Integrate containers/storage

Use containers/storage to store images, pod sandboxes, and containers. A pod sandbox's infrastructure container has the same ID as the pod to which it belongs, and all containers also keep track of their pod's ID. The container configuration that we build using the data in a CreateContainerRequest is stored in the container's ContainerDirectory and ContainerRunDirectory. We catch SIGTERM and SIGINT, and when we receive either, we gracefully exit the grpc loop. If we also think that there aren't any container filesystems in use, we attempt to do a clean shutdown of the storage driver. The test harness now waits for ocid to exit before attempting to delete the storage root directory. Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
2016-10-18 10:48:33 -04:00 · 2016-10-18 10:48:33 -04:00 · c0333b102b
commit c0333b102b
parent caee4a99c9
29 changed files with 637 additions and 372 deletions
--- a/docs/ocid.8.md
+++ b/docs/ocid.8.md
@ -8,16 +8,20 @@ ocid - Enable OCI Kubernetes Container Runtime daemon
 **ocid**
 [**--config**=[*value*]]
 [**--conmon**=[*value*]]
-[**--containerdir**=[*value*]]
 [**--debug**]
+[**--default-transport**=[*value*]]
 [**--help**|**-h**]
 [**--listen**=[*value*]]
 [**--log**=[*value*]]
 [**--log-format value**]
-[**--pause**=[*value*]]
+[**--pause-command**=[*value*]]
+[**--pause-image**=[*value*]]
 [**--root**=[*value*]]
+[**--runroot**=[*value*]]
 [**--runtime**=[*value*]]
-[**--sandboxdir**=[*value*]]
+[**--signature-policy**=[*value*]]
+[**--storage-driver**=[*value*]]
+[**--storage-option**=[*value*]]
 [**--selinux**]
 [**--seccomp-profile**=[*value*]]
 [**--apparmor-profile**=[*value*]]
@ -43,18 +47,21 @@ ocid is meant to provide an integration path between OCI conformant runtimes and

 # GLOBAL OPTIONS

+**--apparmor_profile**=""
+  Name of the apparmor profile to be used as the runtime's default (default: "ocid-default")
+
 **--config**=""
  path to configuration file

 **--conmon**=""
  path to the conmon executable (default: "/usr/libexec/ocid/conmon")

-**--containerdir**=""
-  OCID container dir (default: "/var/lib/ocid/containers")
-
 **--debug**
  Enable debug output for logging

+**--default-transport**
+  A prefix to prepend to image names that can't be pulled as-is.
+
 **--help, -h**
  Print usage statement

@ -67,32 +74,41 @@ ocid is meant to provide an integration path between OCI conformant runtimes and
 **--log-format**=""
  Set the format used by logs ('text' (default), or 'json') (default: "text")

-**--pause**=""
-  Path to the pause executable (default: "/usr/libexec/ocid/pause")
+**--pause-command**=""
+  Path to the pause executable in the pause image (default: "/pause")
+
+**--pause-image**=""
+  Image which contains the pause executable (default: "kubernetes/pause")

 **--root**=""
-  OCID root dir (default: "/var/lib/ocid")
+  OCID root dir (default: "/var/lib/containers")
+
+**--runroot**=""
+  OCID state dir (default: "/var/run/containers")

 **--runtime**=""
  OCI runtime path (default: "/usr/bin/runc")

-**--sandboxdir**=""
-  OCID pod sandbox dir (default: "/var/lib/ocid/sandboxes")
-
 **--selinux**=*true*|*false*
  Enable selinux support (default: false)

-**--seccomp_profile**=""
+**--seccomp-profile**=""
  Path to the seccomp json profile to be used as the runtime's default (default: "/etc/ocid/seccomp.json")

-**--apparmor_profile**=""
-  Name of the apparmor profile to be used as the runtime's default (default: "ocid-default")
+**--signature-policy**=""
+  Path to the signature policy json file (default: "", to use the system-wide default)
+
+**--storage-driver**
+  OCI storage driver (default: "devicemapper")
+
+**--storage-option**
+  OCI storage driver option (no default)

 **--cni-config-dir**=""
-  CNI configuration files directory (defautl: "/etc/cni/net.d/")
+  CNI configuration files directory (default: "/etc/cni/net.d/")

 **--cni-plugin-dir**=""
-  CNI plugin binaries directory (defautl: "/opt/cni/bin/")
+  CNI plugin binaries directory (default: "/opt/cni/bin/")

 **--version, -v**
  Print the version
--- a/docs/ocid.conf.5.md
+++ b/docs/ocid.conf.5.md
@ -29,15 +29,17 @@ No bare options are used. The format of TOML can be simplified to:
 The `ocid` table supports the following options:


-**container_dir**=""
-  OCID container dir (default: "/var/lib/ocid/containers")
-
 **root**=""
-  OCID root dir (default: "/var/lib/ocid")
+  OCID root dir (default: "/var/lib/containers")

-**sandbox_dir**=""
-  OCID pod sandbox dir (default: "/var/lib/ocid/sandboxes")
+**runroot**=""
+  OCID state dir (default: "/var/run/containers")

+**storage_driver**=""
+  OCID storage driver (default is "devicemapper")
+
+**storage_option**=[]
+  OCID storage driver option list (no default)

 ## OCID.API TABLE

@ -58,6 +60,9 @@ The `ocid` table supports the following options:
 **selinux**=*true*|*false*
  Enable selinux support (default: false)

+**signature_policy**=""
+  Path to the signature policy json file (default: "", to use the system-wide default)
+
 **seccomp_profile**=""
  Path to the seccomp json profile to be used as the runtime's default (default: "/etc/ocid/seccomp.json")

@ -66,8 +71,14 @@ The `ocid` table supports the following options:

 ## OCID.IMAGE TABLE

-**pause**=""
-  Path to the pause executable (default: "/usr/libexec/ocid/pause")
+**default_transport**
+  A prefix to prepend to image names that can't be pulled as-is (default: "docker://")
+
+**pause_command**=""
+  Path to the pause executable in the pause image (default: "/pause")
+
+**pause_image**=""
+  Image which contains the pause executable (default: "kubernetes/pause")

 ## OCID.NETWORK TABLE