Add install support for binary images #2518
Conversation
Codecov Report
@@ Coverage Diff @@
## master #2518 +/- ##
==========================================
- Coverage 45.07% 45.05% -0.02%
==========================================
Files 93 94 +1
Lines 9780 9796 +16
==========================================
+ Hits 4408 4414 +6
- Misses 4654 4662 +8
- Partials 718 720 +2
Continue to review full report at Codecov.
|
services/opt/service.go
Outdated
| Type: plugin.InternalPlugin, | ||
| ID: "opt", | ||
| Config: &Config{ | ||
| Path: "/opt/containerd", |
There was a problem hiding this comment.
Should we add OS specific defaults i.e. Windows, etc? Although I'm not sure what the default install path is for Windows.
There was a problem hiding this comment.
@johnstep can you help us out on how to make this work on windows? The idea is that we modify the daemon's %PATH% to some type of managed directory that we can install binaries to
There was a problem hiding this comment.
Sure. Is there an expectation that only one containerd will be installed on a given Windows system? In other words, should it be a global directory, or under the containerd root directory? I lean toward the latter.
|
This is cool! :) |
| func init() { | ||
| plugin.Register(&plugin.Registration{ | ||
| Type: plugin.InternalPlugin, | ||
| ID: "opt", |
There was a problem hiding this comment.
Ok, so we now have an opt plugin to allow introspection of the opt location for binary resolution. Is that how this is working?
There was a problem hiding this comment.
yup, it seems like a cleaner way to provide configuration from the daemon to clients
There was a problem hiding this comment.
and it allows you to disable it in the config as well. our plugin setup is nice
|
I also have an image |
|
LGTM |
|
This looks really cool! Curious; how does "replace" work if the binary is running? (thinking of upgrade scenarios etc) |
|
LGTM |
| @@ -103,6 +104,7 @@ containerd CLI | |||
| run.Command, | |||
| snapshots.Command, | |||
| tasks.Command, | |||
| install.Command, | |||
There was a problem hiding this comment.
How about putting this under ctr packages so that we can have ctr packages list/uninstall/update/upgrade
|
Do you want to do docs in a different PR or should we add some basic information via this PR? Seems like there are a few corner cases that need a FAQ (like "text busy" type issues that could occur per @thaJeztah's comment) or at least just some clear documentation on expectations. |
|
This is cool! Good idea. :) |
I wasn't sure if the current implementation is considered "feature complete" or if future enhancements were planned. I love the simplicity (its elegant), but yes, there may be scenarios that are not covered. OTOH, it should not become over-engineered, over-complicated |
This adds a way for users to programatically install containerd binary dependencies. With runtime v2 and new shim's being built, it will be a challenge to get those onto machines. Users would have to find the link, download, place it in their path, yada yada yada. With this functionality of a managed `/opt` directory, containerd can use existing image and distribution infra. to get binarys, shims, etc onto the system. Configuration: *default:* `/opt/containerd` *containerd config:* ```toml [plugins.opt] path = "/opt/mypath" ``` Usage: *code:* ```go image, err := client.Pull(ctx, "docker.io/crosbymichael/runc:latest") client.Install(ctx, image) ``` *ctr:* ```bash ctr content fetch docker.io/crosbymichael/runc:latest ctr install docker.io/crosbymichael/runc:latest ``` You can manage versions and see what is running via standard image commands. Images: These images MUST be small and only contain binaries. ```Dockerfile FROM scratch Add runc /bin/runc ``` Containerd will only extract files in `/bin` of the image. Later on, we can add support for `/lib`. The code adds a service to manage an `/opt/containerd` directory and provide that path to callers via the introspection service. How to Test: Delete runc from your system. ```bash > sudo ctr run --rm docker.io/library/redis:alpine redis ctr: OCI runtime create failed: