bba77163ff
- Only use the image exporter in build if we don't use containerd
Without this "docker build" fails with:
Error response from daemon: exporter "image" could not be found
- let buildx know we support containerd snapshotter
- Pass the current snapshotter to the buildkit worker
If buildkit uses a different snapshotter we can't list the images any
more because we can't find the snapshot.
builder/builder-next: make ContainerdWorker a minimal wrapper
Note that this makes "Worker" a public field, so technically one could
overwrite it.
builder-next: reenable runc executor
Currently, without special CNI config the builder would
only create host network containers that is a security issue.
Using runc directly instead of shim is faster as well
as builder doesn’t need anything from shim. The overhead
of setting up network sandbox is much slower of course.
builder/builder-next: simplify options handling
Trying to simplify the logic;
- Use an early return if multiple outputs are provided
- Only construct the list of tags if we're using an image (or moby) exporter
- Combine some logic for snapshotter and non-snapshotter handling
Create a constant for the moby exporter
Pass a context when creating a router
The context has a 10 seconds timeout which should be more than enough to
get the answer from containerd.
Signed-off-by: Djordje Lukic <djordje.lukic@docker.com>
Co-authored-by: Sebastiaan van Stijn <github@gone.nl>
Co-authored-by: Tonis Tiigi <tonistiigi@gmail.com>
Co-authored-by: Nicolas De Loof <nicolas.deloof@gmail.com>
Co-authored-by: Paweł Gronowski <pawel.gronowski@docker.com>
Signed-off-by: Paweł Gronowski <pawel.gronowski@docker.com>
|
||
|---|---|---|
| .. | ||
| cmd/containerd-shim-runhcs-v1/options | ||
| computestorage | ||
| hcn | ||
| internal | ||
| osversion | ||
| pkg/ociwclayer | ||
| .gitattributes | ||
| .gitignore | ||
| .golangci.yml | ||
| CODEOWNERS | ||
| container.go | ||
| errors.go | ||
| functional_tests.ps1 | ||
| hcsshim.go | ||
| hnsendpoint.go | ||
| hnsglobals.go | ||
| hnsnetwork.go | ||
| hnspolicy.go | ||
| hnspolicylist.go | ||
| hnssupport.go | ||
| interface.go | ||
| layer.go | ||
| LICENSE | ||
| Makefile | ||
| process.go | ||
| Protobuild.toml | ||
| README.md | ||
| zsyscall_windows.go | ||
hcsshim
This package contains the Golang interface for using the Windows Host Compute Service (HCS) to launch and manage Windows Containers. It also contains other helpers and functions for managing Windows Containers such as the Golang interface for the Host Network Service (HNS), as well as code for the guest agent (commonly referred to as the GCS or Guest Compute Service in the codebase) used to support running Linux Hyper-V containers.
It is primarily used in the Moby and Containerd projects, but it can be freely used by other projects as well.
Building
While this repository can be used as a library of sorts to call the HCS apis, there are a couple binaries built out of the repository as well. The main ones being the Linux guest agent, and an implementation of the runtime v2 containerd shim api.
Linux Hyper-V Container Guest Agent
To build the Linux guest agent itself all that's needed is to set your GOOS to "Linux" and build out of ./cmd/gcs.
C:\> $env:GOOS="linux"
C:\> go build .\cmd\gcs\
or on a Linux machine
> go build ./cmd/gcs
If you want it to be packaged inside of a rootfs to boot with alongside all of the other tools then you'll need to provide a rootfs that it can be packaged inside of. An easy way is to export the rootfs of a container.
docker pull busybox
docker run --name base_image_container busybox
docker export base_image_container | gzip > base.tar.gz
BASE=./base.tar.gz
make all
If the build is successful, in the ./out folder you should see:
> ls ./out/
delta.tar.gz initrd.img rootfs.tar.gz
Containerd Shim
For info on the Runtime V2 API: https://github.com/containerd/containerd/blob/master/runtime/v2/README.md.
Contrary to the typical Linux architecture of shim -> runc, the runhcs shim is used both to launch and manage the lifetime of containers.
C:\> $env:GOOS="windows"
C:\> go build .\cmd\containerd-shim-runhcs-v1
Then place the binary in the same directory that Containerd is located at in your environment. A default Containerd configuration file can be generated by running:
.\containerd.exe config default | Out-File "C:\Program Files\containerd\config.toml" -Encoding ascii
This config file will already have the shim set as the default runtime for cri interactions.
To trial using the shim out with ctr.exe:
C:\> ctr.exe run --runtime io.containerd.runhcs.v1 --rm mcr.microsoft.com/windows/nanoserver:2004 windows-test cmd /c "echo Hello World!"
Contributing
This project welcomes contributions and suggestions. Most contributions require you to agree to a Contributor License Agreement (CLA) declaring that you have the right to, and actually do, grant us the rights to use your contribution. For details, visit https://cla.microsoft.com.
When you submit a pull request, a CLA-bot will automatically determine whether you need to provide a CLA and decorate the PR appropriately (e.g., label, comment). Simply follow the instructions provided by the bot. You will only need to do this once across all repos using our CLA.
We also require that contributors sign their commits using git commit -s or git commit --signoff to
certify they either authored the work themselves or otherwise have permission to use it in this project. Please see https://developercertificate.org/ for
more info, as well as to make sure that you can attest to the rules listed. Our CI uses the DCO Github app to ensure
that all commits in a given PR are signed-off.
Test Directory (Important to note)
This project has tried to trim some dependencies from the root Go modules file that would be cumbersome to get transitively included if this project is being vendored/used as a library. Some of these dependencies were only being used for tests, so the /test directory in this project also has its own go.mod file where these are now included to get around this issue. Our tests rely on the code in this project to run, so the test Go modules file has a relative path replace directive to pull in the latest hcsshim code that the tests actually touch from this project (which is the repo itself on your disk).
replace (
github.com/Microsoft/hcsshim => ../
)
Because of this, for most code changes you may need to run go mod vendor + go mod tidy in the /test directory in this repository, as the
CI in this project will check if the files are out of date and will fail if this is true.
Code of Conduct
This project has adopted the Microsoft Open Source Code of Conduct. For more information see the Code of Conduct FAQ or contact opencode@microsoft.com with any additional questions or comments.
Dependencies
This project requires Golang 1.9 or newer to build.
For system requirements to run this project, see the Microsoft docs on Windows Container requirements.
Reporting Security Issues
Security issues and bugs should be reported privately, via email, to the Microsoft Security Response Center (MSRC) at secure@microsoft.com. You should receive a response within 24 hours. If for some reason you do not, please follow up via email to ensure we received your original message. Further information, including the MSRC PGP key, can be found in the Security TechCenter.
For additional details, see Report a Computer Security Vulnerability on Technet
Copyright (c) 2018 Microsoft Corp. All rights reserved.