Windows: Experimental: Allow containerd for runtime
Signed-off-by: John Howard <jhoward@microsoft.com>
This is the first step in refactoring moby (dockerd) to use containerd on Windows.
Similar to the current model in Linux, this adds the option to enable it for runtime.
It does not switch the graphdriver to containerd snapshotters.
- Refactors libcontainerd to a series of subpackages so that either a
"local" containerd (1) or a "remote" (2) containerd can be loaded as opposed
to conditional compile as "local" for Windows and "remote" for Linux.
- Updates libcontainerd such that Windows has an option to allow the use of a
"remote" containerd. Here, it communicates over a named pipe using GRPC.
This is currently guarded behind the experimental flag, an environment variable,
and the providing of a pipename to connect to containerd.
- Infrastructure pieces such as under pkg/system to have helper functions for
determining whether containerd is being used.
(1) "local" containerd is what the daemon on Windows has used since inception.
It's not really containerd at all - it's simply local invocation of HCS APIs
directly in-process from the daemon through the Microsoft/hcsshim library.
(2) "remote" containerd is what docker on Linux uses for it's runtime. It means
that there is a separate containerd service running, and docker communicates over
GRPC to it.
To try this out, you will need to start with something like the following:
Window 1:
containerd --log-level debug
Window 2:
$env:DOCKER_WINDOWS_CONTAINERD=1
dockerd --experimental -D --containerd \\.\pipe\containerd-containerd
You will need the following binary from github.com/containerd/containerd in your path:
- containerd.exe
You will need the following binaries from github.com/Microsoft/hcsshim in your path:
- runhcs.exe
- containerd-shim-runhcs-v1.exe
For LCOW, it will require and initrd.img and kernel in `C:\Program Files\Linux Containers`.
This is no different to the current requirements. However, you may need updated binaries,
particularly initrd.img built from Microsoft/opengcs as (at the time of writing), Linuxkit
binaries are somewhat out of date.
Note that containerd and hcsshim for HCS v2 APIs do not yet support all the required
functionality needed for docker. This will come in time - this is a baby (although large)
step to migrating Docker on Windows to containerd.
Note that the HCS v2 APIs are only called on RS5+ builds. RS1..RS4 will still use
HCS v1 APIs as the v2 APIs were not fully developed enough on these builds to be usable.
This abstraction is done in HCSShim. (Referring specifically to runtime)
Note the LCOW graphdriver still uses HCS v1 APIs regardless.
Note also that this does not migrate docker to use containerd snapshotters
rather than graphdrivers. This needs to be done in conjunction with Linux also
doing the same switch.
2019-01-08 22:30:52 +00:00
|
|
|
package types // import "github.com/docker/docker/libcontainerd/types"
|
2016-03-18 18:50:19 +00:00
|
|
|
|
2016-07-15 21:12:07 +00:00
|
|
|
import (
|
2017-09-22 13:52:41 +00:00
|
|
|
"context"
|
2022-05-01 22:05:21 +00:00
|
|
|
"syscall"
|
2017-09-22 13:52:41 +00:00
|
|
|
"time"
|
2016-07-15 21:12:07 +00:00
|
|
|
|
2017-09-22 13:52:41 +00:00
|
|
|
"github.com/containerd/containerd"
|
2017-11-30 00:15:20 +00:00
|
|
|
"github.com/containerd/containerd/cio"
|
2019-08-05 14:37:47 +00:00
|
|
|
specs "github.com/opencontainers/runtime-spec/specs-go"
|
2016-07-15 21:12:07 +00:00
|
|
|
)
|
2016-03-18 18:50:19 +00:00
|
|
|
|
2017-09-22 13:52:41 +00:00
|
|
|
// EventType represents a possible event from libcontainerd
|
|
|
|
|
type EventType string
|
|
|
|
|
|
|
|
|
|
// Event constants used when reporting events
|
|
|
|
|
const (
|
|
|
|
|
EventUnknown EventType = "unknown"
|
|
|
|
|
EventExit EventType = "exit"
|
|
|
|
|
EventOOM EventType = "oom"
|
|
|
|
|
EventCreate EventType = "create"
|
|
|
|
|
EventStart EventType = "start"
|
|
|
|
|
EventExecAdded EventType = "exec-added"
|
|
|
|
|
EventExecStarted EventType = "exec-started"
|
|
|
|
|
EventPaused EventType = "paused"
|
|
|
|
|
EventResumed EventType = "resumed"
|
|
|
|
|
)
|
|
|
|
|
|
|
|
|
|
// EventInfo contains the event info
|
|
|
|
|
type EventInfo struct {
|
|
|
|
|
ContainerID string
|
|
|
|
|
ProcessID string
|
|
|
|
|
Pid uint32
|
|
|
|
|
ExitCode uint32
|
|
|
|
|
ExitedAt time.Time
|
2018-02-09 18:08:47 +00:00
|
|
|
Error error
|
2016-03-18 18:50:19 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Backend defines callbacks that the client of the library needs to implement.
