Commit graph

30 commits

Author SHA1 Message Date
Akihiro Suda
71870d7631 ctr/run: revive specifying custom command
e.g.

    $ ctr run --id foo docker.io/library/busybox:latest ls

Signed-off-by: Akihiro Suda <suda.akihiro@lab.ntt.co.jp>
2017-03-31 02:21:33 +00:00
Michael Crosby
71e8d765df set +x on overlay fs dirs
We need to set +x on the overlay dirs or after dropping from root to a
non-root user an eperm will happen on exec or other file access

Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
2017-03-24 12:55:35 -07:00
Michael Crosby
597815af7e Generate spec based on image config
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
2017-03-23 15:40:09 -07:00
Michael Crosby
977939850b Update runtime spec to 035da1dca3dfbb00d752eb58b0b
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
2017-03-22 11:44:25 -07:00
Stephen J Day
39da6ff879
images: move image package to images
Signed-off-by: Stephen J Day <stephen.day@docker.com>
2017-03-21 17:36:37 -07:00
Stephen J Day
e53539c58f
cmd/dist, cmd/ctr: end to end image pull
With this changeset, we now have a proof of concept of end to end pull.
Up to this point, the relationship between subsystems has been somewhat
theoretical. We now leverage fetching, the snapshot drivers, the rootfs
service, image metadata and the execution service, validating the proposed
model for containerd. There are a few caveats, including the need to move some
of the access into GRPC services, but the basic components are there.

The first command we will cover here is `dist pull`. This is the analog
of `docker pull` and `git pull`. It performs a full resource fetch for
an image and unpacks the root filesystem into the snapshot drivers. An
example follows:

``` console
$ sudo ./bin/dist pull docker.io/library/redis:latest
docker.io/library/redis:latest:                                                   resolved       |++++++++++++++++++++++++++++++++++++++|
manifest-sha256:4c8fb09e8d634ab823b1c125e64f0e1ceaf216025aa38283ea1b42997f1e8059: done           |++++++++++++++++++++++++++++++++++++++|
layer-sha256:3b281f2bcae3b25c701d53a219924fffe79bdb74385340b73a539ed4020999c4:    done           |++++++++++++++++++++++++++++++++++++++|
config-sha256:e4a35914679d05d25e2fccfd310fde1aa59ffbbf1b0b9d36f7b03db5ca0311b0:   done           |++++++++++++++++++++++++++++++++++++++|
layer-sha256:4b7726832aec75f0a742266c7190c4d2217492722dfd603406208eaa902648d8:    done           |++++++++++++++++++++++++++++++++++++++|
layer-sha256:338a7133395941c85087522582af182d2f6477dbf54ba769cb24ec4fd91d728f:    done           |++++++++++++++++++++++++++++++++++++++|
layer-sha256:83f12ff60ff1132d1e59845e26c41968406b4176c1a85a50506c954696b21570:    done           |++++++++++++++++++++++++++++++++++++++|
layer-sha256:693502eb7dfbc6b94964ae66ebc72d3e32facd981c72995b09794f1e87bac184:    done           |++++++++++++++++++++++++++++++++++++++|
layer-sha256:622732cddc347afc9360b4b04b46c6f758191a1dc73d007f95548658847ee67e:    done           |++++++++++++++++++++++++++++++++++++++|
layer-sha256:19a7e34366a6f558336c364693df538c38307484b729a36fede76432789f084f:    done           |++++++++++++++++++++++++++++++++++++++|
elapsed: 1.6 s                                                                    total:   0.0 B (0.0 B/s)
INFO[0001] unpacking rootfs
```

Note that we haven't integrated rootfs unpacking into the status output, but we
pretty much have what is in docker today (:P). We can see the result of our pull
with the following:

```console
$ sudo ./bin/dist images
REF                            TYPE                                                 DIGEST                                                                  SIZE
docker.io/library/redis:latest application/vnd.docker.distribution.manifest.v2+json sha256:4c8fb09e8d634ab823b1c125e64f0e1ceaf216025aa38283ea1b42997f1e8059 1.8 kB
```

The above shows that we have an image called "docker.io/library/redis:latest"
mapped to the given digest marked with a specific format. We get the size of
the manifest right now, not the full image, but we can add more as we need it.
For the most part, this is all that is needed, but a few tweaks to the model
for naming may need to be added. Specifically, we may want to index under a few
different names, including those qualified by hash or matched by tag versions.
We can do more work in this area as we develop the metadata store.

