Commit graph

301 commits

Author SHA1 Message Date
Sebastiaan van Stijn
81e62af94a
use consistent alias for containerd's errdefs package
The signatures of functions in containerd's errdefs packages are very
similar to those in our own, and it's easy to accidentally use the wrong
package.

This patch uses a consistent alias for all occurrences of this import.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-04-08 19:30:33 +02:00
Sebastiaan van Stijn
11261594d8
Merge pull request #45032 from corhere/shim-opts
daemon: allow shimv2 runtimes to be configured
2023-03-02 21:45:05 +01:00
Cory Snider
b0eed5ade6 daemon: allow shimv2 runtimes to be configured
Kubernetes only permits RuntimeClass values which are valid lowercase
RFC 1123 labels, which disallows the period character. This prevents
cri-dockerd from being able to support configuring alternative shimv2
runtimes for a pod as shimv2 runtime names must contain at least one
period character. Add support for configuring named shimv2 runtimes in
daemon.json so that runtime names can be aliased to
Kubernetes-compatible names.

Allow options to be set on shimv2 runtimes in daemon.json.

The names of the new daemon runtime config fields have been selected to
correspond with the equivalent field names in cri-containerd's
configuration so that users can more easily follow documentation from
the runtime vendor written for cri-containerd and apply it to
daemon.json.

Signed-off-by: Cory Snider <csnider@mirantis.com>
2023-02-17 18:08:06 -05:00
Paweł Gronowski
a654cbfd2f
Use GetBoolOrDefault to remove duplicated invalidFilter usages
The pattern of parsing bool was repeated across multiple files and
caused the duplication of the invalidFilter error helper.

Signed-off-by: Paweł Gronowski <pawel.gronowski@docker.com>
2023-01-26 16:28:53 +01:00
Jan Garcia
1e1d326b50 plugins: Move GlobalSpecPaths into LocalRegistry
Signed-off-by: Jan Garcia <github-public@n-garcia.com>
2023-01-10 21:33:49 +01:00
Sebastiaan van Stijn
bffb35612c
plugin: use strings.Cut()
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-12-21 11:09:02 +01:00
Sebastiaan van Stijn
9f3e5eead5
pkg/system: deprecate DefaultPathEnv, move to oci
This patch:

- Deprecates pkg/system.DefaultPathEnv
- Moves the implementation inside oci
- Adds TODOs to align the default in the Builder with the one used elsewhere

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-11-29 17:02:50 +01:00
Cory Snider
1bef9e3fbf Fix containerd task deletion after failed start
Deleting a containerd task whose status is Created fails with a
"precondition failed" error. This is because (aside from Windows)
a process is spawned when the task is created, and deleting the task
while the process is running would leak the process if it was allowed.
libcontainerd and the containerd plugin executor mistakenly try to clean
up from a failed start by deleting the created task, which will always
fail with the aforementined error. Change them to pass the
`WithProcessKill` delete option so the cleanup has a chance to succeed.

Signed-off-by: Cory Snider <csnider@mirantis.com>
2022-11-02 13:48:13 -04:00
Sebastiaan van Stijn
0249afc523
migrate pkg/pubsub to github.com/moby/pubsub
This package was moved to a separate repository, using the steps below:

    # install filter-repo (https://github.com/newren/git-filter-repo/blob/main/INSTALL.md)
    brew install git-filter-repo

    cd ~/projects

    # create a temporary clone of docker
    git clone https://github.com/docker/docker.git moby_pubsub_temp
    cd moby_pubsub_temp

    # for reference
    git rev-parse HEAD
    # --> 572ca799db

    # remove all code, except for pkg/pubsub, license, and notice, and rename pkg/pubsub to /
    git filter-repo --path pkg/pubsub/ --path LICENSE --path NOTICE --path-rename pkg/pubsub/:

    # remove canonical imports
    git revert -s -S 585ff0ebbe6bc25b801a0e0087dd5353099cb72e

    # initialize module
    go mod init github.com/moby/pubsub
    go mod tidy

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-09-30 18:40:19 +02:00
Sebastiaan van Stijn
4eb9b5f20e
plugin: fix empty-lines (revive)
plugin/v2/settable_test.go:24:29: empty-lines: extra empty line at the end of a block (revive)
    plugin/manager_linux.go:96:6: empty-lines: extra empty line at the end of a block (revive)
    plugin/backend_linux.go:373:16: empty-lines: extra empty line at the start of a block (revive)

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-09-28 01:58:50 +02:00
Cory Snider
e332c41e9d pkg/containerfs: alias ContainerFS to string
Drop the constructor and redundant string() type-casts.

