vbatts/containerd
1
0
Fork 0
Code Pull requests Releases Activity

Initial windows runtime work

Browse source 
Signed-off-by: Kenfe-Mickael Laventure <mickael.laventure@gmail.com>
This commit is contained in:
Kenfe-Mickael Laventure 2017-03-17 16:09:06 -07:00
parent e5c8c5634a
commit c5843b7615
120 changed files with 11158 additions and 596 deletions
Download patch file Download diff file Expand all files Collapse all files

63
cmd/ctr/exec.go
View file

@ -2,14 +2,10 @@ package main
import (
gocontext "context"
"encoding/json"
"os"
"path/filepath"
"github.com/containerd/containerd/api/services/execution"
"github.com/crosbymichael/console"
protobuf "github.com/gogo/protobuf/types"
specs "github.com/opencontainers/runtime-spec/specs-go"
"github.com/urfave/cli"
)
@ -21,6 +17,10 @@ var execCommand = cli.Command{
Name: "id",
Usage: "id of the container",
},
cli.StringFlag{
Name: "cwd",
Usage: "working directory of the new process",
},
cli.BoolFlag{
Name: "tty,t",
Usage: "allocate a TTY for the container",
@ -32,11 +32,6 @@ var execCommand = cli.Command{
ctx = gocontext.Background()
)
process := createProcess(context.Args(), "", context.Bool("tty"))
data, err := json.Marshal(process)
if err != nil {
return err
}
containers, err := getExecutionService(context)
if err != nil {
return err
@ -50,16 +45,9 @@ var execCommand = cli.Command{
return err
}
defer os.RemoveAll(tmpDir)
request := &execution.ExecRequest{
ID: id,
Spec: &protobuf.Any{
TypeUrl: specs.Version,
Value: data,
},
Terminal: context.Bool("tty"),
Stdin: filepath.Join(tmpDir, "stdin"),
Stdout: filepath.Join(tmpDir, "stdout"),
Stderr: filepath.Join(tmpDir, "stderr"),
request, err := newExecRequest(context, tmpDir, id)
if err != nil {
return err
}
if request.Terminal {
con := console.Current()
@ -89,40 +77,3 @@ var execCommand = cli.Command{
return nil
},
}
func createProcess(args []string, cwd string, tty bool) specs.Process {
env := []string{
"PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin",
}
if tty {
env = append(env, "TERM=xterm")
}
if cwd == "" {
cwd = "/"
}
return specs.Process{
Args: args,
Env: env,
Terminal: tty,
Cwd: cwd,
NoNewPrivileges: true,
User: specs.User{
UID: 0,
GID: 0,
},
Capabilities: &specs.LinuxCapabilities{
Bounding: capabilities,
Permitted: capabilities,
Inheritable: capabilities,
Effective: capabilities,
Ambient: capabilities,
},
Rlimits: []specs.LinuxRlimit{
{
Type: "RLIMIT_NOFILE",
Hard: uint64(1024),
Soft: uint64(1024),
},
},
}
}

69
cmd/ctr/exec_unix.go Normal file
View file

@ -0,0 +1,69 @@
// +build !windows
package main
import (
"encoding/json"
"path/filepath"
"github.com/containerd/containerd/api/services/execution"
protobuf "github.com/gogo/protobuf/types"
specs "github.com/opencontainers/runtime-spec/specs-go"
"github.com/urfave/cli"
)
func createProcessSpec(args []string, cwd string, tty bool) specs.Process {
env := []string{
"PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin",
}
if tty {
env = append(env, "TERM=xterm")
}
if cwd == "" {
cwd = "/"
}
return specs.Process{
Args: args,
Env: env,
Terminal: tty,
Cwd: cwd,
NoNewPrivileges: true,
User: specs.User{
UID: 0,
GID: 0,
},
Capabilities: &specs.LinuxCapabilities{
Bounding: capabilities,
Permitted: capabilities,
Inheritable: capabilities,
Effective: capabilities,
Ambient: capabilities,
},
Rlimits: []specs.LinuxRlimit{
{
Type: "RLIMIT_NOFILE",
Hard: uint64(1024),
Soft: uint64(1024),
},
},
}
}
func newExecRequest(context *cli.Context, tmpDir, id string) (*execution.ExecRequest, error) {
process := createProcessSpec(context.Args(), context.String("cwd"), context.Bool("tty"))
data, err := json.Marshal(process)
if err != nil {
return nil, err
}
return &execution.ExecRequest{
ID: id,
Spec: &protobuf.Any{
TypeUrl: specs.Version,
Value: data,
},
Terminal: context.Bool("tty"),
Stdin: filepath.Join(tmpDir, "stdin"),
Stdout: filepath.Join(tmpDir, "stdout"),
Stderr: filepath.Join(tmpDir, "stderr"),
}, nil
}