unable to retrieve OCI runtime error (open /run/containerd/io.containerd.runtime.v1.linux/default/redis/log.json: no such file or directory): exec: "runc": executable file not found in $PATH: unknown > sudo ctr content fetch docker.io/crosbymichael/runc:latest > sudo ctr install docker.io/crosbymichael/runc:latest > sudo ctr run --rm docker.io/library/redis:alpine redis 1:C 01 Aug 15:59:52.864 # oO0OoO0OoO0Oo Redis is starting oO0OoO0OoO0Oo 1:C 01 Aug 15:59:52.864 # Redis version=4.0.10, bits=64, commit=00000000, modified=0, pid=1, just started 1:C 01 Aug 15:59:52.864 # Warning: no config file specified, using the default config. In order to specify a config file use redis-server /path/to/redis.conf 1:M 01 Aug 15:59:52.866 # You requested maxclients of 10000 requiring at least 10032 max file descriptors. 1:M 01 Aug 15:59:52.866 # Server can't set maximum open files to 10032 because of OS error: Operation not permitted. 1:M 01 Aug 15:59:52.866 # Current maximum open files is 1024. maxclients has been reduced to 992 to compensate for low ulimit. If you need higher maxclients increase 'ulimit -n'. 1:M 01 Aug 15:59:52.870 * Running mode=standalone, port=6379. 1:M 01 Aug 15:59:52.870 # WARNING: The TCP backlog setting of 511 cannot be enforced because /proc/sys/net/core/somaxconn is set to the lower value of 128. 1:M 01 Aug 15:59:52.870 # Server initialized 1:M 01 Aug 15:59:52.870 # WARNING overcommit_memory is set to 0! Background save may fail under low memory condition. To fix this issue add 'vm.overcommit_memory = 1' to /etc/sysctl.conf and then reboot or run the command 'sysctl vm.overcommit_memory=1' for this to take effect. 1:M 01 Aug 15:59:52.870 # WARNING you have Transparent Huge Pages (THP) support enabled in your kernel. This will create latency and memory usage issues with Redis. To fix this issue run the command 'echo never > /sys/kernel/mm/transparent_hugepage/enabled' as root, and add it to your /etc/rc.local in order to retain the setting after a reboot. Redis must be restarted after THP is disabled. 1:M 01 Aug 15:59:52.870 * Ready to accept connections ^C1:signal-handler (1533139193) Received SIGINT scheduling shutdown... 1:M 01 Aug 15:59:53.472 # User requested shutdown... 1:M 01 Aug 15:59:53.472 * Saving the final RDB snapshot before exiting. 1:M 01 Aug 15:59:53.484 * DB saved on disk 1:M 01 Aug 15:59:53.484 # Redis is now ready to exit, bye bye... ``` Signed-off-by: Evan Hazlett <[email protected]> Signed-off-by: Michael Crosby <[email protected]>
Some images like `criu` will have extra libs that it requires. This adds lib support via LD_LIBRARY_PATH and InstallOpts Signed-off-by: Michael Crosby <[email protected]>
|
There is no issues replacing the binaries when they are running |
|
What type of docs are we thinking? I was going to add release notes for it but I can add other things. |
|
I think just a simple example somewhere in our markdown docs that shows usage via both the API and the |
|
Is the PR description/commit message good enough to port over? |
|
(PR description with some tweaking looks good to me) |
This adds a way for users to programatically install containerd binary
dependencies.
With runtime v2 and new shim's being built, it will be a challenge to
get those onto machines. Users would have to find the link, download,
place it in their path, yada yada yada.
With this functionality of a managed
/optdirectory, containerd canuse existing image and distribution infra. to get binarys, shims, etc
onto the system.
Configuration:
default:
/opt/containerdcontainerd config:
Usage:
code:
ctr:
You can manage versions and see what is running via standard image
commands.
Images:
These images MUST be small and only contain binaries.
FROM scratch Add runc /bin/runcContainerd will only extract files in
/binof the image by default, Opts can be added to replace or install libs/.The code adds a service to manage an
/opt/containerddirectory andprovide that path to callers via the introspection service.
How to Test:
Delete runc from your system.
Signed-off-by: Evan Hazlett [email protected]
Signed-off-by: Michael Crosby [email protected]