Signed-off-by: Cory Snider <csnider@mirantis.com>
2022-09-23 16:56:52 -04:00
Cory Snider
6a2f385aea Share logic to create-or-replace a container
The existing logic to handle container ID conflicts when attempting to
create a plugin container is not nearly as robust as the implementation
in daemon for user containers. Extract and refine the logic from daemon
and use it in the plugin executor.

Signed-off-by: Cory Snider <csnider@mirantis.com>
2022-08-24 14:59:08 -04:00
Cory Snider
4bafaa00aa Refactor libcontainerd to minimize c8d RPCs
The containerd client is very chatty at the best of times. Because the
libcontained API is stateless and references containers and processes by
string ID for every method call, the implementation is essentially
forced to use the containerd client in a way which amplifies the number
of redundant RPCs invoked to perform any operation. The libcontainerd
remote implementation has to reload the containerd container, task
and/or process metadata for nearly every operation. This in turn
amplifies the number of context switches between dockerd and containerd
to perform any container operation or handle a containerd event,
increasing the load on the system which could otherwise be allocated to
workloads.

Overhaul the libcontainerd interface to reduce the impedance mismatch
with the containerd client so that the containerd client can be used
more efficiently. Split the API out into container, task and process
interfaces which the consumer is expected to retain so that
libcontainerd can retain state---especially the analogous containerd
client objects---without having to manage any state-store inside the
libcontainerd client.

Signed-off-by: Cory Snider <csnider@mirantis.com>
2022-08-24 14:59:08 -04:00
Sebastiaan van Stijn
55d1a56826
plugin: use types/registry.AuthConfig
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-07-29 23:05:19 +02:00
Sebastiaan van Stijn
52c1a2fae8
gofmt GoDoc comments with go1.19
Older versions of Go don't format comments, so committing this as
a separate commit, so that we can already make these changes before
we upgrade to Go 1.19.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-07-08 19:56:23 +02:00
Drew Erny
240a9fcb83
Add Swarm cluster volume supports
Adds code to support Cluster Volumes in Swarm using CSI drivers.

Signed-off-by: Drew Erny <derny@mirantis.com>
2022-05-13 00:55:44 +02:00
Sebastiaan van Stijn
521807837b
plugin: Executor.Signal() accept syscall.Signal
This helps reducing some type-juggling / conversions further up
the stack.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-05-05 00:53:55 +02:00
Sebastiaan van Stijn
2ec2b65e45
libcontainerd: SignalProcess(): accept syscall.Signal
This helps reducing some type-juggling / conversions further up
the stack.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-05-05 00:53:49 +02:00
Sebastiaan van Stijn
a189651b4c
Merge pull request #43358 from thaJeztah/plugin_EndpointResolver
plugin: add EndpointResolver interface
2022-04-21 20:49:56 +02:00
Sebastiaan van Stijn
690a6fddf9
daemon: move default namespaces to daemon/config
Keeping the defaults in a single location, which also reduces
the list of imports needed.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-04-17 13:10:57 +02:00
Sebastiaan van Stijn
bdb878ab2c
filters: lowercase error
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-03-18 09:44:53 +01:00
Sebastiaan van Stijn
f9f549cbe4
plugin: add EndpointResolver interface
This defines the interface that the package expects in order to lookup
pull endpoints, instead of requiring the whole registry.Service interface.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-03-11 18:28:55 +01:00
Sebastiaan van Stijn
61599d0a4d
plugin: remove unused pluginRegistryService
It wrapped the regular registry service, but the ResolveRepository() function
was not called anywhere.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-03-11 18:26:27 +01:00
Sebastiaan van Stijn
a0230f3d9a
remove unneeded "digest" alias for "go-digest"
I think this was there for historic reasons (may have been goimports expected
this, and we used to have a linter that wanted it), but it's not needed, so
let's remove it (to make my IDE less complaining about unneeded aliases).

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-03-04 14:49:42 +01:00
Sebastiaan van Stijn
25ee00c494
pkg/system: move EnsureRemoveAll() to pkg/containerfs
pkg/system historically has been a bit of a kitchen-sink of things that were
somewhat "system" related, but didn't have a good place for. EnsureRemoveAll()
is one of those utilities. EnsureRemoveAll() is used to both unmount and remove
a path, for which it depends on both github.com/moby/sys/mount, which in turn
depends on github.com/moby/sys/mountinfo.

pkg/system is imported in the CLI, but neither EnsureRemoveAll(), nor any of its
moby/sys dependencies are used on the client side, so let's move this function
somewhere else, to remove those dependencies from the CLI.