40
cmd/ctr/exec_windows.go Normal file
View file

@ -0,0 +1,40 @@
package main
import (
"encoding/json"
"fmt"
"time"
"github.com/containerd/containerd/api/services/execution"
protobuf "github.com/gogo/protobuf/types"
specs "github.com/opencontainers/runtime-spec/specs-go"
"github.com/urfave/cli"
)
func newExecRequest(context *cli.Context, tmpDir, id string) (*execution.ExecRequest, error) {
process := specs.Process{
Args: context.Args(),
Terminal: context.Bool("tty"),
Cwd: context.String("cwd"),
}
data, err := json.Marshal(process)
if err != nil {
return nil, err
}
now := time.Now().UnixNano()
request := &execution.ExecRequest{
ID: id,
Spec: &protobuf.Any{
TypeUrl: specs.Version,
Value: data,
},
Terminal: context.Bool("tty"),
Stdin: fmt.Sprintf(`%s\ctr-%s-stdin-`, pipeRoot, id, now),
Stdout: fmt.Sprintf(`%s\ctr-%s-stdout-`, pipeRoot, id, now),
}
if !request.Terminal {
request.Stderr = fmt.Sprintf(`%s\ctr-%s-stderr-`, pipeRoot, id, now)
}
return request, nil
}

60
cmd/ctr/kill.go
View file

@ -2,54 +2,12 @@ package main
import (
gocontext "context"
"fmt"
"strconv"
"strings"
"syscall"
"github.com/containerd/containerd/api/services/execution"
"github.com/pkg/errors"
"github.com/urfave/cli"
)
var signalMap = map[string]syscall.Signal{
"ABRT": syscall.SIGABRT,
"ALRM": syscall.SIGALRM,
"BUS": syscall.SIGBUS,
"CHLD": syscall.SIGCHLD,
"CLD": syscall.SIGCLD,
"CONT": syscall.SIGCONT,
"FPE": syscall.SIGFPE,
"HUP": syscall.SIGHUP,
"ILL": syscall.SIGILL,
"INT": syscall.SIGINT,
"IO": syscall.SIGIO,
"IOT": syscall.SIGIOT,
"KILL": syscall.SIGKILL,
"PIPE": syscall.SIGPIPE,
"POLL": syscall.SIGPOLL,
"PROF": syscall.SIGPROF,
"PWR": syscall.SIGPWR,
"QUIT": syscall.SIGQUIT,
"SEGV": syscall.SIGSEGV,
"STKFLT": syscall.SIGSTKFLT,
"STOP": syscall.SIGSTOP,
"SYS": syscall.SIGSYS,
"TERM": syscall.SIGTERM,
"TRAP": syscall.SIGTRAP,
"TSTP": syscall.SIGTSTP,
"TTIN": syscall.SIGTTIN,
"TTOU": syscall.SIGTTOU,
"UNUSED": syscall.SIGUNUSED,
"URG": syscall.SIGURG,
"USR1": syscall.SIGUSR1,
"USR2": syscall.SIGUSR2,
"VTALRM": syscall.SIGVTALRM,
"WINCH": syscall.SIGWINCH,
"XCPU": syscall.SIGXCPU,
"XFSZ": syscall.SIGXFSZ,
}
var killCommand = cli.Command{
Name: "kill",
Usage: "signal a container",
@ -95,21 +53,3 @@ var killCommand = cli.Command{
return nil
},
}
func parseSignal(rawSignal string) (syscall.Signal, error) {
s, err := strconv.Atoi(rawSignal)
if err == nil {
sig := syscall.Signal(s)
for _, msig := range signalMap {
if sig == msig {
return sig, nil
}
}
return -1, fmt.Errorf("unknown signal %q", rawSignal)
}
signal, ok := signalMap[strings.TrimPrefix(strings.ToUpper(rawSignal), "SIG")]
if !ok {
return -1, fmt.Errorf("unknown signal %q", rawSignal)
}
return signal, nil
}

66
cmd/ctr/kill_unix.go Normal file
View file

@ -0,0 +1,66 @@
// +build !windows
package main
import (
"fmt"
"strconv"
"strings"
"syscall"
)
var signalMap = map[string]syscall.Signal{
"ABRT": syscall.SIGABRT,
"ALRM": syscall.SIGALRM,
"BUS": syscall.SIGBUS,
"CHLD": syscall.SIGCHLD,
"CLD": syscall.SIGCLD,
"CONT": syscall.SIGCONT,
"FPE": syscall.SIGFPE,
"HUP": syscall.SIGHUP,
"ILL": syscall.SIGILL,
"INT": syscall.SIGINT,
"IO": syscall.SIGIO,
"IOT": syscall.SIGIOT,
"KILL": syscall.SIGKILL,
"PIPE": syscall.SIGPIPE,
"POLL": syscall.SIGPOLL,
"PROF": syscall.SIGPROF,
"PWR": syscall.SIGPWR,
"QUIT": syscall.SIGQUIT,
"SEGV": syscall.SIGSEGV,
"STKFLT": syscall.SIGSTKFLT,
"STOP": syscall.SIGSTOP,
"SYS": syscall.SIGSYS,
"TERM": syscall.SIGTERM,
"TRAP": syscall.SIGTRAP,
"TSTP": syscall.SIGTSTP,
"TTIN": syscall.SIGTTIN,
"TTOU": syscall.SIGTTOU,
"UNUSED": syscall.SIGUNUSED,
"URG": syscall.SIGURG,
"USR1": syscall.SIGUSR1,
"USR2": syscall.SIGUSR2,
"VTALRM": syscall.SIGVTALRM,
"WINCH": syscall.SIGWINCH,
"XCPU": syscall.SIGXCPU,
"XFSZ": syscall.SIGXFSZ,
}
func parseSignal(rawSignal string) (syscall.Signal, error) {
s, err := strconv.Atoi(rawSignal)
if err == nil {
sig := syscall.Signal(s)
for _, msig := range signalMap {
if sig == msig {
return sig, nil
}
}
return -1, fmt.Errorf("unknown signal %q", rawSignal)
}
signal, ok := signalMap[strings.TrimPrefix(strings.ToUpper(rawSignal), "SIG")]
if !ok {
return -1, fmt.Errorf("unknown signal %q", rawSignal)
}
return signal, nil
}