|
|
|
|
|
type Backend interface {
|
2017-09-22 13:52:41 +00:00
|
|
|
ProcessEvent(containerID string, event EventType, ei EventInfo) error
|
2016-03-18 18:50:19 +00:00
|
|
|
}
|
|
|
|
|
|
2019-03-25 20:17:17 +00:00
|
|
|
// Process of a container
|
|
|
|
|
type Process interface {
|
2022-05-10 19:59:00 +00:00
|
|
|
// Pid is the system specific process id
|
|
|
|
|
Pid() uint32
|
|
|
|
|
// Kill sends the provided signal to the process
|
|
|
|
|
Kill(ctx context.Context, signal syscall.Signal) error
|
|
|
|
|
// Resize changes the width and height of the process's terminal
|
|
|
|
|
Resize(ctx context.Context, width, height uint32) error
|
|
|
|
|
// Delete removes the process and any resources allocated returning the exit status
|
|
|
|
|
Delete(context.Context) (*containerd.ExitStatus, error)
|
2019-03-25 20:17:17 +00:00
|
|
|
}
|
|
|
|
|
|
2016-03-18 18:50:19 +00:00
|
|
|
// Client provides access to containerd features.
|
|
|
|
|
type Client interface {
|
2017-11-03 00:21:18 +00:00
|
|
|
Version(ctx context.Context) (containerd.Version, error)
|
2022-05-10 19:59:00 +00:00
|
|
|
// LoadContainer loads the metadata for a container from containerd.
|
|
|
|
|
LoadContainer(ctx context.Context, containerID string) (Container, error)
|
|
|
|
|
// NewContainer creates a new containerd container.
|
|
|
|
|
NewContainer(ctx context.Context, containerID string, spec *specs.Spec, shim string, runtimeOptions interface{}, opts ...containerd.NewContainerOpts) (Container, error)
|
|
|
|
|
}
|
2017-11-03 00:21:18 +00:00
|
|
|
|
2022-05-10 19:59:00 +00:00
|
|
|
// Container provides access to a containerd container.
|
|
|
|
|
type Container interface {
|
|
|
|
|
Start(ctx context.Context, checkpointDir string, withStdin bool, attachStdio StdioCallback) (Task, error)
|
|
|
|
|
Task(ctx context.Context) (Task, error)
|
|
|
|
|
// AttachTask returns the current task for the container and reattaches
|
|
|
|
|
// to the IO for the running task. If no task exists for the container
|
|
|
|
|
// a NotFound error is returned.
|
|
|
|
|
//
|
|
|
|
|
// Clients must make sure that only one reader is attached to the task.
|
|
|
|
|
AttachTask(ctx context.Context, attachStdio StdioCallback) (Task, error)
|
|
|
|
|
// Delete removes the container and associated resources
|
|
|
|
|
Delete(context.Context) error
|
|
|
|
|
}
|
2016-03-18 18:50:19 +00:00
|
|
|
|
2022-05-10 19:59:00 +00:00
|
|
|
// Task provides access to a running containerd container.