I looked for plausible locations that were related; it's used in:

- daemon
- daemon/graphdriver/XXX/
- plugin

I considered moving it into a (e.g.) "utils" package within graphdriver (but not
a huge fan of "utils" packages), and given that it felt (mostly) related to
cleaning up container filesystems, I decided to move it there.

Some things to follow-up on after this:

- Verify if this function is still needed (it feels a bit like a big hammer in
  a "YOLO, let's try some things just in case it fails")
- Perhaps it should be integrated in `containerfs.Remove()` (so that it's used
  automatically)
- Look if there's other implementations (and if they should be consolidated),
  although (e.g.) the one in containerd is a copy of ours:
  https://github.com/containerd/containerd/blob/v1.5.9/pkg/cri/server/helpers_linux.go#L200

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-03-03 00:22:26 +01:00
Eng Zer Jun
c55a4ac779
refactor: move from io/ioutil to io and os package
The io/ioutil package has been deprecated in Go 1.16. This commit
replaces the existing io/ioutil functions with their new definitions in
io and os packages.

Signed-off-by: Eng Zer Jun <engzerjun@gmail.com>
2021-08-27 14:56:57 +08:00
Sebastiaan van Stijn
686be57d0a
Update to Go 1.17.0, and gofmt with Go 1.17
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2021-08-24 23:33:27 +02:00
Sebastiaan van Stijn
dd1374f7b2
if-return: redundant if ...; err != nil check (revive)
builder/builder-next/adapters/snapshot/snapshot.go:386:3: if-return: redundant if ...; err != nil check, just return error instead. (revive)
            if err := b.Put(keyIsCommitted, []byte{}); err != nil {
                return err
            }

    plugin/fetch_linux.go:112:2: if-return: redundant if ...; err != nil check, just return error instead. (revive)
        if err := images.Dispatch(ctx, images.Handlers(handlers...), nil, desc); err != nil {
            return err
        }

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2021-06-10 13:03:40 +02:00
Sebastiaan van Stijn
d13997b4ba
gosec: G601: Implicit memory aliasing in for loop
plugin/v2/plugin.go:141:50: G601: Implicit memory aliasing in for loop. (gosec)
                    updateSettingsEnv(&p.PluginObj.Settings.Env, &s)
                                                                 ^
    libcontainerd/remote/client.go:572:13: G601: Implicit memory aliasing in for loop. (gosec)
                cpDesc = &m
                         ^
    distribution/push_v2.go:400:34: G601: Implicit memory aliasing in for loop. (gosec)
                (metadata.CheckV2MetadataHMAC(&mountCandidate, pd.hmacKey) ||
                                              ^
    builder/dockerfile/builder.go:261:84: G601: Implicit memory aliasing in for loop. (gosec)
            currentCommandIndex = printCommand(b.Stdout, currentCommandIndex, totalCommands, &meta)
                                                                                             ^
    builder/dockerfile/builder.go:278:46: G601: Implicit memory aliasing in for loop. (gosec)
            if err := initializeStage(dispatchRequest, &stage); err != nil {
                                                       ^
    daemon/container.go:283:40: G601: Implicit memory aliasing in for loop. (gosec)
            if err := parser.ValidateMountConfig(&cfg); err != nil {
                                                 ^

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2021-06-10 13:03:29 +02:00
Sebastiaan van Stijn
7c1c123555
vendor: github.com/containerd/containerd v1.5.2
full diff: 19ee068f93...v1.5.2

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2021-06-04 16:32:37 +02:00
Brian Goff
a876ede24f Use docker media type for plugin layers
This was changed as part of a refactor to use containerd dist code. The
problem is the OCI media types are not compatible with older versions of
Docker.

