diff --git a/README.md b/README.md index 10ae42a..c453b5a 100644 --- a/README.md +++ b/README.md @@ -86,25 +86,20 @@ USAGE: containerd [global options] command [command options] [arguments...] VERSION: - 0.0.4 - -AUTHOR(S): - @crosbymichael + 0.1.0 commit: 54c213e8a719d734001beb2cb8f130c84cc3bd20 COMMANDS: - help, h Shows a list of commands or help for one command - + help, h Shows a list of commands or help for one command + GLOBAL OPTIONS: - --id "deathstar" unique containerd id to identify the instance - --debug enable debug output in the logs - --state-dir "/run/containerd" runtime state directory - -c, --concurrency "10" set the concurrency level for tasks - --metrics-interval "1m0s" interval for flushing metrics to the store - --listen, -l "/run/containerd/containerd.sock" Address on which GRPC API will listen - --oom-notify enable oom notifications for containers - --graphite-address Address of graphite server - --help, -h show help - --version, -v print the version + --debug enable debug output in the logs + --state-dir "/run/containerd" runtime state directory + --metrics-interval "5m0s" interval for flushing metrics to the store + --listen, -l "/run/containerd/containerd.sock" Address on which GRPC API will listen + --runtime, -r "runc" name of the OCI compliant runtime to use when executing containers + --graphite-address Address of graphite server + --help, -h show help + --version, -v print the version ``` # Roadmap @@ -127,37 +122,58 @@ There is a default cli named `ctr` based on the GRPC api. This cli will allow you to create and manage containers run with containerd. ``` +$ ctr -h NAME: - ctr - High performance container daemon controller + ctr - High performance container daemon cli USAGE: ctr [global options] command [command options] [arguments...] VERSION: - 0.0.4 - -AUTHOR(S): - @crosbymichael + 0.1.0 commit: 54c213e8a719d734001beb2cb8f130c84cc3bd20 COMMANDS: checkpoints list all checkpoints containers interact with running containers - events receive events from the containerd daemon - help, h Shows a list of commands or help for one command - + events receive events from the containerd daemon + state get a raw dump of the containerd state + help, h Shows a list of commands or help for one command + GLOBAL OPTIONS: - --debug enable debug output in the logs + --debug enable debug output in the logs --address "/run/containerd/containerd.sock" address of GRPC API - --help, -h show help - --version, -v print the version - + --help, -h show help + --version, -v print the version ``` +### Starting a container + +``` +$ ctr containers start -h +NAME: + ctr containers start - start a container + +USAGE: + ctr containers start [command options] [arguments...] + +OPTIONS: + --checkpoint, -c checkpoint to start the container from + --attach, -a connect to the stdio of the container + --label, -l [--label option --label option] set labels for the container +``` + +```bash +$ sudo ctr containers start redis /containers/redis +``` +Note: `/containers/redis` is the path of bundle you have to prepare before +running a contianer, see [bundle](docs/bundle.md) to get more information. + + ### Listing containers ```bash $ sudo ctr containers -ID PATH STATUS PID1 +ID PATH STATUS PROCESSES 1 /containers/redis running 14063 19 /containers/redis running 14100 14 /containers/redis running 14117 @@ -180,38 +196,18 @@ ID PATH STATUS PID1 0 /containers/redis running 14006 ``` -### Starting a container - -``` -$ ctr containers start -h -NAME: - start - start a container - -USAGE: - command start [command options] [arguments...] - -OPTIONS: - --checkpoint, -c checkpoint to start the container from - --attach, -a connect to the stdio of the container - -``` - -```bash -$ sudo ctr containers start redis /containers/redis -``` - ### Kill a container's process ``` $ ctr containers kill -h NAME: - kill - send a signal to a container or its processes + ctr containers kill - send a signal to a container or its processes USAGE: - command kill [command options] [arguments...] + ctr containers kill [command options] [arguments...] OPTIONS: - --pid, -p "0" pid of the process to signal within the container + --pid, -p "init" pid of the process to signal within the container --signal, -s "15" signal to send to the container ``` @@ -220,20 +216,20 @@ OPTIONS: ``` $ ctr containers exec -h NAME: - exec - exec another process in an existing container + ctr containers exec - exec another process in an existing container USAGE: - command exec [command options] [arguments...] + ctr containers exec [command