* Requires containerd binaries from containerd/containerd#3799 . Metrics are unimplemented yet.
* Works with crun v0.10.4, but `--security-opt seccomp=unconfined` is needed unless using master version of libseccomp
( containers/crun#156, seccomp/libseccomp#177 )
* Doesn't work with master runc yet
* Resource limitations are unimplemented
Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
Instead of having to create a bunch of custom error types that are doing
nothing but wrapping another error in sub-packages, use a common helper
to create errors of the requested type.
e.g. instead of re-implementing this over and over:
```go
type notFoundError struct {
cause error
}
func(e notFoundError) Error() string {
return e.cause.Error()
}
func(e notFoundError) NotFound() {}
func(e notFoundError) Cause() error {
return e.cause
}
```
Packages can instead just do:
```
errdefs.NotFound(err)
```
Signed-off-by: Brian Goff <cpuguy83@gmail.com>
Use strongly typed errors to set HTTP status codes.
Error interfaces are defined in the api/errors package and errors
returned from controllers are checked against these interfaces.
Errors can be wraeped in a pkg/errors.Causer, as long as somewhere in the
line of causes one of the interfaces is implemented. The special error
interfaces take precedence over Causer, meaning if both Causer and one
of the new error interfaces are implemented, the Causer is not
traversed.
Signed-off-by: Brian Goff <cpuguy83@gmail.com>
Reuse existing structures and rely on json serialization to deep copy
Container objects.
Also consolidate all "save" operations on container.CheckpointTo, which
now both saves a serialized json to disk, and replicates state to the
ACID in-memory store.
Signed-off-by: Fabio Kung <fabio.kung@gmail.com>
If you created containers from pre-OCI docker (e.g. docker-1.10.x)
upgrade may fail when restarting containers if the new docker daemon
has `--default-runtime` set.
In Fedora, we ship docker 1.12.6 with:
```
--default-runtime=oci
--add-runtime oci=/usr/libexec/docker/docker-runc-current
```
That way we don't rely on `docker-runc` being in `$PATH`.
The issue is, on upgrade from docker 1.10.3 without this patch, the
default runtime in `daemon/start_linux.go` is unconditionally set to
`runc=docker-runc` without honoring the `--default-runtime` flag set in
the docker daemon.
Reproducer:
- (1.10.3) `docker run -d -p 5000:5000 --restart=always --name registry
registry:2`
- upgrade to docker 1.12.6 (1.11.x has likely the same issue)
- the registry container fails to restart on upgrade with the following
log message `error="exec: \"docker-runc\": executable file not
found in $PATH: \"\""`
That error comes from the fact that we're setting the runtime in the
container's HostConfig to `runc` where instead we should have honored
the `--default-runtime` flag (in our case that's set to `oci`).
Signed-off-by: Antonio Murdaca <runcom@redhat.com>