Signed-off-by: Brian Goff <cpuguy83@gmail.com>
2021-04-05 21:46:53 +00:00
Akihiro Suda
22d7812836
Merge pull request #41485 from thaJeztah/remove_dead_arg 2021-02-27 22:25:00 +09:00
Arnaud Rebillout
e8648fa19f plugin/manager_linux_test: Skip privileged tests when non-root
This test fail when run by a non-root user

  === CONT  TestPluginAlreadyRunningOnStartup
  === RUN   TestPluginAlreadyRunningOnStartup/live-restore-disabled
  === PAUSE TestPluginAlreadyRunningOnStartup/live-restore-disabled
  === RUN   TestPluginAlreadyRunningOnStartup/live-restore-enabled
  === PAUSE TestPluginAlreadyRunningOnStartup/live-restore-enabled
  === CONT  TestPluginAlreadyRunningOnStartup/live-restore-disabled
  === CONT  TestPluginAlreadyRunningOnStartup/live-restore-enabled
  time="2020-12-15T02:23:03Z" level=error msg="failed to enable plugin" error="chown /tmp/TestPluginAlreadyRunningOnStartup898689032/live-restore-disabled/manager/b6106d4d8937398ec8ec5e7092897ca4dd2eab6aa8043640095ef92b860b1417/rootfs/dev: operation not permitted" id=b6106d4d8937398ec8ec5e7092897ca4dd2eab6aa8043640095ef92b860b1417
  === CONT  TestPluginAlreadyRunningOnStartup/live-restore-disabled
      manager_linux_test.go:250: plugin client should not be nil
  panic: test timed out after 10m0s

  goroutine 41 [running]:
  testing.(*M).startAlarm.func1()
	  /usr/lib/go-1.15/src/testing/testing.go:1618 +0xe5
  created by time.goFunc
	  /usr/lib/go-1.15/src/time/sleep.go:167 +0x45

  goroutine 1 [chan receive, 9 minutes]:
  testing.tRunner.func1(0xc000001500)
	  /usr/lib/go-1.15/src/testing/testing.go:1088 +0x24d
  testing.tRunner(0xc000001500, 0xc0001dfde0)
	  /usr/lib/go-1.15/src/testing/testing.go:1127 +0x125
  testing.runTests(0xc00000e2c0, 0xeade80, 0xa, 0xa, 0xbfee25f7d50c4ace, 0x8bb30f7348, 0xebb2c0, 0x40f710)
	  /usr/lib/go-1.15/src/testing/testing.go:1437 +0x2fe
  testing.(*M).Run(0xc000394100, 0x0)
	  /usr/lib/go-1.15/src/testing/testing.go:1345 +0x1eb
  main.main()
	  _testmain.go:61 +0x138

  goroutine 11 [chan receive, 9 minutes]:
  testing.tRunner.func1(0xc000412180)
	  /usr/lib/go-1.15/src/testing/testing.go:1088 +0x24d
  testing.tRunner(0xc000412180, 0xad9b38)
	  /usr/lib/go-1.15/src/testing/testing.go:1127 +0x125
  created by testing.(*T).Run
	  /usr/lib/go-1.15/src/testing/testing.go:1168 +0x2b3

  goroutine 16 [chan receive, 9 minutes]:
  testing.runTests.func1.1(0xc000001500)
	  /usr/lib/go-1.15/src/testing/testing.go:1444 +0x3b
  created by testing.runTests.func1
	  /usr/lib/go-1.15/src/testing/testing.go:1444 +0xac

  goroutine 34 [chan send, 9 minutes]:
  github.com/docker/docker/plugin.(*executorWithRunning).Signal(0xc0003e31e0, 0xc0000317c0, 0x40, 0xf, 0x3f, 0x3f)
	  /<<PKGBUILDDIR>>/_build/src/github.com/docker/docker/plugin/manager_linux_test.go:171 +0x73
  github.com/docker/docker/plugin.shutdownPlugin(0xc0003e6840, 0xc000096360, 0xb6dfc0, 0xc0003e31e0)
	  /<<PKGBUILDDIR>>/_build/src/github.com/docker/docker/plugin/manager_linux.go:157 +0x8a
  github.com/docker/docker/plugin.(*Manager).Shutdown(0xc0003e80c0)
	  /<<PKGBUILDDIR>>/_build/src/github.com/docker/docker/plugin/manager_linux.go:211 +0x1a7
  runtime.Goexit()
	  /usr/lib/go-1.15/src/runtime/panic.go:617 +0x1e5
  testing.(*common).FailNow(0xc000412a80)
	  /usr/lib/go-1.15/src/testing/testing.go:732 +0x3c
  testing.(*common).Fatal(0xc000412a80, 0xc00015ddc8, 0x1, 0x1)
	  /usr/lib/go-1.15/src/testing/testing.go:800 +0x78
  github.com/docker/docker/plugin.TestPluginAlreadyRunningOnStartup.func3(0xc000412a80)
	  /<<PKGBUILDDIR>>/_build/src/github.com/docker/docker/plugin/manager_linux_test.go:250 +0x919
  testing.tRunner(0xc000412a80, 0xc0003e4f90)
	  /usr/lib/go-1.15/src/testing/testing.go:1123 +0xef
  created by testing.(*T).Run
	  /usr/lib/go-1.15/src/testing/testing.go:1168 +0x2b3