|
|
|
|
|
type Task interface {
|
|
|
|
|
Process
|
|
|
|
|
// Pause suspends the execution of the task
|
|
|
|
|
Pause(context.Context) error
|
|
|
|
|
// Resume the execution of the task
|
|
|
|
|
Resume(context.Context) error
|
|
|
|
|
Stats(ctx context.Context) (*Stats, error)
|
|
|
|
|
// Pids returns a list of system specific process ids inside the task
|
|
|
|
|
Pids(context.Context) ([]containerd.ProcessInfo, error)
|
|
|
|
|
Summary(ctx context.Context) ([]Summary, error)
|
|
|
|
|
// ForceDelete forcefully kills the task's processes and deletes the task
|
|
|
|
|
ForceDelete(context.Context) error
|
|
|
|
|
// Status returns the executing status of the task
|
|
|
|
|
Status(ctx context.Context) (containerd.Status, error)
|
|
|
|
|
// Exec creates and starts a new process inside the task
|
|
|
|
|
Exec(ctx context.Context, processID string, spec *specs.Process, withStdin bool, attachStdio StdioCallback) (Process, error)
|
|
|
|
|
UpdateResources(ctx context.Context, resources *Resources) error
|
|
|
|
|
CreateCheckpoint(ctx context.Context, checkpointDir string, exit bool) error
|
2016-03-18 18:50:19 +00:00
|
|
|
}
|
|
|
|
|
|
2016-10-17 21:39:52 +00:00
|
|
|
// StdioCallback is called to connect a container or process stdio.
|
2017-12-07 19:26:27 +00:00
|
|
|
type StdioCallback func(io *cio.DirectIO) (cio.IO, error)
|
Windows: Experimental: Allow containerd for runtime
Signed-off-by: John Howard <jhoward@microsoft.com>
This is the first step in refactoring moby (dockerd) to use containerd on Windows.
Similar to the current model in Linux, this adds the option to enable it for runtime.
It does not switch the graphdriver to containerd snapshotters.
- Refactors libcontainerd to a series of subpackages so that either a
"local" containerd (1) or a "remote" (2) containerd can be loaded as opposed
to conditional compile as "local" for Windows and "remote" for Linux.
- Updates libcontainerd such that Windows has an option to allow the use of a
"remote" containerd. Here, it communicates over a named pipe using GRPC.
This is currently guarded behind the experimental flag, an environment variable,
and the providing of a pipename to connect to containerd.
- Infrastructure pieces such as under pkg/system to have helper functions for
determining whether containerd is being used.
(1) "local" containerd is what the daemon on Windows has used since inception.
It's not really containerd at all - it's simply local invocation of HCS APIs
directly in-process from the daemon through the Microsoft/hcsshim library.
(2) "remote" containerd is what docker on Linux uses for it's runtime. It means
that there is a separate containerd service running, and docker communicates over
GRPC to it.
To try this out, you will need to start with something like the following:
Window 1:
containerd --log-level debug
Window 2:
$env:DOCKER_WINDOWS_CONTAINERD=1
dockerd --experimental -D --containerd \\.\pipe\containerd-containerd
You will need the following binary from github.com/containerd/containerd in your path:
- containerd.exe
You will need the following binaries from github.com/Microsoft/hcsshim in your path:
- runhcs.exe
- containerd-shim-runhcs-v1.exe
For LCOW, it will require and initrd.img and kernel in `C:\Program Files\Linux Containers`.
This is no different to the current requirements. However, you may need updated binaries,
particularly initrd.img built from Microsoft/opengcs as (at the time of writing), Linuxkit
binaries are somewhat out of date.
Note that containerd and hcsshim for HCS v2 APIs do not yet support all the required
functionality needed for docker. This will come in time - this is a baby (although large)
step to migrating Docker on Windows to containerd.
Note that the HCS v2 APIs are only called on RS5+ builds. RS1..RS4 will still use
HCS v1 APIs as the v2 APIs were not fully developed enough on these builds to be usable.
This abstraction is done in HCSShim. (Referring specifically to runtime)
Note the LCOW graphdriver still uses HCS v1 APIs regardless.
Note also that this does not migrate docker to use containerd snapshotters
rather than graphdrivers. This needs to be done in conjunction with Linux also
doing the same switch.
2019-01-08 22:30:52 +00:00
|
|
|
|
|
|
|
|
// InitProcessName is the name given to the first process of a container
|
|
|
|
|
const InitProcessName = "init"
|