && !gid.isEmpty()) {
                     Collections.addAll(containerRuntimeArgs, "--user", uid + ":" + gid);
-                    if (containerRuntime == ContainerRuntimeUtil.ContainerRuntime.PODMAN
-                            && containerRuntime.isRootless()) {
+                    if (containerRuntime == PODMAN && containerRuntime.isRootless()) {
                         // Needed to avoid AccessDeniedExceptions
                         containerRuntimeArgs.add("--userns=keep-id");
                     }
@@ -41,16 +40,19 @@ public NativeImageBuildLocalContainerRunner(NativeConfig nativeConfig, Path outp
 
     @Override
     protected List<String> getContainerRuntimeBuildArgs() {
-        List<String> containerRuntimeArgs = super.getContainerRuntimeBuildArgs();
-        String volumeOutputPath = outputPath;
+        final List<String> containerRuntimeArgs = super.getContainerRuntimeBuildArgs();
+        final String volumeOutputPath;
         if (SystemUtils.IS_OS_WINDOWS) {
-            volumeOutputPath = FileUtil.translateToVolumePath(volumeOutputPath);
+            volumeOutputPath = FileUtil.translateToVolumePath(outputPath);
+        } else {
+            volumeOutputPath = outputPath;
         }
 
-        String selinuxBindOption = ":z";
-        if (SystemUtils.IS_OS_MAC
-                && ContainerRuntimeUtil.detectContainerRuntime() == ContainerRuntimeUtil.ContainerRuntime.PODMAN) {
+        final String selinuxBindOption;
+        if (SystemUtils.IS_OS_MAC && containerRuntime == PODMAN) {
             selinuxBindOption = "";
+        } else {
+            selinuxBindOption = ":z";
         }
 
         Collections.addAll(containerRuntimeArgs, "-v",
diff --git a/core/runtime/src/main/java/io/quarkus/runtime/util/ContainerRuntimeUtil.java b/core/runtime/src/main/java/io/quarkus/runtime/util/ContainerRuntimeUtil.java
@@ -5,6 +5,9 @@
 import java.io.InputStream;
 import java.io.InputStreamReader;
 import java.nio.charset.StandardCharsets;
+import java.nio.file.Files;
+import java.nio.file.Path;
+import java.nio.file.StandardOpenOption;
 import java.util.function.Predicate;
 import java.util.stream.Collectors;
 
@@ -18,53 +21,118 @@ public final class ContainerRuntimeUtil {
     private static final Logger log = Logger.getLogger(ContainerRuntimeUtil.class);
     private static final String DOCKER_EXECUTABLE = ConfigProvider.getConfig().unwrap(SmallRyeConfig.class)
             .getOptionalValue("quarkus.native.container-runtime", String.class).orElse(null);
+    /*
+     * Caching the value in a file helps us only as much as one JVM execution is concerned.
+     * Test suite's pom.xml sets things like <argLine>-Djava.io.tmpdir="${project.build.directory}"</argLine>,
+     * so the file could appear in /tmp/ or C:\Users\karm\AppData\Local\Temp\ or in fact in
+     * quarkus/integration-tests/something/target.
+     * There is no point in reaching it in `Path.of(Paths.get("").toAbsolutePath().toString(), "target",
+     * "quarkus_container_runtime.txt")`
+     * as the file is deleted between JVM executions anyway.
+     */
+    static final Path CONTAINER_RUNTIME = Path.of(System.getProperty("java.io.tmpdir"), "quarkus_container_runtime.txt");
 
     private ContainerRuntimeUtil() {
     }
 
     /**
      * @return {@link ContainerRuntime#DOCKER} if it's available, or {@link ContainerRuntime#PODMAN}
      *         if the podman
-     *         executable exists in the environment or if the docker executable is an alias to podman
+     *         executable exists in the environment or if the docker executable is an alias to podman,
+     *         or {@link ContainerRuntime#UNAVAILABLE} if no container runtime is available and the required arg is false.
      * @throws IllegalStateException if no container runtime was found to build the image
      */
     public static ContainerRuntime detectContainerRuntime() {
-        // Docker version 19.03.14, build 5eb3275d40
-        String dockerVersionOutput = getVersionOutputFor(ContainerRuntime.DOCKER);
-        boolean dockerAvailable = dockerVersionOutput.contains("Docker version");
-        // Check if Podman is installed
-        // podman version 2.1.1
-        String podmanVersionOutput = getVersionOutputFor(ContainerRuntime.PODMAN);
-        boolean podmanAvailable = podmanVersionOutput.startsWith("podman version");
-        if (DOCKER_EXECUTABLE != null) {
-            if (DOCKER_EXECUTABLE.trim().equalsIgnoreCase("docker") && dockerAvailable) {
+        return detectContainerRuntime(true);
+    }
+
+    public static ContainerRuntime detectContainerRuntime(boolean required) {
+        final ContainerRuntime containerRuntime = loadConfig();
+        if (containerRuntime != null) {
+            return containerRuntime;
+        } else {
+            // Docker version 19.03.14, build 5eb3275d40
+            final String dockerVersionOutput = getVersionOutputFor(ContainerRuntime.DOCKER);
+            boolean dockerAvailable = dockerVersionOutput.contains("Docker version");
+            // Check if Podman is installed
+            // podman version 2.1.1
+            final String podmanVersionOutput = getVersionOutputFor(ContainerRuntime.PODMAN);
+            boolean podmanAvailable = podmanVersionOutput.startsWith("podman version");
+            if (DOCKER_EXECUTABLE != null) {
+                if (DOCKER_EXECUTABLE.trim().equalsIgnoreCase("docker") && dockerAvailable) {
+                    storeConfig(ContainerRuntime.DOCKER);
+                    return ContainerRuntime.DOCKER;
+                } else if (DOCKER_EXECUTABLE.trim().equalsIgnoreCase("podman") && podmanAvailable) {
+                    storeConfig(ContainerRuntime.PODMAN);
+                    return ContainerRuntime.PODMAN;
+                } else {
+                    log.warn("quarkus.native.container-runtime config property must be set to either podman or docker " +
+                            "and the executable must be available. Ignoring it.");
+                }
+            }
+            if (dockerAvailable) {
+                // Check if "docker" is an alias to "podman"
+                if (dockerVersionOutput.equals(podmanVersionOutput)) {
+                    storeConfig(ContainerRuntime.PODMAN);
+                    return ContainerRuntime.PODMAN;
+                }
+                storeConfig(ContainerRuntime.DOCKER);
                 return ContainerRuntime.DOCKER;
-            } else if (DOCKER_EXECUTABLE.trim().equalsIgnoreCase("podman") && podmanAvailable) {
+            } else if (podmanAvailable) {
+                storeConfig(ContainerRuntime.PODMAN);
                 return ContainerRuntime.PODMAN;
             } else {
-                log.warn("quarkus.native.container-runtime config property must be set to either podman or docker " +
-                        "and the executable must be available. Ignoring it.");
+                if (required) {
+                    throw new IllegalStateException("No container runtime was found. "
+                            + "Make sure you have either Docker or Podman installed in your environment.");
+                } else {
+                    storeConfig(ContainerRuntime.UNAVAILABLE);
+                    return ContainerRuntime.UNAVAILABLE;
+                }
             }
         }
+    }
 