  goroutine 35 [chan send, 9 minutes]:
  testing.tRunner.func1(0xc000412d80)
	  /usr/lib/go-1.15/src/testing/testing.go:1113 +0x373
  testing.tRunner(0xc000412d80, 0xc0003e4fc0)
	  /usr/lib/go-1.15/src/testing/testing.go:1127 +0x125
  created by testing.(*T).Run
	  /usr/lib/go-1.15/src/testing/testing.go:1168 +0x2b3

  goroutine 50 [IO wait, 9 minutes]:
  internal/poll.runtime_pollWait(0x7f7b26d75e70, 0x72, 0x0)
	  /usr/lib/go-1.15/src/runtime/netpoll.go:222 +0x55
  internal/poll.(*pollDesc).wait(0xc000518018, 0x72, 0x0, 0x0, 0xab05ec)
	  /usr/lib/go-1.15/src/internal/poll/fd_poll_runtime.go:87 +0x45
  internal/poll.(*pollDesc).waitRead(...)
	  /usr/lib/go-1.15/src/internal/poll/fd_poll_runtime.go:92
  internal/poll.(*FD).Accept(0xc000518000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
	  /usr/lib/go-1.15/src/internal/poll/fd_unix.go:394 +0x1fc
  net.(*netFD).accept(0xc000518000, 0x64298f, 0xc000394080, 0x0)
	  /usr/lib/go-1.15/src/net/fd_unix.go:172 +0x45
  net.(*UnixListener).accept(0xc00050c0f0, 0xc000394080, 0x0, 0x0)
	  /usr/lib/go-1.15/src/net/unixsock_posix.go:162 +0x32
  net.(*UnixListener).Accept(0xc00050c0f0, 0x0, 0x0, 0x0, 0x0)
	  /usr/lib/go-1.15/src/net/unixsock.go:260 +0x65
  github.com/docker/docker/plugin.listenTestPlugin.func1(0xb6be00, 0xc00050c0f0)
	  /<<PKGBUILDDIR>>/_build/src/github.com/docker/docker/plugin/manager_linux_test.go:266 +0x3d
  created by github.com/docker/docker/plugin.listenTestPlugin
	  /<<PKGBUILDDIR>>/_build/src/github.com/docker/docker/plugin/manager_linux_test.go:264 +0x105

  goroutine 51 [chan receive, 9 minutes]:
  github.com/docker/docker/plugin.listenTestPlugin.func2(0xc000516000, 0xb6be00, 0xc00050c0f0, 0xc000514000, 0x65)
	  /<<PKGBUILDDIR>>/_build/src/github.com/docker/docker/plugin/manager_linux_test.go:274 +0x34
  created by github.com/docker/docker/plugin.listenTestPlugin
	  /<<PKGBUILDDIR>>/_build/src/github.com/docker/docker/plugin/manager_linux_test.go:273 +0x14f
  FAIL	github.com/docker/docker/plugin	600.013s

Signed-off-by: Arnaud Rebillout <elboulangero@gmail.com>
2020-12-15 09:48:06 +07:00
Sebastiaan van Stijn
182795cff6
Do not call mount.RecursiveUnmount() on Windows
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-10-29 23:00:16 +01:00
Sebastiaan van Stijn
768ba77d37
plugin.Manager.setupNewPlugin() remove unused blobsums argument
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-09-30 00:55:32 +02:00
Sebastiaan van Stijn
7335167340
Remove redundant "os.IsNotExist" checks on os.RemoveAll()
`os.RemoveAll()` should never return this error. From the docs:

> If the path does not exist, RemoveAll returns nil (no error).

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-09-23 10:30:53 +02:00
Tibor Vass
0f41a77c69
Merge pull request #41207 from thaJeztah/remove_whitelist
Remove some outdated terminology where possible
2020-07-28 14:10:27 +02:00
Sebastiaan van Stijn
3895dd585f
Replace uses of blacklist/whitelist
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-07-14 10:41:34 +02:00
Brian Goff
f63f73a4a8 Configure shims from runtime config
In dockerd we already have a concept of a "runtime", which specifies the
OCI runtime to use (e.g. runc).
This PR extends that config to add containerd shim configuration.
This option is only exposed within the daemon itself (cannot be
configured in daemon.json).
This is due to issues in supporting unknown shims which will require
more design work.

