Commit graph

27 commits

Author SHA1 Message Date
Brian Goff
f63f73a4a8 Configure shims from runtime config
In dockerd we already have a concept of a "runtime", which specifies the
OCI runtime to use (e.g. runc).
This PR extends that config to add containerd shim configuration.
This option is only exposed within the daemon itself (cannot be
configured in daemon.json).
This is due to issues in supporting unknown shims which will require
more design work.

What this change allows us to do is keep all the runtime config in one
place.

So the default "runc" runtime will just have it's already existing shim
config codified within the runtime config alone.
I've also added 2 more "stock" runtimes which are basically runc+shimv1
and runc+shimv2.
These new runtime configurations are:

- io.containerd.runtime.v1.linux - runc + v1 shim using the V1 shim API
- io.containerd.runc.v2 - runc + shim v2

These names coincide with the actual names of the containerd shims.

This allows the user to essentially control what shim is going to be
used by either specifying these as a `--runtime` on container create or
by setting `--default-runtime` on the daemon.

For custom/user-specified runtimes, the default shim config (currently
shim v1) is used.

Signed-off-by: Brian Goff <cpuguy83@gmail.com>
2020-07-13 14:18:02 -07:00
John Howard
8988448729 Remove refs to jhowardmsft from .go code
Signed-off-by: John Howard <jhoward@microsoft.com>
2019-09-25 10:51:18 -07:00
John Howard
19a938f6bc LCOWv1:Remote lcow.kernel and lcow.initrd
Signed-off-by: John Howard <jhoward@microsoft.com>

LCOWv1 will be deprecated soon anyway (and LCOW is experimental regardless).
Removing lcow.initrd and lcow.kernel options which will not be supported
in LCOWv2 (via containerd).
2019-03-12 19:31:12 -07:00
John Howard
8de5db1c00 Remove unsupported lcow.vhdx option
Signed-off-by: John Howard <jhoward@microsoft.com>

This was only experimental and removed from opengcs. Making same
change in docker.
2019-03-12 18:41:55 -07:00
John Howard
85ad4b16c1 Windows: Experimental: Allow containerd for runtime
Signed-off-by: John Howard <jhoward@microsoft.com>

This is the first step in refactoring moby (dockerd) to use containerd on Windows.
Similar to the current model in Linux, this adds the option to enable it for runtime.
It does not switch the graphdriver to containerd snapshotters.

 - Refactors libcontainerd to a series of subpackages so that either a
  "local" containerd (1) or a "remote" (2) containerd can be loaded as opposed
  to conditional compile as "local" for Windows and "remote" for Linux.

 - Updates libcontainerd such that Windows has an option to allow the use of a
   "remote" containerd. Here, it communicates over a named pipe using GRPC.
   This is currently guarded behind the experimental flag, an environment variable,
   and the providing of a pipename to connect to containerd.

 - Infrastructure pieces such as under pkg/system to have helper functions for
   determining whether containerd is being used.

(1) "local" containerd is what the daemon on Windows has used since inception.
It's not really containerd at all - it's simply local invocation of HCS APIs
directly in-process from the daemon through the Microsoft/hcsshim library.

(2) "remote" containerd is what docker on Linux uses for it's runtime. It means
that there is a separate containerd service running, and docker communicates over
GRPC to it.

To try this out, you will need to start with something like the following:

Window 1:
	containerd --log-level debug

Window 2:
	$env:DOCKER_WINDOWS_CONTAINERD=1
	dockerd --experimental -D --containerd \\.\pipe\containerd-containerd

You will need the following binary from github.com/containerd/containerd in your path:
 - containerd.exe

You will need the following binaries from github.com/Microsoft/hcsshim in your path:
 - runhcs.exe
 - containerd-shim-runhcs-v1.exe

For LCOW, it will require and initrd.img and kernel in `C:\Program Files\Linux Containers`.
This is no different to the current requirements. However, you may need updated binaries,
particularly initrd.img built from Microsoft/opengcs as (at the time of writing), Linuxkit
binaries are somewhat out of date.

Note that containerd and hcsshim for HCS v2 APIs do not yet support all the required
functionality needed for docker. This will come in time - this is a baby (although large)
step to migrating Docker on Windows to containerd.

Note that the HCS v2 APIs are only called on RS5+ builds. RS1..RS4 will still use
HCS v1 APIs as the v2 APIs were not fully developed enough on these builds to be usable.
This abstraction is done in HCSShim. (Referring specifically to runtime)

Note the LCOW graphdriver still uses HCS v1 APIs regardless.

Note also that this does not migrate docker to use containerd snapshotters
rather than graphdrivers. This needs to be done in conjunction with Linux also
doing the same switch.
2019-03-12 18:41:55 -07:00
Daniel Nephin
4f0d95fa6e Add canonical import comment
Signed-off-by: Daniel Nephin <dnephin@docker.com>
2018-02-05 16:51:57 -05:00
Kenfe-Mickael Laventure
ddae20c032
Update libcontainerd to use containerd 1.0
Signed-off-by: Kenfe-Mickael Laventure <mickael.laventure@gmail.com>
2017-10-20 07:11:37 -07:00
John Howard
0380fbff37 LCOW: API: Add platform to /images/create and /build
Signed-off-by: John Howard <jhoward@microsoft.com>

This PR has the API changes described in https://github.com/moby/moby/issues/34617.
Specifically, it adds an HTTP header "X-Requested-Platform" which is a JSON-encoded
OCI Image-spec `Platform` structure.