7
cmd/ctr/kill_windows.go Normal file
View file

@ -0,0 +1,7 @@
package main
import "syscall"
func parseSignal(rawSignal string) (syscall.Signal, error) {
return syscall.SIGKILL, nil
}

10
cmd/ctr/main.go
View file

@ -9,6 +9,10 @@ import (
"github.com/urfave/cli"
)
var (
extraCmds = []cli.Command{}
)
func init() {
cli.VersionPrinter = func(c *cli.Context) {
fmt.Println(c.App.Name, containerd.Package, c.App.Version)
@ -34,8 +38,8 @@ containerd client
Usage: "enable debug output in logs",
},
cli.StringFlag{
Name: "socket, s",
Usage: "socket path for containerd's GRPC server",
Name: "address, s",
Usage: "address for containerd's GRPC server",
Value: "/run/containerd/containerd.sock",
},
cli.StringFlag{
@ -53,10 +57,10 @@ containerd client
listCommand,
infoCommand,
killCommand,
shimCommand,
pprofCommand,
execCommand,
}
app.Commands = append(app.Commands, extraCmds...)
app.Before = func(context *cli.Context) error {
if context.GlobalBool("debug") {
logrus.SetLevel(logrus.DebugLevel)

7
cmd/ctr/main_unix.go Normal file
View file

@ -0,0 +1,7 @@
// +build !windows
package main
func init() {
extraCmds = append(extraCmds, shimCommand)
}

