f63f73a4a8
In dockerd we already have a concept of a "runtime", which specifies the OCI runtime to use (e.g. runc). This PR extends that config to add containerd shim configuration. This option is only exposed within the daemon itself (cannot be configured in daemon.json). This is due to issues in supporting unknown shims which will require more design work. What this change allows us to do is keep all the runtime config in one place. So the default "runc" runtime will just have it's already existing shim config codified within the runtime config alone. I've also added 2 more "stock" runtimes which are basically runc+shimv1 and runc+shimv2. These new runtime configurations are: - io.containerd.runtime.v1.linux - runc + v1 shim using the V1 shim API - io.containerd.runc.v2 - runc + shim v2 These names coincide with the actual names of the containerd shims. This allows the user to essentially control what shim is going to be used by either specifying these as a `--runtime` on container create or by setting `--default-runtime` on the daemon. For custom/user-specified runtimes, the default shim config (currently shim v1) is used. Signed-off-by: Brian Goff <cpuguy83@gmail.com>
128 lines
3.5 KiB
Go
128 lines
3.5 KiB
Go
package remote // import "github.com/docker/docker/libcontainerd/remote"
|
|
|
|
import (
|
|
"context"
|
|
"fmt"
|
|
"os"
|
|
"path/filepath"
|
|
"strings"
|
|
|
|
"github.com/containerd/containerd"
|
|
"github.com/containerd/containerd/cio"
|
|
"github.com/containerd/containerd/containers"
|
|
libcontainerdtypes "github.com/docker/docker/libcontainerd/types"
|
|
"github.com/docker/docker/pkg/idtools"
|
|
specs "github.com/opencontainers/runtime-spec/specs-go"
|
|
"github.com/sirupsen/logrus"
|
|
)
|
|
|
|
func summaryFromInterface(i interface{}) (*libcontainerdtypes.Summary, error) {
|
|
return &libcontainerdtypes.Summary{}, nil
|
|
}
|
|
|
|
func (c *client) UpdateResources(ctx context.Context, containerID string, resources *libcontainerdtypes.Resources) error {
|
|
p, err := c.getProcess(ctx, containerID, libcontainerdtypes.InitProcessName)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
|
|
// go doesn't like the alias in 1.8, this means this need to be
|
|
// platform specific
|
|
return p.(containerd.Task).Update(ctx, containerd.WithResources((*specs.LinuxResources)(resources)))
|
|
}
|
|
|
|
func hostIDFromMap(id uint32, mp []specs.LinuxIDMapping) int {
|
|
for _, m := range mp {
|
|
if id >= m.ContainerID && id <= m.ContainerID+m.Size-1 {
|
|
return int(m.HostID + id - m.ContainerID)
|
|
}
|
|
}
|
|
return 0
|
|
}
|
|
|
|
func getSpecUser(ociSpec *specs.Spec) (int, int) {
|
|
var (
|
|
uid int
|
|
gid int
|
|
)
|
|
|
|
for _, ns := range ociSpec.Linux.Namespaces {
|
|
if ns.Type == specs.UserNamespace {
|
|
uid = hostIDFromMap(0, ociSpec.Linux.UIDMappings)
|
|
gid = hostIDFromMap(0, ociSpec.Linux.GIDMappings)
|
|
break
|
|
}
|
|
}
|
|
|
|
return uid, gid
|
|
}
|
|
|
|
// WithBundle creates the bundle for the container
|
|
func WithBundle(bundleDir string, ociSpec *specs.Spec) containerd.NewContainerOpts {
|
|
return func(ctx context.Context, client *containerd.Client, c *containers.Container) error {
|
|
if c.Labels == nil {
|
|
c.Labels = make(map[string]string)
|
|
}
|
|
uid, gid := getSpecUser(ociSpec)
|
|
if uid == 0 && gid == 0 {
|
|
c.Labels[DockerContainerBundlePath] = bundleDir
|
|
return idtools.MkdirAllAndChownNew(bundleDir, 0755, idtools.Identity{UID: 0, GID: 0})
|
|
}
|
|
|
|
p := string(filepath.Separator)
|
|
components := strings.Split(bundleDir, string(filepath.Separator))
|
|
for _, d := range components[1:] {
|
|
p = filepath.Join(p, d)
|
|
fi, err := os.Stat(p)
|
|
if err != nil && !os.IsNotExist(err) {
|
|
return err
|
|
}
|
|
if os.IsNotExist(err) || fi.Mode()&1 == 0 {
|
|
p = fmt.Sprintf("%s.%d.%d", p, uid, gid)
|
|
if err := idtools.MkdirAndChown(p, 0700, idtools.Identity{UID: uid, GID: gid}); err != nil && !os.IsExist(err) {
|
|
return err
|
|
}
|
|
}
|
|
}
|
|
if c.Labels == nil {
|
|
c.Labels = make(map[string]string)
|
|
}
|
|
c.Labels[DockerContainerBundlePath] = p
|
|
return nil
|
|
}
|
|
}
|
|
|
|
func withLogLevel(_ logrus.Level) containerd.NewTaskOpts {
|
|
panic("Not implemented")
|
|
}
|
|
|
|
func newFIFOSet(bundleDir, processID string, withStdin, withTerminal bool) *cio.FIFOSet {
|
|
config := cio.Config{
|
|
Terminal: withTerminal,
|
|
Stdout: filepath.Join(bundleDir, processID+"-stdout"),
|
|
}
|
|
paths := []string{config.Stdout}
|
|
|
|
if withStdin {
|
|
config.Stdin = filepath.Join(bundleDir, processID+"-stdin")
|
|
paths = append(paths, config.Stdin)
|
|
}
|
|
if !withTerminal {
|
|
config.Stderr = filepath.Join(bundleDir, processID+"-stderr")
|
|
paths = append(paths, config.Stderr)
|
|
}
|
|
closer := func() error {
|
|
for _, path := range paths {
|
|
if err := os.RemoveAll(path); err != nil {
|
|
logrus.Warnf("libcontainerd: failed to remove fifo %v: %v", path, err)
|
|
}
|
|
}
|
|
return nil
|
|
}
|
|
|
|
return cio.NewFIFOSet(config, closer)
|
|
}
|
|
|
|
func (c *client) newDirectIO(ctx context.Context, fifos *cio.FIFOSet) (*cio.DirectIO, error) {
|
|
return cio.NewDirectIO(ctx, fifos)
|
|
}
|