options] [arguments...] OPTIONS: --id container id to add the process to + --pid process id for the new process --attach, -a connect to the stdio of the container --cwd current working directory for the process --tty, -t create a terminal for the process --env, -e [--env option --env option] environment variables for the process --uid, -u "0" user id of the user for the process --gid, -g "0" group id of the user for the process - ``` ### Stats for a container @@ -241,10 +237,10 @@ OPTIONS: ``` $ ctr containers stats -h NAME: - stats - get stats for running container + ctr containers stats - get stats for running container USAGE: - command stats [arguments...] + ctr containers stats [arguments...] ``` ### List checkpoints @@ -261,17 +257,16 @@ test2 false false false ``` $ ctr checkpoints create -h NAME: - create - create a new checkpoint for the container + ctr checkpoints create - create a new checkpoint for the container USAGE: - command create [command options] [arguments...] + ctr checkpoints create [command options] [arguments...] OPTIONS: --tcp persist open tcp connections --unix-sockets perist unix sockets --exit exit the container after the checkpoint completes successfully --shell checkpoint shell jobs - ``` ### Get events diff --git a/docs/attach.md b/docs/attach.md index d346c2f..0dfa92d 100644 --- a/docs/attach.md +++ b/docs/attach.md @@ -18,15 +18,15 @@ message CreateContainerRequest { string stdin = 3; // path to the file where stdin will be read (optional) string stdout = 4; // path to file where stdout will be written (optional) string stderr = 5; // path to file where stderr will be written (optional) - string console = 6; // path to the console for a container (optional) + string console = 6; // path to the console for a container (optional) string checkpoint = 7; // checkpoint name if you want to create immediate checkpoint (optional) } ``` ## Attach -In order to have attach like functionality for your containers you use the same API request but named pipes or `fifo`s can be be used to achieve this type of functionality. -The default CLI for containerd does this if you specify the `--attach` flag on `create`. +In order to have attach like functionality for your containers you use the same API request but named pipes or `fifo`s can be used to achieve this type of functionality. +The default CLI for containerd does this if you specify the `--attach` flag on `create` or `start`. It will create fifos for each of the containers stdio which the CLI can read and write to. This can be used to create an interactive session with the container, `bash` for example, or to have a blocking way to collect the container's STDIO and forward it to your logging facilities. diff --git a/docs/bundle.md b/docs/bundle.md index 029ff63..b3cd495 100644 --- a/docs/bundle.md +++ b/docs/bundle.md @@ -49,242 +49,159 @@ cli tool from the [runc](https://github.com/opencontainers/runc) repository. You need to `cd` into the `redis` directory and run the `runc spec` command. After doing this you -should have two files created, `configs.json` and `runtime.json`. The directory structure should -look like this: +should have a file `config.json` created. The directory structure should look like this: ``` /containers/redis ├── config.json -├── rootfs/ -└── runtime.json +└── rootfs/ ``` ## Edits -We need to edit the config to add `redis-server` as the application to launch inside the container along with -a few other settings. The resulting `config.json` should look like this: +We need to edit the config to add `redis-server` as the application to launch inside the container, +and remove the network namespace so that you can connect to the redis server on your system. +The resulting `config.json` should look like this: ```json { - "version": "0.2.0", - "platform": { - "os": "linux", - "arch": "amd64" - }, - "process": { - "terminal": false, - "user": { - "uid": 1000, - "gid": 1000 - }, - "args": [ - "redis-server", "--bind", "0.0.0.0" - ], - "env": [ - "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin", - "TERM=xterm" - ], - "cwd": "" - }, - "root": { - "path": "rootfs", - "readonly": false - }, - "hostname": "shell", - "mounts": [ - {"name": "proc", "path": "/proc"}, - {"name": "dev", "path": "/dev"}, - {"name": "devpts", "path": "/dev/pts"}, - {"name": "shm", "path": "/dev/shm"}, - {"name": "mqueue", "path": "/dev/mqueue"}, - {"name": "sysfs", "path": "/sys"} - ], - "linux": { - "capabilities": [ - "CAP_AUDIT_WRITE", - "CAP_KILL", - "CAP_NET_BIND_SERVICE" - ] - } -} -``` - -You will also