runtime.md
1
# Runtime and Lifecycle
3
## Scope of a Container
4
5
Barring access control concerns, the entity using a runtime to create a container MUST be able to use the operations defined in this specification against that same container.
6
Whether other entities using the same, or other, instance of the runtime can see that container is out of scope of this specification.
8
## State
10
The state of a container MUST include, at least, the following properties:
12
* **`ociVersion`**: (string) is the OCI specification version used when creating the container.
13
* **`id`**: (string) is the container's ID.
14
This MUST be unique across all containers on this host.
15
There is no requirement that it be unique across hosts.
16
* **`status`**: (string) is the runtime state of the container.
17
The value MAY be one of:
18
* `created` : the container has been created but the user-specified code has not yet been executed
19
* `running` : the container has been created and the user-specified code is running
20
* `stopped` : the container has been created and the user-specified code has been executed but is no longer running
21
22
Additional values MAY be defined by the runtime, however, they MUST be used to represent new runtime states not defined above.
23
* **`pid`**: (int) is the ID of the container process, as seen by the host.
24
* **`bundlePath`**: (string) is the absolute path to the container's bundle directory.
25
This is provided so that consumers can find the container's configuration and root filesystem on the host.
26
* **`annotations`**: (map) contains the list of annotations associated with the container.
27
If no annotations were provided then this property MAY either be absent or an empty map.
29
When serialized in JSON, the format MUST adhere to the following pattern:
31
```json
32
{
33
"ociVersion": "0.2.0",
34
"id": "oci-container1",
35
"status": "running",
36
"pid": 4422,
37
"bundlePath": "/containers/redis",
38
"annotations": {
39
"myKey": "myValue"
40
}
44
See [Query State](#query-state) for information on retrieving the state of a container.
45
46
## Lifecycle
47
The lifecycle describes the timeline of events that happen from when a container is created to when it ceases to exist.
49
1. OCI compliant runtime's `create` command is invoked with a reference to the location of the bundle and a unique identifier.
50
2. The container's runtime environment MUST be created according to the configuration in [`config.json`](config.md).
51
If the runtime is unable to create the environment specified in the [`config.json`](config.md), it MUST generate an error.
52
While the resources requested in the [`config.json`](config.md) MUST be created, the user-specified code (from [`process`](config.md#process-configuration) MUST NOT be run at this time.
53
Any updates to `config.json` after this step MUST NOT affect the container.
54
3. Once the container is created additional actions MAY be performed based on the features the runtime chooses to support.
55
However, some actions might only be available based on the current state of the container (e.g. only available while it is started).
56
4. Runtime's `start` command is invoked with the unique identifier of the container.
57
The runtime MUST run the user-specified code, as specified by [`process`](config.md#process-configuration).
58
5. The container's process is stopped.
59
This MAY happen due to them erroring out, exiting, crashing or the runtime's `kill` operation being invoked.
60
6. Runtime's `delete` command is invoked with the unique identifier of the container.
61
The container MUST be destroyed by undoing the steps performed during create phase (step 2).
63
## Errors
64
65
In cases where the specified operation generates an error, this specification does not mandate how, or even if, that error is returned or exposed to the user of an implementation.
66
Unless otherwise stated, generating an error MUST leave the state of the environment as if the operation were never attempted - modulo any possible trivial ancillary changes such as logging.
67
68
## Operations
69
70
OCI compliant runtimes MUST support the following operations, unless the operation is not supported by the base operating system.
71
72
Note: these operations are not specifying any command-line APIs, and the paramenters are inputs for general operations.
73
74
### Query State
75
76
`state <container-id>`
77
78
This operation MUST generate an error if it is not provided the ID of a container.
79
Attempting to query a container that does not exist MUST generate an error.
80
This operation MUST return the state of a container as specified in the [State](#state) section.
81
82
### Create
84
`create <container-id> <path-to-bundle>`
85
86
This operation MUST generate an error if it is not provided a path to the bundle and the container ID to associate with the container.
87
If the ID provided is not unique across all containers within the scope of the runtime, or is not valid in any other way, the implementation MUST generate an error and a new container MUST not be created.
88
Using the data in [`config.json`](config.md), this operation MUST create a new container.
89
This means that all of the resources associated with the container MUST be created, however, the user-specified code MUST NOT be run at this time.
90
91
Upon successful completion of this operation the `status` property of this container MUST be `created`.
93
The runtime MAY validate `config.json` against this spec, either generically or with respect to the local system capabilities, before creating the container ([step 2](#lifecycle)).
94
Runtime callers who are interested in pre-create validation can run [bundle-validation tools](implementations.md#testing--tools) before invoking the create operation.
95
96
Any changes made to the [`config.json`](config.md) file after this operation will not have an effect on the container.
97
98
### Start
99
`start <container-id>`
101
This operation MUST generate an error if it is not provided the container ID.
102
Attempting to start a container that does not exist MUST generate an error.
103
Attempting to start an already started container MUST have no effect on the container and MUST generate an error.
104
This operation MUST run the user-specified code as specified by [`process`](config.md#process-configuration).
105
106
Upon successful completion of this operation the `status` property of this container MUST be `running`.
107
108
### Kill
109
`kill <container-id> <signal>`
111
This operation MUST generate an error if it is not provided the container ID.
112
Attempting to send a signal to a container that is not running MUST have no effect on the container and MUST generate an error.
113
This operation MUST send the specified signal to the process in the container.
115
When the process in the container is stopped, irrespective of it being as a result of a `kill` operation or any other reason, the `status` property of this container MUST be `stopped`.
116
117
### Delete
118
`delete <container-id>`
119
120
This operation MUST generate an error if it is not provided the container ID.
121
Attempting to delete a container that does not exist MUST generate an error.
122
Attempting to delete a container whose process is still running MUST generate an error.
123
Deleting a container MUST delete the resources that were created during the `create` step.
124
Note that resources associated with the container, but not created by this container, MUST NOT be deleted.
125
Once a container is deleted its ID MAY be used by a subsequent container.
128
## Hooks
129
Many of the operations specified in this specification have "hooks" that allow for additional actions to be taken before or after each operation.
130
See [runtime configuration for hooks](./config.md#hooks) for more information.