319
cmd/ctr/run.go
View file

@ -5,10 +5,7 @@ import (
"encoding/json"
"fmt"
"os"
"path/filepath"
"runtime"
"strconv"
"strings"
"google.golang.org/grpc"
"google.golang.org/grpc/codes"
@ -17,208 +14,12 @@ import (
rootfsapi "github.com/containerd/containerd/api/services/rootfs"
"github.com/containerd/containerd/images"
"github.com/crosbymichael/console"
protobuf "github.com/gogo/protobuf/types"
"github.com/opencontainers/image-spec/identity"
ocispec "github.com/opencontainers/image-spec/specs-go/v1"
"github.com/opencontainers/runtime-spec/specs-go"
"github.com/pkg/errors"
"github.com/urfave/cli"
)
const (
rwm = "rwm"
rootfsPath = "rootfs"
)
var capabilities = []string{
"CAP_CHOWN",
"CAP_DAC_OVERRIDE",
"CAP_FSETID",
"CAP_FOWNER",
"CAP_MKNOD",
"CAP_NET_RAW",
"CAP_SETGID",
"CAP_SETUID",
"CAP_SETFCAP",
"CAP_SETPCAP",
"CAP_NET_BIND_SERVICE",
"CAP_SYS_CHROOT",
"CAP_KILL",
"CAP_AUDIT_WRITE",
}
func spec(id string, config *ocispec.ImageConfig, context *cli.Context) (*specs.Spec, error) {
env := []string{
"PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin",
}
env = append(env, config.Env...)
cmd := config.Cmd
if v := context.Args().Tail(); len(v) > 0 {
cmd = v
}
var (
// TODO: support overriding entrypoint
args = append(config.Entrypoint, cmd...)
tty = context.Bool("tty")
uid, gid uint32
)
if config.User != "" {
parts := strings.Split(config.User, ":")
switch len(parts) {
case 1:
v, err := strconv.ParseUint(parts[0], 0, 10)
if err != nil {
return nil, err
}
uid, gid = uint32(v), uint32(v)
case 2:
v, err := strconv.ParseUint(parts[0], 0, 10)
if err != nil {
return nil, err
}
uid = uint32(v)
if v, err = strconv.ParseUint(parts[1], 0, 10); err != nil {
return nil, err
}
gid = uint32(v)
default:
return nil, fmt.Errorf("invalid USER value %s", config.User)
}
}
if tty {
env = append(env, "TERM=xterm")
}
cwd := config.WorkingDir
if cwd == "" {
cwd = "/"
}
return &specs.Spec{
Version: specs.Version,
Platform: specs.Platform{
OS: runtime.GOOS,
Arch: runtime.GOARCH,
},
Root: specs.Root{
Path: rootfsPath,
Readonly: context.Bool("readonly"),
},
Process: specs.Process{
Args: args,
Env: env,
Terminal: tty,
Cwd: cwd,
NoNewPrivileges: true,
User: specs.User{
UID: uid,
GID: gid,
},
Capabilities: &specs.LinuxCapabilities{
Bounding: capabilities,
Permitted: capabilities,
Inheritable: capabilities,
Effective: capabilities,
Ambient: capabilities,
},
Rlimits: []specs.LinuxRlimit{
{
Type: "RLIMIT_NOFILE",
Hard: uint64(1024),
Soft: uint64(1024),
},
},
},
Mounts: []specs.Mount{
{
Destination: "/proc",
Type: "proc",
Source: "proc",
},
{
Destination: "/dev",
Type: "tmpfs",
Source: "tmpfs",
Options: []string{"nosuid", "strictatime", "mode=755", "size=65536k"},
},
{
Destination: "/dev/pts",
Type: "devpts",
Source: "devpts",
Options: []string{"nosuid", "noexec", "newinstance", "ptmxmode=0666", "mode=0620", "gid=5"},
},
{
Destination: "/dev/shm",
Type: "tmpfs",
Source: "shm",
Options: []string{"nosuid", "noexec", "nodev", "mode=1777", "size=65536k"},
},
{
Destination: "/dev/mqueue",
Type: "mqueue",
Source: "mqueue",
Options: []string{"nosuid", "noexec", "nodev"},
},
{
Destination: "/sys",
Type: "sysfs",
Source: "sysfs",
Options: []string{"nosuid", "noexec", "nodev", "ro"},
},
{
Destination: "/run",
Type: "tmpfs",
Source: "tmpfs",
Options: []string{"nosuid", "strictatime", "mode=755", "size=65536k"},
},
{
Destination: "/etc/resolv.conf",
Type: "bind",
Source: "/etc/resolv.conf",
Options: []string{"rbind", "ro"},
},
{
Destination: "/etc/hosts",
Type: "bind",
Source: "/etc/hosts",
Options: []string{"rbind", "ro"},
},
{
Destination: "/etc/localtime",
Type: "bind",
Source: "/etc/localtime",
Options: []string{"rbind", "ro"},
},
},
Hostname: id,
Linux: &specs.Linux{
Resources: &specs.LinuxResources{
Devices: []specs.LinuxDeviceCgroup{
{
Allow: false,
Access: rwm,
},
},
},
Namespaces: []specs.LinuxNamespace{
{
Type: "pid",
},
{
Type: "ipc",
},
{
Type: "uts",
},
{
Type: "mount",
},
{
Type: "network",
},
},
},
}, nil
}
var runCommand = cli.Command{
Name: "run",
Usage: "run a container",
@ -232,10 +33,6 @@ var runCommand = cli.Command{
Name: "tty,t",
Usage: "allocate a TTY for the container",
},
cli.StringFlag{
Name: "rootfs,r",
Usage: "path to the container's root filesystem",
},
cli.StringFlag{
Name: "runtime",
Usage: "runtime name (linux, windows, vmware-linux)",
@ -247,12 +44,17 @@ var runCommand = cli.Command{
},
},
Action: func(context *cli.Context) error {
ctx := gocontext.Background()
id := context.String("id")
var (
err error
resp *rootfsapi.MountResponse
imageConfig ocispec.Image
ctx = gocontext.Background()
id = context.String("id")
)
if id == "" {
return errors.New("container id must be provided")
}
containers, err := getExecutionService(context)
if err != nil {
return err
@ -282,76 +84,64 @@ var runCommand = cli.Command{
return errors.Wrap(err, "failed resolving image store")
}
ref := context.Args().First()
if runtime.GOOS != "windows" {
ref := context.Args().First()
image, err := imageStore.Get(ctx, ref)
if err != nil {
return errors.Wrapf(err, "could not resolve %q", ref)
}
// let's close out our db and tx so we don't hold the lock whilst running.
diffIDs, err := image.RootFS(ctx, provider)
if err != nil {
return err
}
if _, err := rootfsClient.Prepare(gocontext.TODO(), &rootfsapi.PrepareRequest{
Name: id,
ChainID: identity.ChainID(diffIDs),
}); err != nil {
if grpc.Code(err) != codes.AlreadyExists {
return err
image, err := imageStore.Get(ctx, ref)
if err != nil {
return errors.Wrapf(err, "could not resolve %q", ref)
}
}
// let's close out our db and tx so we don't hold the lock whilst running.
resp, err := rootfsClient.Mounts(gocontext.TODO(), &rootfsapi.MountsRequest{
Name: id,
})
if err != nil {
return err
}
ic, err := image.Config(ctx, provider)
if err != nil {
return err
}
var imageConfig ocispec.Image
switch ic.MediaType {
case ocispec.MediaTypeImageConfig, images.MediaTypeDockerSchema2Config:
r, err := provider.Reader(ctx, ic.Digest)
diffIDs, err := image.RootFS(ctx, provider)
if err != nil {
return err
}
if err := json.NewDecoder(r).Decode(&imageConfig); err != nil {
r.Close()
if _, err := rootfsClient.Prepare(gocontext.TODO(), &rootfsapi.PrepareRequest{
Name: id,
ChainID: identity.ChainID(diffIDs),
}); err != nil {
if grpc.Code(err) != codes.AlreadyExists {
return err
}
}
resp, err = rootfsClient.Mounts(gocontext.TODO(), &rootfsapi.MountsRequest{
Name: id,
})
if err != nil {
return err
}
r.Close()
default:
return fmt.Errorf("unknown image config media type %s", ic.MediaType)
ic, err := image.Config(ctx, provider)
if err != nil {
return err
}
switch ic.MediaType {
case ocispec.MediaTypeImageConfig, images.MediaTypeDockerSchema2Config:
r, err := provider.Reader(ctx, ic.Digest)
if err != nil {
return err
}
if err := json.NewDecoder(r).Decode(&imageConfig); err != nil {
r.Close()
return err
}
r.Close()
default:
return fmt.Errorf("unknown image config media type %s", ic.MediaType)
}
} else {
// TODO: get the image / rootfs through the API once windows has a snapshotter
}
rootfs := resp.Mounts
// generate the spec based on the image config
s, err := spec(id, &imageConfig.Config, context)
create, err := newCreateRequest(context, &imageConfig.Config, id, tmpDir)
if err != nil {
return err
}
data, err := json.Marshal(s)
if err != nil {
return err
}
create := &execution.CreateRequest{
ID: id,
Spec: &protobuf.Any{
TypeUrl: specs.Version,
Value: data,
},
Rootfs: rootfs,
Runtime: context.String("runtime"),
Terminal: context.Bool("tty"),
Stdin: filepath.Join(tmpDir, "stdin"),
Stdout: filepath.Join(tmpDir, "stdout"),
Stderr: filepath.Join(tmpDir, "stderr"),
if resp != nil {
create.Rootfs = resp.Mounts
}
if create.Terminal {
con := console.Current()
@ -360,6 +150,7 @@ var runCommand = cli.Command{
return err
}
}
fwg, err := prepareStdio(create.Stdin, create.Stdout, create.Stderr, create.Terminal)
if err != nil {
return err

264
cmd/ctr/run_unix.go Normal file
View file

@ -0,0 +1,264 @@
// +build !windows
package main
import (
"encoding/json"
"fmt"
"io/ioutil"
"path/filepath"
"runtime"
"strconv"
"strings"
"github.com/Sirupsen/logrus"
"github.com/containerd/containerd/api/services/execution"
protobuf "github.com/gogo/protobuf/types"
ocispec "github.com/opencontainers/image-spec/specs-go/v1"
specs "github.com/opencontainers/runtime-spec/specs-go"
"github.com/urfave/cli"
)
const (
rwm = "rwm"
rootfsPath = "rootfs"
)
var capabilities = []string{
"CAP_CHOWN",
"CAP_DAC_OVERRIDE",
"CAP_FSETID",
"CAP_FOWNER",
"CAP_MKNOD",
"CAP_NET_RAW",
"CAP_SETGID",
"CAP_SETUID",
"CAP_SETFCAP",
"CAP_SETPCAP",
"CAP_NET_BIND_SERVICE",
"CAP_SYS_CHROOT",
"CAP_KILL",
"CAP_AUDIT_WRITE",
}
func spec(id string, config *ocispec.ImageConfig, context *cli.Context) (*specs.Spec, error) {
env := []string{
"PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin",
}
env = append(env, config.Env...)
cmd := config.Cmd
if v := context.Args().Tail(); len(v) > 0 {
cmd = v
}
var (
// TODO: support overriding entrypoint
args = append(config.Entrypoint, cmd...)
tty = context.Bool("tty")
uid, gid uint32
)
if config.User != "" {
parts := strings.Split(config.User, ":")
switch len(parts) {
case 1:
v, err := strconv.ParseUint(parts[0], 0, 10)
if err != nil {
return nil, err
}
uid, gid = uint32(v), uint32(v)
case 2:
v, err := strconv.ParseUint(parts[0], 0, 10)
if err != nil {
return nil, err
}
uid = uint32(v)
if v, err = strconv.ParseUint(parts[1], 0, 10); err != nil {
return nil, err
}
gid = uint32(v)
default:
return nil, fmt.Errorf("invalid USER value %s", config.User)
}
}
if tty {
env = append(env, "TERM=xterm")
}
cwd := config.WorkingDir
if cwd == "" {
cwd = "/"
}
return &specs.Spec{
Version: specs.Version,
Platform: specs.Platform{
OS: runtime.GOOS,
Arch: runtime.GOARCH,
},
Root: specs.Root{
Path: rootfsPath,
Readonly: context.Bool("readonly"),
},
Process: specs.Process{
Args: args,
Env: env,
Terminal: tty,
Cwd: cwd,
NoNewPrivileges: true,
User: specs.User{
UID: uid,
GID: gid,
},
Capabilities: &specs.LinuxCapabilities{
Bounding: capabilities,
Permitted: capabilities,
Inheritable: capabilities,
Effective: capabilities,
Ambient: capabilities,
},
Rlimits: []specs.LinuxRlimit{
{
Type: "RLIMIT_NOFILE",
Hard: uint64(1024),
Soft: uint64(1024),
},
},
},
Mounts: []specs.Mount{
{
Destination: "/proc",
Type: "proc",
Source: "proc",
},
{
Destination: "/dev",
Type: "tmpfs",
Source: "tmpfs",
Options: []string{"nosuid", "strictatime", "mode=755", "size=65536k"},
},
{
Destination: "/dev/pts",
Type: "devpts",
Source: "devpts",
Options: []string{"nosuid", "noexec", "newinstance", "ptmxmode=0666", "mode=0620", "gid=5"},
},
{
Destination: "/dev/shm",
Type: "tmpfs",
Source: "shm",
Options: []string{"nosuid", "noexec", "nodev", "mode=1777", "size=65536k"},
},
{
Destination: "/dev/mqueue",
Type: "mqueue",
Source: "mqueue",
Options: []string{"nosuid", "noexec", "nodev"},
},
{
Destination: "/sys",
Type: "sysfs",
Source: "sysfs",
Options: []string{"nosuid", "noexec", "nodev", "ro"},
},
{
Destination: "/run",
Type: "tmpfs",
Source: "tmpfs",
Options: []string{"nosuid", "strictatime", "mode=755", "size=65536k"},
},
{
Destination: "/etc/resolv.conf",
Type: "bind",
Source: "/etc/resolv.conf",
Options: []string{"rbind", "ro"},
},
{
Destination: "/etc/hosts",
Type: "bind",
Source: "/etc/hosts",
Options: []string{"rbind", "ro"},
},
{
Destination: "/etc/localtime",
Type: "bind",
Source: "/etc/localtime",
Options: []string{"rbind", "ro"},
},
},
Hostname: id,
Linux: &specs.Linux{
Resources: &specs.LinuxResources{
Devices: []specs.LinuxDeviceCgroup{
{
Allow: false,
Access: rwm,
},
},
},
Namespaces: []specs.LinuxNamespace{
{
Type: "pid",
},
{
Type: "ipc",
},
{
Type: "uts",
},
{
Type: "mount",
},
{
Type: "network",
},
},
},
}, nil
}
func customSpec(configPath string) (*specs.Spec, error) {
b, err := ioutil.ReadFile(configPath)
if err != nil {
return nil, err
}
var s specs.Spec
if err := json.Unmarshal(b, &s); err != nil {
return nil, err
}
if s.Root.Path != rootfsPath {
logrus.Warnf("ignoring Root.Path %q, setting %q forcibly", s.Root.Path, rootfsPath)
s.Root.Path = rootfsPath
}
return &s, nil
}
func getConfig(context *cli.Context, imageConfig *ocispec.ImageConfig) (*specs.Spec, error) {
config := context.String("runtime-config")
if config == "" {
return spec(context.String("id"), imageConfig, context)
}
return customSpec(config)
}
func newCreateRequest(context *cli.Context, imageConfig *ocispec.ImageConfig, id, tmpDir string) (*execution.CreateRequest, error) {
s, err := getConfig(context, imageConfig)
if err != nil {
return nil, err
}
data, err := json.Marshal(s)
if err != nil {
return nil, err
}
create := &execution.CreateRequest{
ID: id,
Spec: &protobuf.Any{
TypeUrl: specs.Version,
Value: data,
},
Runtime: context.String("runtime"),
Terminal: context.Bool("tty"),
Stdin: filepath.Join(tmpDir, "stdin"),
Stdout: filepath.Join(tmpDir, "stdout"),
Stderr: filepath.Join(tmpDir, "stderr"),
}
return create, nil
}