In addition, it renames (almost all) uses of a string variable platform (and associated)
methods/functions to os. This makes it much clearer to disambiguate with the swarm
"platform" which is really os/arch. This is a stepping stone to getting the daemon towards
fully multi-platform/arch-aware, and makes it clear when "operating system" is being
referred to rather than "platform" which is misleadingly used - sometimes in the swarm
meaning, but more often as just the operating system.
2017-10-06 11:44:18 -07:00
Darren Stahl
7c29103ad9
Update Windows and LCOW to use v1.0.0 runtime-spec
Signed-off-by: Darren Stahl <darst@microsoft.com>
Signed-off-by: Kenfe-Mickael Laventure <mickael.laventure@gmail.com>
2017-08-21 15:19:31 -07:00
John Howard
ee0587a45d jhoward/opengcs --> Microsoft/opengcs
Signed-off-by: John Howard <jhoward@microsoft.com>
2017-08-08 14:43:43 -07:00
John Howard
ffdef6255e LCOW: Remove hard-coding
Signed-off-by: John Howard <jhoward@microsoft.com>
2017-08-03 16:10:25 -07:00
Madhan Raj Mookkandy
349913ce9f Include Endpoint List for Shared Endpoints
Do not allow sharing of container network with hyperv containers

Signed-off-by: Madhan Raj Mookkandy <madhanm@microsoft.com>
2017-07-06 12:19:17 -07:00
John Howard
3aa4a00715 LCOW: Move daemon stores to per platform
Signed-off-by: John Howard <jhoward@microsoft.com>
2017-06-20 19:49:52 -07:00
Sebastiaan van Stijn
4bf8714fac Merge pull request #33311 from msabansal/dnssearch
Adding support for DNS search on RS1
2017-05-30 13:09:18 +02:00
John Howard
2f038c2586 Windows: Remove unused SandboxPath
Signed-off-by: John Howard <jhoward@microsoft.com>
2017-05-24 13:44:35 -07:00
Sandeep Bansal
b8e8dcd6e0 Adding support for DNS search on RS1
Signed-off-by: Sandeep Bansal <sabansal@microsoft.com>
2017-05-18 19:41:06 -07:00
Madhan Raj Mookkandy
040afcce8f (*) Support --net:container:<containername/id> for windows
(*) (vdemeester) Removed duplicate code across Windows and Unix wrt Net:Containers
(*) Return unsupported error for network sharing for hyperv isolation containers

Signed-off-by: Madhan Raj Mookkandy <MadhanRaj.Mookkandy@microsoft.com>
2017-02-28 20:03:43 -08:00
msabansal
e6962481a0 Added support for dns-search and fixes #30102
Signed-off-by: msabansal <sabansal@microsoft.com>
2017-01-13 12:01:10 -08:00
msabansal
ed8ccc3046 Swarm-mode overlay networking support for windows
Signed-off-by: msabansal <sabansal@microsoft.com>
2016-11-10 09:54:40 -08:00
Tonis Tiigi
606a245d85 Remove restartmanager from libcontainerd
Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
2016-10-07 12:09:54 -07:00
John Howard
e85867cb68 Windows: Support credential specs
Signed-off-by: John Howard <jhoward@microsoft.com>
2016-10-06 09:32:22 -07:00
Stefan J. Wernli
78540d0d18 Fixing servicing bug by always specifying LayerFolderPath
During the recent OCI changes, I mistakenly thought LayerFolderPath is only needed for Windows Server containers (isolation=process) and not for Hyper-V Containers, but it turns out it is also required for servicing containers used to finish installing updates.  Since the servicing containers need to reuse the container's create options, this change makes it so that LayerFolderPath is always filled in for all containers as part of constructing the create options.

Signed-off-by: Stefan J. Wernli <swernli@microsoft.com>
2016-10-04 15:29:30 -07:00
msabansal
d1e0a78614 Changes required to support windows service discovery
Signed-off-by: msabansal <sabansal@microsoft.com>
2016-09-22 12:21:21 -07:00
John Howard
410a8612f4 Windows OCI: Remove endpoint list
Signed-off-by: John Howard <jhoward@microsoft.com>
2016-09-22 10:08:13 -07:00
John Howard
a3aceeac50 Windows: OCI HVRuntime and LayerPaths to options
Signed-off-by: John Howard <jhoward@microsoft.com>
2016-09-20 13:51:53 -07:00
John Howard
f7fd408ba7 Windows: OCI remove first start
Signed-off-by: John Howard <jhoward@microsoft.com>
2016-09-16 16:05:55 -07:00
Kenfe-Mickael Laventure
7b2e5216b8 Add support for multiples runtimes
Signed-off-by: Kenfe-Mickael Laventure <mickael.laventure@gmail.com>
2016-06-14 07:47:31 -07:00