The name shown above can then be used to run the actual container image. We can
do this with the following command:

```console
$ sudo ./bin/ctr run --id foo docker.io/library/redis:latest /usr/local/bin/redis-server
1:C 17 Mar 17:20:25.316 # Warning: no config file specified, using the default config. In order to specify a config file use /usr/local/bin/redis-server /path/to/redis.conf
1:M 17 Mar 17:20:25.317 * Increased maximum number of open files to 10032 (it was originally set to 1024).
                _._
           _.-``__ ''-._
      _.-``    `.  `_.  ''-._           Redis 3.2.8 (00000000/0) 64 bit
  .-`` .-```.  ```\/    _.,_ ''-._
 (    '      ,       .-`  | `,    )     Running in standalone mode
 |`-._`-...-` __...-.``-._|'` _.-'|     Port: 6379
 |    `-._   `._    /     _.-'    |     PID: 1
  `-._    `-._  `-./  _.-'    _.-'
 |`-._`-._    `-.__.-'    _.-'_.-'|
 |    `-._`-._        _.-'_.-'    |           http://redis.io
  `-._    `-._`-.__.-'_.-'    _.-'
 |`-._`-._    `-.__.-'    _.-'_.-'|
 |    `-._`-._        _.-'_.-'    |
  `-._    `-._`-.__.-'_.-'    _.-'
      `-._    `-.__.-'    _.-'
          `-._        _.-'
              `-.__.-'

1:M 17 Mar 17:20:25.326 # WARNING: The TCP backlog setting of 511 cannot be enforced because /proc/sys/net/core/somaxconn is set to the lower value of 128.
1:M 17 Mar 17:20:25.326 # Server started, Redis version 3.2.8
1:M 17 Mar 17:20:25.326 # WARNING overcommit_memory is set to 0! Background save may fail under low memory condition. To fix this issue add 'vm.overcommit_memory = 1' to /etc/sysctl.conf and then reboot or run the command 'sysctl vm.overcommit_memory=1' for this to take effect.
1:M 17 Mar 17:20:25.326 # WARNING you have Transparent Huge Pages (THP) support enabled in your kernel. This will create latency and memory usage issues with Redis. To fix this issue run the command 'echo never > /sys/kernel/mm/transparent_hugepage/enabled' as root, and add it to your /etc/rc.local in order to retain the setting after a reboot. Redis must be restarted after THP is disabled.
1:M 17 Mar 17:20:25.326 * The server is now ready to accept connections on port 6379
```

Wow! So, now we are running `redis`!

There are still a few things to work out. Notice that we have to specify the
command as part of the arguments to `ctr run`. This is because are not yet
reading the image config and converting it to an OCI runtime config. With the
base laid in this PR, adding such functionality should be straightforward.

While this is a _little_ messy, this is great progress. It should be easy
sailing from here.