137
cmd/ctr/run_windows.go Normal file
View file

@ -0,0 +1,137 @@
package main
import (
"encoding/json"
"fmt"
"io/ioutil"
"runtime"
"github.com/Sirupsen/logrus"
"github.com/containerd/containerd/api/services/execution"
"github.com/containerd/containerd/windows"
"github.com/containerd/containerd/windows/hcs"
protobuf "github.com/gogo/protobuf/types"
ocispec "github.com/opencontainers/image-spec/specs-go/v1"
specs "github.com/opencontainers/runtime-spec/specs-go"
"github.com/urfave/cli"
)
const pipeRoot = `\\.\pipe`
func init() {
runCommand.Flags = append(runCommand.Flags, cli.StringSliceFlag{
Name: "layers",
Usage: "HCSSHIM Layers to be used",
})
}
func spec(id string, config *ocispec.ImageConfig, context *cli.Context) *specs.Spec {
cmd := config.Cmd
if a := context.Args().First(); a != "" {
cmd = context.Args()
}
var (
// TODO: support overriding entrypoint
args = append(config.Entrypoint, cmd...)
tty = context.Bool("tty")
cwd = config.WorkingDir
)
if cwd == "" {
cwd = `C:\`
}
return &specs.Spec{
Version: specs.Version,
Platform: specs.Platform{
OS: runtime.GOOS,
Arch: runtime.GOARCH,
},
Root: specs.Root{
Readonly: context.Bool("readonly"),
},
Process: specs.Process{
Args: args,
Terminal: tty,
Cwd: cwd,
Env: config.Env,
User: specs.User{
Username: config.User,
},
ConsoleSize: specs.Box{
Height: 20,
Width: 80,
},
},
Hostname: id,
}
}
func customSpec(context *cli.Context, configPath string) (*specs.Spec, error) {
b, err := ioutil.ReadFile(configPath)
if err != nil {
return nil, err
}
var s specs.Spec
if err := json.Unmarshal(b, &s); err != nil {
return nil, err
}
rootfs := context.String("rootfs")
if rootfs != "" && s.Root.Path != rootfs {
logrus.Warnf("ignoring config Root.Path %q, setting %q forcibly", s.Root.Path, rootfs)
s.Root.Path = rootfs
}
return &s, nil
}
func getConfig(context *cli.Context, imageConfig *ocispec.ImageConfig) (*specs.Spec, error) {
if config := context.String("runtime-config"); config != "" {
return customSpec(context, config)
}
s := spec(context.String("id"), imageConfig, context)
if rootfs := context.String("rootfs"); rootfs != "" {
s.Root.Path = rootfs
}
return s, nil
}
func newCreateRequest(context *cli.Context, imageConfig *ocispec.ImageConfig, id, tmpDir string) (*execution.CreateRequest, error) {
spec, err := getConfig(context, imageConfig)
if err != nil {
return nil, err
}
rtSpec := windows.RuntimeSpec{
OCISpec: *spec,
Configuration: hcs.Configuration{
Layers: context.StringSlice("layers"),
IgnoreFlushesDuringBoot: true,
AllowUnqualifiedDNSQuery: true},
}
data, err := json.Marshal(rtSpec)
if err != nil {
return nil, err
}
create := &execution.CreateRequest{
ID: id,
Spec: &protobuf.Any{
TypeUrl: specs.Version,
Value: data,
},
Runtime: context.String("runtime"),
Terminal: context.Bool("tty"),
Stdin: fmt.Sprintf(`%s\ctr-%s-stdin`, pipeRoot, id),
Stdout: fmt.Sprintf(`%s\ctr-%s-stdout`, pipeRoot, id),
}
if !create.Terminal {
create.Stderr = fmt.Sprintf(`%s\ctr-%s-stderr`, pipeRoot, id)
}
return create, nil
}