What this change allows us to do is keep all the runtime config in one
place.

So the default "runc" runtime will just have it's already existing shim
config codified within the runtime config alone.
I've also added 2 more "stock" runtimes which are basically runc+shimv1
and runc+shimv2.
These new runtime configurations are:

- io.containerd.runtime.v1.linux - runc + v1 shim using the V1 shim API
- io.containerd.runc.v2 - runc + shim v2

These names coincide with the actual names of the containerd shims.

This allows the user to essentially control what shim is going to be
used by either specifying these as a `--runtime` on container create or
by setting `--default-runtime` on the daemon.

For custom/user-specified runtimes, the default shim config (currently
shim v1) is used.

Signed-off-by: Brian Goff <cpuguy83@gmail.com>
2020-07-13 14:18:02 -07:00
Sebastiaan van Stijn
8e2e2bdb9b
Merge pull request #40867 from BurtonQin/double-lock
plugin: Add No-Lock version of resolvePluginID to fix double Rlock
2020-05-15 18:07:39 +02:00
BurtonQin
a36db14ce0 plugin: remove Rlock in resolvePluginID to fix double Rlock
Signed-off-by: BurtonQin <bobbqqin@gmail.com>
2020-05-15 09:13:37 -04:00
Sebastiaan van Stijn
07d60bc257
Replace errors.Cause() with errors.Is() / errors.As()
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-04-29 00:28:41 +02:00
Brian Goff
d7ba1f85ef Use containerd dist libs for plugin pull/pull
This removes the use of the old distribution code in the plugin packages
and replaces it with containerd libraries for plugin pushes and pulls.

Additionally it uses a content store from containerd which seems like
it's compatible with the old "basicBlobStore" in the plugin package.
This is being used locally isntead of through the containerd client for
now.

Signed-off-by: Brian Goff <cpuguy83@gmail.com>
2020-04-02 15:03:06 -07:00
Kir Kolyshkin
39048cf656 Really switch to moby/sys/mount*
Switch to moby/sys/mount and mountinfo. Keep the pkg/mount for potential
outside users.

This commit was generated by the following bash script:

```
set -e -u -o pipefail

for file in $(git grep -l 'docker/docker/pkg/mount"' | grep -v ^pkg/mount); do
	sed -i -e 's#/docker/docker/pkg/mount"#/moby/sys/mount"#' \
		-e 's#mount\.\(GetMounts\|Mounted\|Info\|[A-Za-z]*Filter\)#mountinfo.\1#g' \
		$file
	goimports -w $file
done
```

Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
2020-03-20 09:46:25 -07:00
Ziheng Liu
34837febc4 plugin: fix a double RLock bug
Signed-off-by: Ziheng Liu <lzhfromustc@gmail.com>
2020-02-25 13:51:27 -05:00
Sebastiaan van Stijn
9f0b3f5609
bump gotest.tools v3.0.1 for compatibility with Go 1.14
full diff: https://github.com/gotestyourself/gotest.tools/compare/v2.3.0...v3.0.1

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-02-11 00:06:42 +01:00
Akihiro Suda
612343618d cgroup2: use shim V2
* Requires containerd binaries from containerd/containerd#3799 . Metrics are unimplemented yet.
* Works with crun v0.10.4, but `--security-opt seccomp=unconfined` is needed unless using master version of libseccomp
  ( containers/crun#156, seccomp/libseccomp#177 )
* Doesn't work with master runc yet
* Resource limitations are unimplemented

Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
2020-01-01 02:58:40 +09:00
Kir Kolyshkin
7b85ed613d
plugin/setupNewPlugin: rm dead code
> plugin/manager_linux.go:285:9: nilness: impossible condition: nil != nil (govet)
>	if err != nil {
>	       ^

Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
2019-09-18 12:57:27 +02:00
Sebastiaan van Stijn
07ff4f1de8
goimports: fix imports
Format the source according to latest goimports.

Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2019-09-18 12:56:54 +02:00
Brian Goff
24ad2f486d Add (hidden) flags to set containerd namespaces
This allows our tests, which all share a containerd instance, to be a
bit more isolated by setting the containerd namespaces to the generated
daemon ID's rather than the default namespaces.

This came about because I found in some cases we had test daemons
failing to start (really very slow to start) because it was (seemingly)
processing events from other tests.

Signed-off-by: Brian Goff <cpuguy83@gmail.com>
2019-07-11 17:27:48 -07:00