container

package
v0.9.99 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Apr 17, 2024 License: AGPL-3.0 Imports: 88 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

View Source 
var (
	ErrUnknown            = errors.New("unknown") // used internally to represent a missed mapping.
	ErrInvalidArgument    = errors.New("invalid argument")
	ErrNotFound           = errors.New("not found")
	ErrAlreadyExists      = errors.New("already exists")
	ErrFailedPrecondition = errors.New("failed precondition")
	ErrUnavailable        = errors.New("unavailable")
	ErrNotImplemented     = errors.New("not implemented") // represents not supported and unimplemented
)
View Source 
var (
	ErrExist      = errors.New("container with given ID already exists")
	ErrInvalidID  = errors.New("invalid container ID format")
	ErrNotExist   = errors.New("container does not exist")
	ErrPaused     = errors.New("container paused")
	ErrRunning    = errors.New("container still running")
	ErrNotRunning = errors.New("container not running")
	ErrNotPaused  = errors.New("container not paused")
)

Functions

func AppContext added in v0.8.0 

func AppContext(context gocontext.Context) (gocontext.Context, gocontext.CancelFunc)

AppContext returns the context for a command. Should only be called once per command, near the start.

This will ensure the namespace is picked up and set the timeout, if one is defined.

func CheckRuntime added in v0.8.0 

func CheckRuntime(current, expected string) bool

CheckRuntime returns true if the current runtime matches the expected runtime. Providing various parts of the runtime schema will match those parts of the expected runtime

func ContainerdCheckpoint added in v0.9.95 

func ContainerdCheckpoint(imagePath, id string) error

func GetCgroupMounts added in v0.8.0 

func GetCgroupMounts(m *configs.Mount) ([]*configs.Mount, error)

func Init added in v0.8.0 

func Init()

func IsAlreadyExists added in v0.8.0 

func IsAlreadyExists(err error) bool

func NewNotifySocket added in v0.8.0 

func NewNotifySocket(context *RuncOpts, notifySocketHost string, id string) *notifySocket

func Restore added in v0.8.0 

func Restore(imgPath string, containerID string) error

func Root added in v0.8.0 

func Root() (string, error)

Root returns the Intel RDT "resource control" filesystem mount point.

func RuncRestore added in v0.8.0 

func RuncRestore(imgPath string, containerId string, opts RuncOpts) error

func StartContainer added in v0.8.0 

func StartContainer(context *RuncOpts, action CtAct, criuOpts *CriuOpts) (int, error)

func WriteIntelRdtTasks added in v0.8.0 

func WriteIntelRdtTasks(dir string, pid int) error

WriteIntelRdtTasks writes the specified pid into the "tasks" file

Types

type BaseState added in v0.8.0 

type BaseState struct {
	// ID is the container ID.
	ID string `json:"id"`

	// InitProcessPid is the init process id in the parent namespace.
	InitProcessPid int `json:"init_process_pid"`

	// InitProcessStartTime is the init process start time in clock cycles since boot time.
	InitProcessStartTime uint64 `json:"init_process_start"`

	// Created is the unix timestamp for the creation time of the container in UTC
	Created time.Time `json:"created"`

	// Config is the container's configuration.
	Config configs.Config `json:"config"`
}

type CheckpointTaskInfo added in v0.8.0 

type CheckpointTaskInfo struct {
	Name string
	// ParentCheckpoint is the digest of a parent checkpoint
	ParentCheckpoint digest.Digest
	// Options hold runtime specific settings for checkpointing a task
	Options interface{}
	// contains filtered or unexported fields
}

CheckpointTaskInfo allows specific checkpoint information to be set for the task

func (*CheckpointTaskInfo) Runtime added in v0.8.0 

func (i *CheckpointTaskInfo) Runtime() string

Runtime name for the container

type CheckpointTaskOpts added in v0.8.0 

type CheckpointTaskOpts func(*CheckpointTaskInfo) error

func WithCheckpointImagePath added in v0.8.0 

func WithCheckpointImagePath(path string) CheckpointTaskOpts

WithCheckpointImagePath sets image path for checkpoint option

type Config added in v0.8.0 

type Config struct {
	// BlockIOConfigFile specifies the path to blockio configuration file
	BlockIOConfigFile string `toml:"blockio_config_file" json:"blockioConfigFile"`
	// RdtConfigFile specifies the path to RDT configuration file
	RdtConfigFile string `toml:"rdt_config_file" json:"rdtConfigFile"`
}

Config for the tasks service plugin

type ContainerStateJson added in v0.9.5 

type ContainerStateJson struct {
	// Version is the OCI version for the container
	Version string `json:"ociVersion"`
	// ID is the container ID
	ID string `json:"id"`
	// InitProcessPid is the init process id in the parent namespace
	InitProcessPid int `json:"pid"`
	// Status is the current status of the container, running, paused, ...
	Status string `json:"status"`
	// Bundle is the path on the filesystem to the bundle
	Bundle string `json:"bundle"`
	// Rootfs is a path to a directory containing the container's root filesystem.
	Rootfs string `json:"rootfs"`
	// Created is the unix timestamp for the creation time of the container in UTC
	Created time.Time `json:"created"`
	// Annotations is the user defined annotations added to the config.
	Annotations map[string]string `json:"annotations,omitempty"`
	// The owner of the state directory (the owner of the container).
	Owner string `json:"owner"`
}

func GetContainers added in v0.9.5 

func GetContainers(root string) ([]ContainerStateJson, error)