2
cmd/ctr/shim.go
View file

@ -1,3 +1,5 @@
// +build linux
package main
import (

90
cmd/ctr/utils.go
View file

@ -2,17 +2,9 @@ package main
import (
"fmt"
"io"
"io/ioutil"
"log"
"net"
"os"
"path/filepath"
"sync"
"syscall"
"time"
gocontext "context"
contentapi "github.com/containerd/containerd/api/services/content"
"github.com/containerd/containerd/api/services/execution"
@ -23,94 +15,12 @@ import (
"github.com/containerd/containerd/images"
contentservice "github.com/containerd/containerd/services/content"
imagesservice "github.com/containerd/containerd/services/images"
"github.com/pkg/errors"
"github.com/tonistiigi/fifo"
"github.com/urfave/cli"
"google.golang.org/grpc"
"google.golang.org/grpc/grpclog"
)
var grpcConn *grpc.ClientConn
func prepareStdio(stdin, stdout, stderr string, console bool) (*sync.WaitGroup, error) {
var wg sync.WaitGroup
ctx := gocontext.Background()
f, err := fifo.OpenFifo(ctx, stdin, syscall.O_WRONLY|syscall.O_CREAT|syscall.O_NONBLOCK, 0700)
if err != nil {
return nil, err
}
defer func(c io.Closer) {
if err != nil {
c.Close()
}
}(f)
go func(w io.WriteCloser) {
io.Copy(w, os.Stdin)
w.Close()
}(f)
f, err = fifo.OpenFifo(ctx, stdout, syscall.O_RDONLY|syscall.O_CREAT|syscall.O_NONBLOCK, 0700)
if err != nil {
return nil, err
}
defer func(c io.Closer) {
if err != nil {
c.Close()
}
}(f)
wg.Add(1)
go func(r io.ReadCloser) {
io.Copy(os.Stdout, r)
r.Close()
wg.Done()
}(f)
f, err = fifo.OpenFifo(ctx, stderr, syscall.O_RDONLY|syscall.O_CREAT|syscall.O_NONBLOCK, 0700)
if err != nil {
return nil, err
}
defer func(c io.Closer) {
if err != nil {
c.Close()
}
}(f)
if !console {
wg.Add(1)
go func(r io.ReadCloser) {
io.Copy(os.Stderr, r)
r.Close()
wg.Done()
}(f)
}
return &wg, nil
}
func getGRPCConnection(context *cli.Context) (*grpc.ClientConn, error) {
if grpcConn != nil {
return grpcConn, nil
}
bindSocket := context.GlobalString("socket")
// reset the logger for grpc to log to dev/null so that it does not mess with our stdio
grpclog.SetLogger(log.New(ioutil.Discard, "", log.LstdFlags))
dialOpts := []grpc.DialOption{grpc.WithInsecure(), grpc.WithTimeout(100 * time.Second)}
dialOpts = append(dialOpts,
grpc.WithDialer(func(addr string, timeout time.Duration) (net.Conn, error) {
return net.DialTimeout("unix", bindSocket, timeout)
},
))
conn, err := grpc.Dial(fmt.Sprintf("unix://%s", bindSocket), dialOpts...)
if err != nil {
return nil, errors.Wrapf(err, "failed to dial %q", bindSocket)
}
grpcConn = conn
return grpcConn, nil
}
func getExecutionService(context *cli.Context) (execution.ContainerServiceClient, error) {
conn, err := getGRPCConnection(context)
if err != nil {

