Integrate containers/storage
Use containers/storage to store images, pod sandboxes, and containers. A pod sandbox's infrastructure container has the same ID as the pod to which it belongs, and all containers also keep track of their pod's ID. The container configuration that we build using the data in a CreateContainerRequest is stored in the container's ContainerDirectory and ContainerRunDirectory. We catch SIGTERM and SIGINT, and when we receive either, we gracefully exit the grpc loop. If we also think that there aren't any container filesystems in use, we attempt to do a clean shutdown of the storage driver. The test harness now waits for ocid to exit before attempting to delete the storage root directory. Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
This commit is contained in:
Nalin Dahyabhai
parent
caee4a99c9
commit
c0333b102b
29 changed files with 637 additions and 372 deletions
|
|
@ -3,7 +3,6 @@ package server
|
|||
import (
|
||||
"bytes"
|
||||
"io/ioutil"
|
||||
"path/filepath"
|
||||
|
||||
"github.com/BurntSushi/toml"
|
||||
"github.com/opencontainers/runc/libcontainer/selinux"
|
||||
|
|
@ -11,16 +10,16 @@ import (
|
|||
|
||||
// Default paths if none are specified
|
||||
const (
|
||||
ocidRoot = "/var/lib/ocid"
|
||||
conmonPath = "/usr/libexec/ocid/conmon"
|
||||
pausePath = "/usr/libexec/ocid/pause"
|
||||
seccompProfilePath = "/etc/ocid/seccomp.json"
|
||||
cniConfigDir = "/etc/cni/net.d/"
|
||||
cniBinDir = "/opt/cni/bin/"
|
||||
)
|
||||
|
||||
const (
|
||||
ocidRoot = "/var/lib/ocid"
|
||||
ocidRunRoot = "/var/run/containers"
|
||||
conmonPath = "/usr/libexec/ocid/conmon"
|
||||
pauseImage = "kubernetes/pause"
|
||||
pauseCommand = "/pause"
|
||||
defaultTransport = "docker://"
|
||||
seccompProfilePath = "/etc/ocid/seccomp.json"
|
||||
apparmorProfileName = "ocid-default"
|
||||
cniConfigDir = "/etc/cni/net.d/"
|
||||
cniBinDir = "/opt/cni/bin/"
|
||||
cgroupManager = "cgroupfs"
|
||||
)
|
||||
|
||||
|
|
@ -40,17 +39,20 @@ type Config struct {
|
|||
|
||||
// RootConfig represents the root of the "ocid" TOML config table.
|
||||
type RootConfig struct {
|
||||
// Root is a path to the "root directory" where all information not
|
||||
// Root is a path to the "root directory" where data not
|
||||
// explicitly handled by other options will be stored.
|
||||
Root string `toml:"root"`
|
||||
|
||||
// SandboxDir is the directory where ocid will store all of its sandbox
|
||||
// state and other information.
|
||||
SandboxDir string `toml:"sandbox_dir"`
|
||||
// RunRoot is a path to the "run directory" where state information not
|
||||
// explicitly handled by other options will be stored.
|
||||
RunRoot string `toml:"runroot"`
|
||||
|
||||
// ContainerDir is the directory where ocid will store all of its container
|
||||
// state and other information.
|
||||
ContainerDir string `toml:"container_dir"`
|
||||
// Storage is the name of the storage driver which handles actually
|
||||
// storing the contents of containers.
|
||||
Storage string `toml:"storage_driver"`
|
||||
|
||||
// StorageOption is a list of storage driver specific options.
|
||||
StorageOptions []string `toml:"storage_option"`
|
||||
|
||||
// LogDir is the default log directory were all logs will go unless kubelet
|
||||
// tells us to put them somewhere else.
|
||||
|
|
@ -98,17 +100,21 @@ type RuntimeConfig struct {
|
|||
|
||||
// ImageConfig represents the "ocid.image" TOML config table.
|
||||
type ImageConfig struct {
|
||||
// Pause is the path to the statically linked pause container binary, used
|
||||
// as the entrypoint for infra containers.
|
||||
//
|
||||
// TODO(cyphar): This should be replaced with a path to an OCI image
|
||||
// bundle, once the OCI image/storage code has been implemented.
|
||||
Pause string `toml:"pause"`
|
||||
|
||||
// ImageStore is the directory where the ocid image store will be stored.
|
||||
// TODO: This is currently not really used because we don't have
|
||||
// containers/storage integrated.
|
||||
ImageDir string `toml:"image_dir"`
|
||||
// DefaultTransport is a value we prefix to image names that fail to
|
||||
// validate source references.
|
||||
DefaultTransport string `toml:"default_transport"`
|
||||
// PauseImage is the name of an image which we use to instantiate infra
|
||||
// containers.
|
||||
PauseImage string `toml:"pause_image"`
|
||||
// PauseCommand is the path of the binary we run in an infra
|
||||
// container that's been instantiated using PauseImage.
|
||||
PauseCommand string `toml:"pause_command"`
|
||||
// SignaturePolicyPath is the name of the file which decides what sort
|
||||
// of policy we use when deciding whether or not to trust an image that
|
||||
// we've pulled. Outside of testing situations, it is strongly advised
|
||||
// that this be left unspecified so that the default system-wide policy
|
||||
// will be used.
|
||||
SignaturePolicyPath string `toml:"signature_policy"`
|
||||
}
|
||||
|
||||
// NetworkConfig represents the "ocid.network" TOML config table
|
||||
|
|
@ -191,10 +197,9 @@ func (c *Config) ToFile(path string) error {
|
|||
func DefaultConfig() *Config {
|
||||
return &Config{
|
||||
RootConfig: RootConfig{
|
||||
Root: ocidRoot,
|
||||
SandboxDir: filepath.Join(ocidRoot, "sandboxes"),
|
||||
ContainerDir: filepath.Join(ocidRoot, "containers"),
|
||||
LogDir: "/var/log/ocid/pods",
|
||||
Root: ocidRoot,
|
||||
RunRoot: ocidRunRoot,
|
||||
LogDir: "/var/log/ocid/pods",
|
||||
},
|
||||
APIConfig: APIConfig{
|
||||
Listen: "/var/run/ocid.sock",
|
||||
|
|
@ -211,8 +216,10 @@ func DefaultConfig() *Config {
|
|||
CgroupManager: cgroupManager,
|
||||
},
|
||||
ImageConfig: ImageConfig{
|
||||
Pause: pausePath,
|
||||
ImageDir: filepath.Join(ocidRoot, "store"),
|
||||
DefaultTransport: defaultTransport,
|
||||
PauseImage: pauseImage,
|
||||
PauseCommand: pauseCommand,
|
||||
SignaturePolicyPath: "",
|
||||
},
|
||||
NetworkConfig: NetworkConfig{
|
||||
NetworkDir: cniConfigDir,
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue