runtime.md
1
# Runtime and Lifecycle
3
## Scope of a Container
4
5
Barring access control concerns, the entity using a runtime to create a container MUST be able to use the operations defined in this specification against that same container.
6
Whether other entities using the same, or other, instance of the runtime can see that container is out of scope of this specification.
8
## State
10
The state of a container includes the following properties:
12
* **`ociVersion`** (string, REQUIRED) is the OCI specification version used when creating the container.
13
* **`id`** (string, REQUIRED) is the container's ID.
14
This MUST be unique across all containers on this host.
15
There is no requirement that it be unique across hosts.
16
* **`status`** (string, REQUIRED) is the runtime state of the container.
17
The value MAY be one of:
18
19
* `created`: the container process has neither exited nor executed the user-specified program
20
* `running`: the container process has executed the user-specified program but has not exited
21
* `stopped`: the container process has exited
23
Additional values MAY be defined by the runtime, however, they MUST be used to represent new runtime states not defined above.
24
* **`pid`** (int, REQUIRED when `status` is `created` or `running`) is the ID of the container process, as seen by the host.
25
* **`bundlePath`** (string, REQUIRED) is the absolute path to the container's bundle directory.
26
This is provided so that consumers can find the container's configuration and root filesystem on the host.
27
* **`annotations`** (map, OPTIONAL) contains the list of annotations associated with the container.
28
If no annotations were provided then this property MAY either be absent or an empty map.
30
The state MAY include additional properties.
31
32
When serialized in JSON, the format MUST adhere to the following pattern:
34
```json
35
{
36
"ociVersion": "0.2.0",
37
"id": "oci-container1",
38
"status": "running",
39
"pid": 4422,
40
"bundlePath": "/containers/redis",
41
"annotations": {
42
"myKey": "myValue"
43
}
47
See [Query State](#query-state) for information on retrieving the state of a container.
48
49
## Lifecycle
50
The lifecycle describes the timeline of events that happen from when a container is created to when it ceases to exist.
52
1. OCI compliant runtime's [`create`](runtime.md#create) command is invoked with a reference to the location of the bundle and a unique identifier.
53
2. The container's runtime environment MUST be created according to the configuration in [`config.json`](config.md).
54
If the runtime is unable to create the environment specified in the [`config.json`](config.md), it MUST generate an error.
55
While the resources requested in the [`config.json`](config.md) MUST be created, the user-specified program (from [`process`](config.md#process)) MUST NOT be run at this time.
56
Any updates to [`config.json`](config.md) after this step MUST NOT affect the container.
57
3. Once the container is created additional actions MAY be performed based on the features the runtime chooses to support.
58
However, some actions might only be available based on the current state of the container (e.g. only available while it is started).
59
4. Runtime's [`start`](runtime.md#start) command is invoked with the unique identifier of the container.
60
The runtime MUST run the user-specified program, as specified by [`process`](config.md#process).
61
5. The container process exits.
62
This MAY happen due to erroring out, exiting, crashing or the runtime's [`kill`](runtime.md#kill) operation being invoked.
63
6. Runtime's [`delete`](runtime.md#delete) command is invoked with the unique identifier of the container.
64
The container MUST be destroyed by undoing the steps performed during create phase (step 2).
66
## Errors
67
68
In cases where the specified operation generates an error, this specification does not mandate how, or even if, that error is returned or exposed to the user of an implementation.
69
Unless otherwise stated, generating an error MUST leave the state of the environment as if the operation were never attempted - modulo any possible trivial ancillary changes such as logging.
70
71
## Operations
72
73
OCI compliant runtimes MUST support the following operations, unless the operation is not supported by the base operating system.
74
75
Note: these operations are not specifying any command-line APIs, and the parameters are inputs for general operations.
77
### Query State
78
79
`state <container-id>`
80
81
This operation MUST generate an error if it is not provided the ID of a container.
82
Attempting to query a container that does not exist MUST generate an error.
83
This operation MUST return the state of a container as specified in the [State](#state) section.
84
85
### Create
87
`create <container-id> <path-to-bundle>`
88
89
This operation MUST generate an error if it is not provided a path to the bundle and the container ID to associate with the container.
90
If the ID provided is not unique across all containers within the scope of the runtime, or is not valid in any other way, the implementation MUST generate an error and a new container MUST NOT be created.
91
Using the data in [`config.json`](config.md), this operation MUST create a new container.
92
This means that all of the resources associated with the container MUST be created, however, the user-specified program MUST NOT be run at this time.
93
If the runtime cannot create the container as specified in [`config.json`](config.md), it MUST generate an error and a new container MUST NOT be created.
94
95
Upon successful completion of this operation the `status` property of this container MUST be `created`.
97
The runtime MAY validate `config.json` against this spec, either generically or with respect to the local system capabilities, before creating the container ([step 2](#lifecycle)).
98
Runtime callers who are interested in pre-create validation can run [bundle-validation tools](implementations.md#testing--tools) before invoking the create operation.
99
100
Any changes made to the [`config.json`](config.md) file after this operation will not have an effect on the container.
101
102
### Start
103
`start <container-id>`
105
This operation MUST generate an error if it is not provided the container ID.
106
Attempting to start a container that does not exist MUST generate an error.
107
Attempting to start an already started container MUST have no effect on the container and MUST generate an error.
108
This operation MUST run the user-specified program as specified by [`process`](config.md#process).
110
Upon successful completion of this operation the `status` property of this container MUST be `running`.
111
112
### Kill
113
`kill <container-id> <signal>`
115
This operation MUST generate an error if it is not provided the container ID.
116
Attempting to send a signal to a container that is not running MUST have no effect on the container and MUST generate an error.
117
This operation MUST send the specified signal to the process in the container.
119
When the process in the container is stopped, irrespective of it being as a result of a `kill` operation or any other reason, the `status` property of this container MUST be `stopped`.
120
121
### Delete
122
`delete <container-id>`
123
124
This operation MUST generate an error if it is not provided the container ID.
125
Attempting to delete a container that does not exist MUST generate an error.
126
Attempting to delete a container whose process is still running MUST generate an error.
127
Deleting a container MUST delete the resources that were created during the `create` step.
128
Note that resources associated with the container, but not created by this container, MUST NOT be deleted.
129
Once a container is deleted its ID MAY be used by a subsequent container.
132
## Hooks
133
Many of the operations specified in this specification have "hooks" that allow for additional actions to be taken before or after each operation.
134
See [runtime configuration for hooks](./config.md#hooks) for more information.