102
cmd/ctr/utils_unix.go Normal file
View file

@ -0,0 +1,102 @@
// +build !windows
package main
import (
"fmt"
"io"
"io/ioutil"
"log"
"net"
"os"
"sync"
"syscall"
"time"
gocontext "context"
"github.com/pkg/errors"
"github.com/tonistiigi/fifo"
"github.com/urfave/cli"
"google.golang.org/grpc"
"google.golang.org/grpc/grpclog"
)
func prepareStdio(stdin, stdout, stderr string, console bool) (*sync.WaitGroup, error) {
var wg sync.WaitGroup
ctx := gocontext.Background()
f, err := fifo.OpenFifo(ctx, stdin, syscall.O_WRONLY|syscall.O_CREAT|syscall.O_NONBLOCK, 0700)
if err != nil {
return nil, err
}
defer func(c io.Closer) {
if err != nil {
c.Close()
}
}(f)
go func(w io.WriteCloser) {
io.Copy(w, os.Stdin)
w.Close()
}(f)
f, err = fifo.OpenFifo(ctx, stdout, syscall.O_RDONLY|syscall.O_CREAT|syscall.O_NONBLOCK, 0700)
if err != nil {
return nil, err
}
defer func(c io.Closer) {
if err != nil {
c.Close()
}
}(f)
wg.Add(1)
go func(r io.ReadCloser) {
io.Copy(os.Stdout, r)
r.Close()
wg.Done()
}(f)
f, err = fifo.OpenFifo(ctx, stderr, syscall.O_RDONLY|syscall.O_CREAT|syscall.O_NONBLOCK, 0700)
if err != nil {
return nil, err
}
defer func(c io.Closer) {
if err != nil {
c.Close()
}
}(f)
if !console {
wg.Add(1)
go func(r io.ReadCloser) {
io.Copy(os.Stderr, r)
r.Close()
wg.Done()
}(f)
}
return &wg, nil
}
func getGRPCConnection(context *cli.Context) (*grpc.ClientConn, error) {
if grpcConn != nil {
return grpcConn, nil
}
bindSocket := context.GlobalString("address")
// reset the logger for grpc to log to dev/null so that it does not mess with our stdio
grpclog.SetLogger(log.New(ioutil.Discard, "", log.LstdFlags))
dialOpts := []grpc.DialOption{grpc.WithInsecure(), grpc.WithTimeout(100 * time.Second)}
dialOpts = append(dialOpts,
grpc.WithDialer(func(addr string, timeout time.Duration) (net.Conn, error) {
return net.DialTimeout("unix", bindSocket, timeout)
},
))
conn, err := grpc.Dial(fmt.Sprintf("unix://%s", bindSocket), dialOpts...)
if err != nil {
return nil, errors.Wrapf(err, "failed to dial %q", bindSocket)
}
grpcConn = conn
return grpcConn, nil
}

121
cmd/ctr/utils_windows.go Normal file
View file

@ -0,0 +1,121 @@
package main
import (
"io"
"io/ioutil"
"log"
"net"
"os"
"sync"
"time"
"github.com/Microsoft/go-winio"
clog "github.com/containerd/containerd/log"
"github.com/pkg/errors"
"github.com/urfave/cli"
"google.golang.org/grpc"
"google.golang.org/grpc/grpclog"
)
func getGRPCConnection(context *cli.Context) (*grpc.ClientConn, error) {
if grpcConn != nil {
return grpcConn, nil
}
bindAddress := context.GlobalString("address")
// reset the logger for grpc to log to dev/null so that it does not mess with our stdio
grpclog.SetLogger(log.New(ioutil.Discard, "", log.LstdFlags))
dialOpts := []grpc.DialOption{grpc.WithInsecure(), grpc.WithTimeout(100 * time.Second)}
dialOpts = append(dialOpts,
grpc.WithDialer(func(addr string, timeout time.Duration) (net.Conn, error) {
return winio.DialPipe(bindAddress, &timeout)
},
))
conn, err := grpc.Dial(bindAddress, dialOpts...)
if err != nil {
return nil, errors.Wrapf(err, "failed to dial %q", bindAddress)
}
grpcConn = conn
return grpcConn, nil
}
func prepareStdio(stdin, stdout, stderr string, console bool) (*sync.WaitGroup, error) {
var wg sync.WaitGroup
if stdin != "" {
l, err := winio.ListenPipe(stdin, nil)
if err != nil {
return nil, errors.Wrapf(err, "failed to create stdin pipe %s", stdin)
}
defer func(l net.Listener) {
if err != nil {
l.Close()
}
}(l)
go func() {
c, err := l.Accept()
if err != nil {
clog.L.WithError(err).Errorf("failed to accept stdin connection on %s", stdin)
return
}
io.Copy(c, os.Stdin)
c.Close()
l.Close()
}()
}
if stdout != "" {
l, err := winio.ListenPipe(stdout, nil)
if err != nil {
return nil, errors.Wrapf(err, "failed to create stdin pipe %s", stdout)
}
defer func(l net.Listener) {
if err != nil {
l.Close()
}
}(l)
wg.Add(1)
go func() {
defer wg.Done()
c, err := l.Accept()
if err != nil {
clog.L.WithError(err).Errorf("failed to accept stdout connection on %s", stdout)
return
}
io.Copy(os.Stdout, c)
c.Close()
l.Close()
}()
}
if !console && stderr != "" {
l, err := winio.ListenPipe(stderr, nil)
if err != nil {
return nil, errors.Wrapf(err, "failed to create stderr pipe %s", stderr)
}
defer func(l net.Listener) {
if err != nil {
l.Close()
}
}(l)
wg.Add(1)
go func() {
defer wg.Done()
c, err := l.Accept()
if err != nil {
clog.L.WithError(err).Errorf("failed to accept stderr connection on %s", stderr)
return
}
io.Copy(os.Stderr, c)
c.Close()
l.Close()
}()
}
return &wg, nil
}