cli: allow to kill a stopped container and sandbox

[bergwolf]

cri containerd calls kill on stopped sandbox and if we
fail the call, it can cause cri stopp command to fail
too.

Also add a few logs to track container state transitioning.

Fixes: #1084

[lifupan]

If the sandbox/container has stopped, will the following vci.StopSandbox/vci.StopContainer return another err?

[bergwolf]

No, it's ignored in sandbox.stop()

[bergwolf]

/test

[lifupan]

It seems there's something wrong with the CI.
LGTM!

[sboeuf]

@bergwolf
I understand what you're doing by making the kill more permissive and the Sandbox stop idempotent, but I'm worried we might not be OCI compliant anymore.
If you take a look here: https://github.com/opencontainers/runtime-spec/blob/master/runtime.md#kill, it specifies clearly that sending a signal to a container that is not running or created must return an error.

I'm wondering if instead we should try to fix the behavior at the crictl level, by making sure that crictl ignores an error coming from a kill, since the container might already be stopped. WDYT?

[bergwolf]

@sboeuf Good point! After taking a closer look, it is because of a tiny difference with how we handle kill -a compared with runc. The -a option is not documented in OCI runtime spec. As a result we have to follow runc behavior and do not fail on container status when -a is specified, see https://github.com/opencontainers/runc/blob/master/libcontainer/container_linux.go#L378

I've updated the PR to include above change. PTAL.

[egernst]

/test

[sboeuf]

/test

[bergwolf]

/test

[jodh-intel]

Could you add a unit test for this scenario (and the one above in the if)?

[bergwolf]

/test

[sboeuf]

@jodh-intel unit test has been added, if this is okay for you, please merge the PR!

[jodh-intel]

Thanks @bergwolf!

lgtm