Signed-off-by: Stephen J Day <stephen.day@docker.com>
2017-03-21 13:08:23 -07:00
Michael Crosby
6d3a70eb58 Make ctr --rootfs an absolute path
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
2017-03-09 16:13:23 -08:00
Volodymyr Burenin
72034dad40 Do not read all IO if container is not started.
Signed-off-by: Volodymyr Burenin <vburenin@gmail.com>
2017-03-06 13:47:45 -06:00
Volodymyr Burenin
2972f2728f Added new flag for 'ctr run' to specify user defined runtime.
Signed-off-by: Volodymyr Burenin <vburenin@gmail.com>
2017-03-06 13:11:31 -06:00
fate-grand-order
08405824ad Use errors.New() directly to output the error message
Signed-off-by: fate-grand-order <chenjg@harmonycloud.cn>
2017-02-22 10:53:16 +08:00
Qiang Huang
f83652dbf1 Ensure to read all io in error cases
Signed-off-by: Qiang Huang <h.huangqiang@huawei.com>
2017-02-21 08:46:04 -08:00
Akihiro Suda
5f6f04742c ctr: add --runtime-config
Signed-off-by: Akihiro Suda <suda.akihiro@lab.ntt.co.jp>
2017-02-21 05:04:18 +00:00
Michael Crosby
ab8586b7c5 Remove bundles from API
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
2017-02-15 13:56:41 -08:00
Akihiro Suda
bf8abef70f api: introduce api/{types,services} for deduplication of API definition
Signed-off-by: Akihiro Suda <suda.akihiro@lab.ntt.co.jp>
2017-02-14 02:42:13 +00:00
Kenfe-Mickael Laventure
b4a299e61d supervisor/shim: add exec support
Signed-off-by: Kenfe-Mickael Laventure <mickael.laventure@gmail.com>
2017-02-07 09:25:55 -08:00
Kenfe-Mickael Laventure
78d7e8b256 supervisor: implement monitoring
Signed-off-by: Kenfe-Mickael Laventure <mickael.laventure@gmail.com>
2017-02-06 15:16:55 -08:00
Kenfe-Mickael Laventure
31f26fed18 Move to a single Event type
Signed-off-by: Kenfe-Mickael Laventure <mickael.laventure@gmail.com>
2017-02-06 08:46:37 -08:00
Kenfe-Mickael Laventure
6f9eda1134 api/execution: remove ProcessID from rpc calls
Now that the shim handles all container's processes the system pid is
sufficient.

Signed-off-by: Kenfe-Mickael Laventure <mickael.laventure@gmail.com>
2017-02-02 15:36:10 -08:00
Kenfe-Mickael Laventure
40b0b211b7 api/execution: add Container suffix to relevant rpc calls
Signed-off-by: Kenfe-Mickael Laventure <mickael.laventure@gmail.com>
2017-02-02 14:40:23 -08:00
Akihiro Suda
e9bfed4cf2 *: clean up
Signed-off-by: Akihiro Suda <suda.akihiro@lab.ntt.co.jp>
2017-01-20 01:50:08 +00:00
Kenfe-Mickael Laventure
a60487b782 ctr: set raw mode when using --tty
Signed-off-by: Kenfe-Mickael Laventure <mickael.laventure@gmail.com>
2017-01-12 11:39:09 -08:00
Kenfe-Mickael Laventure
3234546ee6 ctr: take console flag in account when readying IOs
Signed-off-by: Kenfe-Mickael Laventure <mickael.laventure@gmail.com>
2017-01-12 10:24:22 -08:00
Kenfe-Mickael Laventure
8e603d2e48 ctr: use full path for bundle in run
Signed-off-by: Kenfe-Mickael Laventure <mickael.laventure@gmail.com>
2017-01-12 10:23:29 -08:00
Kenfe-Mickael Laventure
0fdd2469f6 execution: "restore" container on service creation
Signed-off-by: Kenfe-Mickael Laventure <mickael.laventure@gmail.com>
2016-12-16 11:40:47 -08:00
Kenfe-Mickael Laventure
2ef399b315 Add event support to execution subsystem
The implementation relies on nats.io

Signed-off-by: Kenfe-Mickael Laventure <mickael.laventure@gmail.com>
2016-12-12 09:21:29 -08:00
Kenfe-Mickael Laventure
0aad42f5cf Add exec and terminal support
Signed-off-by: Kenfe-Mickael Laventure <mickael.laventure@gmail.com>
2016-12-09 10:00:34 -08:00
Kenfe-Mickael Laventure
5a86eae247 Merge execution and container service
Signed-off-by: Kenfe-Mickael Laventure <mickael.laventure@gmail.com>
2016-12-07 19:44:22 -08:00
Kenfe-Mickael Laventure
ac3cc32dbc Complete basic support for ctr run
Signed-off-by: Kenfe-Mickael Laventure <mickael.laventure@gmail.com>
2016-12-07 19:44:22 -08:00
Michael Crosby
df9c09303c Fix ctr build
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
2016-12-05 16:36:15 -08:00
Stephen J Day
796b609741
cmd: move cli files to cmd package
Signed-off-by: Stephen J Day <stephen.day@docker.com>
2016-12-01 12:07:45 -08:00
Renamed from cli/ctr/run.go (Browse further)