-        if (dockerAvailable) {
-            // Check if "docker" is an alias to "podman"
-            if (dockerVersionOutput.equals(podmanVersionOutput)) {
-                return ContainerRuntime.PODMAN;
+    private static ContainerRuntime loadConfig() {
+        try {
+            if (Files.isReadable(CONTAINER_RUNTIME)) {
+                final String runtime = Files.readString(CONTAINER_RUNTIME, StandardCharsets.UTF_8);
+                if (ContainerRuntime.DOCKER.name().equalsIgnoreCase(runtime)) {
+                    return ContainerRuntime.DOCKER;
+                } else if (ContainerRuntime.PODMAN.name().equalsIgnoreCase(runtime)) {
+                    return ContainerRuntime.PODMAN;
+                } else if (ContainerRuntime.UNAVAILABLE.name().equalsIgnoreCase(runtime)) {
+                    return ContainerRuntime.UNAVAILABLE;
+                } else {
+                    log.warnf("The file %s contains an unknown value %s. Ignoring it.",
+                            CONTAINER_RUNTIME.toAbsolutePath(), runtime);
+                    return null;
+                }
+            } else {
+                return null;
             }
-            return ContainerRuntime.DOCKER;
-        } else if (podmanAvailable) {
-            return ContainerRuntime.PODMAN;
-        } else {
-            throw new IllegalStateException("No container runtime was found to. "
-                    + "Make sure you have Docker or Podman installed in your environment.");
+        } catch (IOException e) {
+            log.warnf("Error reading file %s. Ignoring it. See: %s",
+                    CONTAINER_RUNTIME.toAbsolutePath(), e);
+            return null;
+        }
+    }
+
+    private static void storeConfig(ContainerRuntime containerRuntime) {
+        try {
+            Files.writeString(CONTAINER_RUNTIME, containerRuntime.name(), StandardCharsets.UTF_8,
+                    StandardOpenOption.CREATE, StandardOpenOption.TRUNCATE_EXISTING);
+            CONTAINER_RUNTIME.toFile().deleteOnExit();
+        } catch (IOException e) {
+            log.warnf("Error writing to file %s. Ignoring it. See: %s",
+                    CONTAINER_RUNTIME.toAbsolutePath(), e);
         }
     }
 
     private static String getVersionOutputFor(ContainerRuntime containerRuntime) {
         Process versionProcess = null;
         try {
-            ProcessBuilder pb = new ProcessBuilder(containerRuntime.getExecutableName(), "--version")
+            final ProcessBuilder pb = new ProcessBuilder(containerRuntime.getExecutableName(), "--version")
                     .redirectErrorStream(true);
             versionProcess = pb.start();
             versionProcess.waitFor();
@@ -100,7 +168,7 @@ private static boolean getRootlessStateFor(ContainerRuntime containerRuntime) {
                             bufferedReader.lines().collect(Collectors.joining(System.lineSeparator())));
                     return false;
                 } else {
-                    Predicate<String> stringPredicate;
+                    final Predicate<String> stringPredicate;
                     // Docker includes just "rootless" under SecurityOptions, while podman includes "rootless: <boolean>"
                     if (containerRuntime == ContainerRuntime.DOCKER) {
                         stringPredicate = line -> line.trim().equals("rootless");
@@ -126,19 +194,26 @@ private static boolean getRootlessStateFor(ContainerRuntime containerRuntime) {
      */
     public enum ContainerRuntime {
         DOCKER,
-        PODMAN;
+        PODMAN,
+        UNAVAILABLE;
 
-        private final boolean rootless;
-
-        ContainerRuntime() {
-            this.rootless = getRootlessStateFor(this);
-        }
+        private Boolean rootless;
 
         public String getExecutableName() {
             return this.name().toLowerCase();
         }
 
         public boolean isRootless() {
+            if (rootless != null) {
+                return rootless;
+            } else {
+                if (this != ContainerRuntime.UNAVAILABLE) {
+                    rootless = getRootlessStateFor(this);
+                } else {
+                    throw new IllegalStateException("No container runtime was found. "
+                            + "Make sure you have either Docker or Podman installed in your environment.");
+                }
+            }
             return rootless;
         }
     }