want to edit the `runtime.json` file to remove the network namespace so that -you can connect to the redis server on your system. The final result for the `runtime.json` -file should look like this: - -```json -{ - "mounts": { - "dev": { - "type": "tmpfs", - "source": "tmpfs", - "options": [ - "nosuid", - "strictatime", - "mode=755", - "size=65536k" - ] - }, - "devpts": { - "type": "devpts", - "source": "devpts", - "options": [ - "nosuid", - "noexec", - "newinstance", - "ptmxmode=0666", - "mode=0620", - "gid=5" - ] - }, - "mqueue": { - "type": "mqueue", - "source": "mqueue", - "options": [ - "nosuid", - "noexec", - "nodev" - ] - }, - "proc": { - "type": "proc", - "source": "proc", - "options": null - }, - "shm": { - "type": "tmpfs", - "source": "shm", - "options": [ - "nosuid", - "noexec", - "nodev", - "mode=1777", - "size=65536k" - ] - }, - "sysfs": { - "type": "sysfs", - "source": "sysfs", - "options": [ - "nosuid", - "noexec", - "nodev" - ] - } - }, - "linux": { - "rlimits": [ - { - "type": "RLIMIT_NOFILE", - "hard": 1024, - "soft": 1024 - } - ], - "resources": { - "disableOOMKiller": false, - "memory": { - "limit": 0, - "reservation": 0, - "swap": 0, - "kernel": 0 - }, - "cpu": { - "shares": 0, - "quota": 0, - "period": 0, - "realtimeRuntime": 0, - "realtimePeriod": 0, - "cpus": "", - "mems": "" - }, - "pids": { - "limit": 0 - }, - "blockIO": { - "blkioWeight": 0, - "blkioLeafWeight": 0, - "blkioWeightDevice": null, - "blkioThrottleReadBpsDevice": null, - "blkioThrottleWriteBpsDevice": null, - "blkioThrottleReadIOPSDevice": null, - "blkioThrottleWriteIOPSDevice": null - }, - "hugepageLimits": null, - "network": { - "classId": "", - "priorities": null - } - }, - "namespaces": [ - {"type": "pid", "path": ""}, - {"type": "ipc", "path": ""}, - {"type": "uts", "path": ""}, - {"type": "mount", "path": ""} - ], - "devices": [ - { - "path": "/dev/null", - "type": 99, - "major": 1, - "minor": 3, - "permissions": "rwm", - "fileMode": 438, - "uid": 0, - "gid": 0 - }, - { - "path": "/dev/random", - "type": 99, - "major": 1, - "minor": 8, - "permissions": "rwm", - "fileMode": 438, - "uid": 0, - "gid": 0 - }, - { - "path": "/dev/full", - "type": 99, - "major": 1, - "minor": 7, - "permissions": "rwm", - "fileMode": 438, - "uid": 0, - "gid": 0 - }, - { - "path": "/dev/tty", - "type": 99, - "major": 5, - "minor": 0, - "permissions": "rwm", - "fileMode": 438, - "uid": 0, - "gid": 0 - }, - { - "path": "/dev/zero", - "type": 99, - "major": 1, - "minor": 5, - "permissions": "rwm", - "fileMode": 438, - "uid": 0, - "gid": 0 - }, - { - "path": "/dev/urandom", - "type": 99, - "major": 1, - "minor": 9, - "permissions": "rwm", - "fileMode": 438, - "uid": 0, - "gid": 0 - } - ] - } + "ociVersion": "0.4.0", + "platform": { + "os": "linux", + "arch": "amd64" + }, + "process": { + "terminal": true, + "user": {}, + "args": [ + "redis-server", "--bind", "0.0.0.0" + ], + "env": [ + "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin", + "TERM=xterm" + ], + "cwd": "/", + "capabilities": [ + "CAP_AUDIT_WRITE", + "CAP_KILL", + "CAP_NET_BIND_SERVICE" + ], + "rlimits": [ + { + "type": "RLIMIT_NOFILE", + "hard": 1024, + "soft": 1024 + } + ], + "noNewPrivileges": true + }, + "root": { + "path": "rootfs", + "readonly": true + }, + "hostname": "runc", + "mounts": [ + { + "destination": "/proc", + "type": "proc", + "source": "proc" + }, + { + "destination": "/dev", + "type": "tmpfs", + "source": "tmpfs", + "options": [ + "nosuid", + "strictatime", + "mode=755", + "size=65536k" + ] + }, + { + "destination": "/dev/pts", + "type": "devpts", + "source": "devpts", + "options": [ + "nosuid", + "noexec", + "newinstance", + "ptmxmode=0666", + "mode=0620", + "gid=5" + ] + }, + { + "destination": "/dev/shm", + "type": "tmpfs", + "source": "shm", + "options": [ + "nosuid", + "noexec", + "nodev", + "mode=1777", + "size=65536k" + ] + }, + { + "destination": "/dev/mqueue", + "type": "mqueue", + "source": "mqueue", + "options": [ + "nosuid", + "noexec", + "nodev" + ] + }, + { + "destination": "/sys", + "type": "sysfs", + "source": "sysfs", + "options": [ + "nosuid", + "noexec", + "nodev", + "ro" + ] + }, + { + "destination": "/sys/fs/cgroup", + "type": "cgroup", + "source": "cgroup", + "options": [ + "nosuid", + "noexec", + "nodev", + "relatime", + "ro" + ] + } + ], + "hooks": {}, + "linux": { + "resources": { + "devices": [ + { + "allow": false, + "access": "rwm" + } + ] + }, + "namespaces": [ + { + "type": "pid" + }, + { + "type": "ipc" + }, + { + "type": "uts" + }, + { + "type": "mount" + } + ], + "devices": null + } } ```