Documentation ¶
Overview ¶
Package lxcri provides an OCI specific runtime interface for lxc.
Index ¶
- Constants
- Variables
- type Container
- func (c Container) ConfigFilePath() string
- func (c *Container) ContainerState() (specs.ContainerState, error)
- func (c *Container) Exec(proc *specs.Process, execOpts *ExecOptions) (exitStatus int, err error)
- func (c *Container) ExecDetached(proc *specs.Process, execOpts *ExecOptions) (pid int, err error)
- func (c *Container) Release() error
- func (c Container) RuntimePath(subPath ...string) string
- func (c *Container) SetLog(filename string, level string) error
- func (c *Container) State() (*State, error)
- type ContainerConfig
- type ExecOptions
- type Runtime
- func (rt *Runtime) Create(ctx context.Context, cfg *ContainerConfig) (*Container, error)
- func (rt *Runtime) Delete(ctx context.Context, containerID string, force bool) error
- func (rt *Runtime) Init() error
- func (rt *Runtime) Kill(ctx context.Context, c *Container, signum unix.Signal) error
- func (rt *Runtime) List() ([]string, error)
- func (rt *Runtime) Load(containerID string) (*Container, error)
- func (rt *Runtime) Start(ctx context.Context, c *Container) error
- type RuntimeFeatures
- type State
Constants ¶
const ( // BundleConfigFile is the name of the OCI container bundle config file. // The content is the JSON encoded specs.Spec. BundleConfigFile = "config.json" )
Variables ¶
var ( // ExecStart starts the liblxc monitor process, similar to lxc-start ExecStart = "lxcri-start" // ExecHook is run as liblxc hook and creates additional devices and remounts masked paths. ExecHook = "lxcri-hook" ExecHookBuiltin = "lxcri-hook-builtin" // ExecInit is the container init process that execs the container process. ExecInit = "lxcri-init" )
Required runtime executables loaded from Runtime.LibexecDir
var ( // ErrNotExist is returned if the container (runtime dir) does not exist. ErrNotExist = fmt.Errorf("container does not exist") )
Functions ¶
This section is empty.
Types ¶
type Container ¶
type Container struct { LinuxContainer *lxc.Container `json:"-"` *ContainerConfig CreatedAt time.Time // Pid is the process ID of the liblxc monitor process ( see ExecStart ) Pid int // contains filtered or unexported fields }
Container is the runtime state of a container instance.
func (Container) ConfigFilePath ¶
ConfigFilePath returns the path to the liblxc config file.
func (*Container) ContainerState ¶
ContainerState returns the current state of the container process, as defined by the OCI runtime spec.
func (*Container) Exec ¶
func (c *Container) Exec(proc *specs.Process, execOpts *ExecOptions) (exitStatus int, err error)
Exec executes the given process spec within the container. It waits for the process to exit and returns its exit code. The container state must either be specs.StateCreated or specs.StateRunning The given ExecOptions execOpts control the execution environment of the the process.
func (*Container) ExecDetached ¶
func (c *Container) ExecDetached(proc *specs.Process, execOpts *ExecOptions) (pid int, err error)
ExecDetached executes the given process spec within the container. The given process is started and the process PID is returned. It's up to the caller to wait for the process to exit using the returned PID. The container state must be either specs.StateCreated or specs.StateRunning The given ExecOptions execOpts, control the execution environment of the the process.
func (Container) RuntimePath ¶
RuntimePath returns the absolute path to the given sub path within the container runtime directory.
type ContainerConfig ¶
type ContainerConfig struct { // The Spec used to generate the liblxc config file. // Any changes to the spec after creating the liblxc config file have no effect // and should be avoided. // NOTE The Spec must be serialized with the runtime config (lxcri.json) // This is required because Spec.Annotations are required for Container.State() // and spec.Namespaces are required for attach. Spec *specs.Spec // ContainerID is the identifier of the container. // The ContainerID is used as name for the containers runtime directory. // The ContainerID must be unique at least through all containers of a runtime. // The ContainerID should match the following pattern `[a-z][a-z0-9-_]+` ContainerID string // BundlePath is the OCI bundle path. BundlePath string ConsoleSocket string `json:",omitempty"` // MonitorCgroupDir is the cgroup directory path // for the liblxc monitor process `lxcri-start` // relative to the cgroup root. MonitorCgroupDir string CgroupDir string // LogFile is the liblxc log file path LogFile string // LogLevel is the liblxc log level LogLevel string // Log is the container Logger Log zerolog.Logger `json:"-"` }
ContainerConfig is the configuration for a single Container instance.
type ExecOptions ¶ added in v0.12.1
type ExecOptions struct { // Namespaces is the list of container namespaces that the process is attached to. // The process will is attached to all container namespaces if Namespaces is empty. Namespaces []specs.LinuxNamespaceType }
ExecOptions contains options for Container.Exec and Container.ExecDetached
type Runtime ¶
type Runtime struct { // Log is the logger used by the runtime. Log zerolog.Logger `json:"-"` // Root is the file path to the runtime directory. // Directories for containers created by the runtime // are created within this directory. Root string // Use systemd encoded cgroup path (from crio-o/conmon) // is true if /etc/crio/crio.conf#cgroup_manager = "systemd" SystemdCgroup bool // Path for lxc monitor cgroup (lxc specific feature). // This is the cgroup where the liblxc monitor process (lxcri-start) // will be placed in. It's similar to /etc/crio/crio.conf#conmon_cgroup MonitorCgroup string // LibexecDir is the the directory that contains the runtime executables. LibexecDir string // Featuress are runtime (security) features that apply to all containers // created by the runtime. Features RuntimeFeatures specs.Hooks // contains filtered or unexported fields }
Runtime is a factory for creating and managing containers. The exported methods of Runtime are required to implement the OCI container runtime interface spec (CRI). It shares the common settings
func (*Runtime) Create ¶
Create creates a single container instance from the given ContainerConfig. Create is the first runtime method to call within the lifecycle of a container. A created Container must be released with Container.Release after use. You should call Runtime.Delete to cleanup container runtime state, even if the Create returned with an error.
func (*Runtime) Delete ¶
Delete removes the container from the runtime directory. The container must be stopped or force must be set to true. If the container is not stopped but force is set to true, the container will be killed with unix.SIGKILL.
func (*Runtime) Init ¶
Init initializes the runtime instance. It creates required directories and checks the runtimes system configuration. Unsupported runtime features are disabled and a warning message is logged. Init must be called once for a runtime instance before calling any other method.
type RuntimeFeatures ¶
RuntimeFeatures are (security) features supported by the Runtime. The supported features are enabled on any Container instance created by Runtime.Create.