diff --git a/docs/attach.md b/docs/attach.md index d346c2f..0dfa92d 100644 --- a/docs/attach.md +++ b/docs/attach.md @@ -18,15 +18,15 @@ message CreateContainerRequest { string stdin = 3; // path to the file where stdin will be read (optional) string stdout = 4; // path to file where stdout will be written (optional) string stderr = 5; // path to file where stderr will be written (optional) - string console = 6; // path to the console for a container (optional) + string console = 6; // path to the console for a container (optional) string checkpoint = 7; // checkpoint name if you want to create immediate checkpoint (optional) } ``` ## Attach -In order to have attach like functionality for your containers you use the same API request but named pipes or `fifo`s can be be used to achieve this type of functionality. -The default CLI for containerd does this if you specify the `--attach` flag on `create`. +In order to have attach like functionality for your containers you use the same API request but named pipes or `fifo`s can be used to achieve this type of functionality. +The default CLI for containerd does this if you specify the `--attach` flag on `create` or `start`. It will create fifos for each of the containers stdio which the CLI can read and write to. This can be used to create an interactive session with the container, `bash` for example, or to have a blocking way to collect the container's STDIO and forward it to your logging facilities. diff --git a/docs/bundle.md b/docs/bundle.md index 029ff63..b3cd495 100644 --- a/docs/bundle.md +++ b/docs/bundle.md @@ -49,242 +49,159 @@ cli tool from the [runc](https://github.com/opencontainers/runc) repository. You need to `cd` into the `redis` directory and run the `runc spec` command. After doing this you -should have two files created, `configs.json` and `runtime.json`. The directory structure should -look like this: +should have a file `config.json` created. The directory structure should look like this: ``` /containers/redis ├── config.json -├── rootfs/ -└── runtime.json +└── rootfs/ ``` ## Edits -We need to edit the config to add `redis-server` as the application to launch inside the container along with -a few other settings. The resulting `config.json` should look like this: +We need to edit the config to add `redis-server` as the application to launch inside the container, +and remove the network namespace so that you can connect to the redis server on your system. +The resulting `config.json` should look like this: ```json { - "version": "0.2.0", - "platform": { - "os": "linux", - "arch": "amd64" - }, - "process": { - "terminal": false, - "user": { - "uid": 1000, - "gid": 1000 - }, - "args": [ - "redis-server", "--bind", "0.0.0.0" - ], - "env": [ - "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin", - "TERM=xterm" - ], - "cwd": "" - }, - "root": { - "path": "rootfs", - "readonly": false - }, - "hostname": "shell", - "mounts": [ - {"name": "proc", "path": "/proc"}, - {"name": "dev", "path": "/dev"}, - {"name": "devpts", "path": "/dev/pts"}, - {"name": "shm", "path": "/dev/shm"}, - {"name": "mqueue", "path": "/dev/mqueue"}, - {"name": "sysfs", "path": "/sys"} - ], - "linux": { - "capabilities": [ - "CAP_AUDIT_WRITE", - "CAP_KILL", - "CAP_NET_BIND_SERVICE" - ] - } -} -``` - -You will also want to edit the `runtime.json` file to remove the network namespace so that -you can connect to the redis server on your system. The final result for the `runtime.json` -file should look like this: - -```json -{ - "mounts": { - "dev": { - "type": "tmpfs", - "source": "tmpfs", - "options": [ - "nosuid", - "strictatime", - "mode=755", - "size=65536k" - ] - }, - "devpts": { - "type": "devpts", - "source": "devpts", - "options": [ - "nosuid", - "noexec", - "newinstance", - "ptmxmode=0666", - "mode=0620", - "gid=5" - ] - }, - "mqueue": { - "type": "mqueue", - "source": "mqueue", - "options": [ - "nosuid", - "noexec", - "nodev" - ] - }, - "proc": { - "type": "proc", - "source": "proc", - "options": null - }, - "shm": { - "type": "tmpfs", - "source": "shm", - "options": [ - "nosuid", - "noexec", - "nodev", - "mode=1777", - "size=65536k" - ] - }, - "sysfs": { - "type": "sysfs", - "source": "sysfs", - "options": [ - "nosuid", - "noexec", - "nodev" - ] - } - }, - "linux": { - "rlimits": [ - { - "type": "RLIMIT_NOFILE", - "hard": 1024, - "soft": 1024 - } - ], - "resources": { - "disableOOMKiller": false, - "memory": { - "limit": 0, - "reservation": 0, - "swap": 0, - "kernel": 0 - }, - "cpu": { - "shares": 0, - "quota": 0, - "period": 0, - "realtimeRuntime": 0, - "realtimePeriod": 0, - "cpus": "", - "mems": "" - }, - "pids": { - "limit": 0 - }, - "blockIO": { - "blkioWeight": 0, - "blkioLeafWeight": 0, - "blkioWeightDevice": null, - "blkioThrottleReadBpsDevice": null, - "blkioThrottleWriteBpsDevice": null, - "blkioThrottleReadIOPSDevice": null, - "blkioThrottleWriteIOPSDevice": null - }, - "hugepageLimits": null, - "network": { - "classId": "", - "priorities": null - } - }, - "namespaces": [ - {"type": "pid", "path": ""}, - {"type": "ipc", "path": ""}, - {"type": "uts", "path": ""}, - {"type": "mount", "path": ""} - ], - "devices": [ - { - "path": "/dev/null", - "type": 99, - "major": 1, - "minor": 3, - "permissions": "rwm", - "fileMode": 438, - "uid": 0, - "gid": 0 - }, - { - "path": "/dev/random", - "type": 99, - "major": 1, - "minor": 8, - "permissions": "rwm", - "fileMode": 438, - "uid": 0, - "gid": 0 - }, - { - "path": "/dev/full", - "type": 99, - "major": 1, - "minor": 7, - "permissions": "rwm", - "fileMode": 438, - "uid": 0, - "gid": 0 - }, - { - "path": "/dev/tty", - "type": 99, - "major": 5, - "minor": 0, - "permissions": "rwm", - "fileMode": 438, - "uid": 0, - "gid": 0 - }, - { - "path": "/dev/zero", - "type": 99, - "major": 1, - "minor": 5, - "permissions": "rwm", - "fileMode": 438, - "uid": 0, - "gid": 0 - }, - { - "path": "/dev/urandom", - "type": 99, - "major": 1, - "minor": 9, - "permissions": "rwm", - "fileMode": 438, - "uid": 0, - "gid": 0 - } - ] - } + "ociVersion": "0.4.0", + "platform": { + "os": "linux", + "arch": "amd64" + }, + "process": { + "terminal": true, + "user": {}, + "args": [ + "redis-server", "--bind", "0.0.0.0" + ], + "env": [ + "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin", + "TERM=xterm" + ], + "cwd": "/", + "capabilities": [ + "CAP_AUDIT_WRITE", + "CAP_KILL", + "CAP_NET_BIND_SERVICE" + ], + "rlimits": [ + { + "type": "RLIMIT_NOFILE", + "hard": 1024, + "soft": 1024 + } + ], + "noNewPrivileges": true + }, + "root": { + "path": "rootfs", + "readonly": true + }, + "hostname": "runc", + "mounts": [ + { + "destination": "/proc", + "type": "proc", + "source": "proc" + }, + { + "destination": "/dev", + "type": "tmpfs", + "source": "tmpfs", + "options": [ + "nosuid", + "strictatime", + "mode=755", + "size=65536k" + ] + }, + { + "destination": "/dev/pts", + "type": "devpts", + "source": "devpts", + "options": [ + "nosuid", + "noexec", + "newinstance", + "ptmxmode=0666", + "mode=0620", + "gid=5" + ] + }, + { + "destination": "/dev/shm", + "type": "tmpfs", + "source": "shm", + "options": [ + "nosuid", + "noexec", + "nodev", + "mode=1777", + "size=65536k" + ] + }, + { + "destination": "/dev/mqueue", + "type": "mqueue", + "source": "mqueue", + "options": [ + "nosuid", + "noexec", + "nodev" + ] + }, + { + "destination": "/sys", + "type": "sysfs", + "source": "sysfs", + "options": [ + "nosuid", + "noexec", + "nodev", + "ro" + ] + }, + { + "destination": "/sys/fs/cgroup", + "type": "cgroup", + "source": "cgroup", + "options": [ + "nosuid", + "noexec", + "nodev", + "relatime", + "ro" + ] + } + ], + "hooks": {}, + "linux": { + "resources": { + "devices": [ + { + "allow": false, + "access": "rwm" + } + ] + }, + "namespaces": [ + { + "type": "pid" + }, + { + "type": "ipc" + }, + { + "type": "uts" + }, + { + "type": "mount" + } + ], + "devices": null + } } ```