type CriuOpts 

type CriuOpts struct {
	ImagesDirectory         string             // directory for storing image files
	WorkDirectory           string             // directory to cd and write logs/pidfiles/stats to
	ParentImage             string             // directory for storing parent image files in pre-dump and dump
	LeaveRunning            bool               // leave container in running state after checkpoint
	TcpEstablished          bool               // checkpoint/restore established TCP connections
	ExternalUnixConnections bool               // allow external unix connections
	ShellJob                bool               // allow to dump and restore shell jobs
	FileLocks               bool               // handle file locks, for safety
	PreDump                 bool               // call criu predump to perform iterative checkpoint
	VethPairs               []VethPairName     // pass the veth to criu when restore
	ManageCgroupsMode       criurpc.CriuCgMode // dump or restore cgroup mode
	EmptyNs                 uint32             // don't c/r properties for namespace from this mask
	AutoDedup               bool               // auto deduplication for incremental dumps
	LazyPages               bool               // restore memory pages lazily using userfaultfd
	StatusFd                int                // fd for feedback when lazy server is ready
	LsmProfile              string             // LSM profile used to restore the container
	LsmMountContext         string             // LSM mount context value to use during restore
	External                []string           // ignore external namespaces
	MntnsCompatMode         bool
	TcpClose                bool
}

Higher level CriuOptions that are used to turn on/off the flags passed to criu

type CtAct added in v0.8.0 

type CtAct uint8
const (
	CT_ACT_CREATE CtAct = iota + 1
	CT_ACT_RUN
	CT_ACT_RESTORE
)

type Fields added in v0.8.0 

type Fields map[string]interface{}

type IO added in v0.9.5 

type IO struct {
	Stdin  io.WriteCloser
	Stdout io.ReadCloser
	Stderr io.ReadCloser
}

type Manager added in v0.8.0 

type Manager struct {
	// contains filtered or unexported fields
}

func NewManager added in v0.8.0 

func NewManager(config *configs.Config, id string, path string) *Manager

NewManager returns a new instance of Manager, or nil if the Intel RDT functionality is not specified in the config, available from hardware or enabled in the kernel.

func (*Manager) Apply added in v0.8.0 

func (m *Manager) Apply(pid int) (err error)

Applies Intel RDT configuration to the process with the specified pid

func (*Manager) Destroy added in v0.8.0 

func (m *Manager) Destroy() error

Destroys the Intel RDT container-specific 'container_id' group

func (*Manager) GetPath added in v0.8.0 

func (m *Manager) GetPath() string

Returns Intel RDT path to save in a state file and to be able to restore the object later

func (*Manager) Set added in v0.8.0 

func (m *Manager) Set(container *configs.Config) error

Set Intel RDT "resource control" filesystem as configured.

type Process added in v0.9.5 

type Process struct {
	// The command to be run followed by any arguments.
	Args []string

	// Env specifies the environment variables for the process.
	Env []string

	// User will set the uid and gid of the executing process running inside the container
	// local to the container's user and group configuration.
	User string

	// AdditionalGroups specifies the gids that should be added to supplementary groups
	// in addition to those that the user belongs to.
	AdditionalGroups []string

	// Cwd will change the processes current working directory inside the container's rootfs.
	Cwd string

	// Stdin is a pointer to a reader which provides the standard input stream.
	Stdin io.Reader

	// Stdout is a pointer to a writer which receives the standard output stream.
	Stdout io.Writer

	// Stderr is a pointer to a writer which receives the standard error stream.
	Stderr io.Writer

	// ExtraFiles specifies additional open files to be inherited by the container
	ExtraFiles []*os.File

	// Initial sizings for the console
	ConsoleWidth  uint16
	ConsoleHeight uint16

	// Capabilities specify the capabilities to keep when executing the process inside the container
	// All capabilities not specified will be dropped from the processes capability mask
	Capabilities *configs.Capabilities

	// AppArmorProfile specifies the profile to apply to the process and is
	// changed at the time the process is execed
	AppArmorProfile string

	// Label specifies the label to apply to the process.  It is commonly used by selinux
	Label string

	// NoNewPrivileges controls whether processes can gain additional privileges.
	NoNewPrivileges *bool

	// Rlimits specifies the resource limits, such as max open files, to set in the container
	// If Rlimits are not set, the container will inherit rlimits from the parent process
	Rlimits []configs.Rlimit

	// ConsoleSocket provides the masterfd console.
	ConsoleSocket *os.File

	// Init specifies whether the process is the first process in the container.
	Init bool

	// LogLevel is a string containing a numeric representation of the current
	// log level (i.e. "4", but never "info"). It is passed on to runc init as
	// _LIBCONTAINER_LOGLEVEL environment variable.
	LogLevel string

	// SubCgroupPaths specifies sub-cgroups to run the process in.
	// Map keys are controller names, map values are paths (relative to
	// container's top-level cgroup).
	//
	// If empty, the default top-level container's cgroup is used.
	//
	// For cgroup v2, the only key allowed is "".
	SubCgroupPaths map[string]string
	// contains filtered or unexported fields
}

func (*Process) InitializeIO added in v0.9.5 

func (p *Process) InitializeIO(rootuid, rootgid int) (i *IO, err error)

InitializeIO creates pipes for use with the process's stdio and returns the opposite side for each. Do not use this if you want to have a pseudoterminal set up for you by libcontainer (TODO: fix that too). TODO: This is mostly unnecessary, and should be handled by clients.

func (Process) Pid added in v0.9.5 

func (p Process) Pid() (int, error)

Pid returns the process ID

func (Process) Signal added in v0.9.5 

func (p Process) Signal(sig os.Signal) error

Signal sends a signal to the Process.

func (Process) Wait added in v0.9.5 

func (p Process) Wait() (*os.ProcessState, error)

Wait waits for the process to exit. Wait releases any resources associated with the Process

type RuncContainer 

type RuncContainer struct {
	Id                   string
	StateDir             string
	Root                 string
	Pid                  int
	Config               *configs.Config // standin for configs.Config from runc
	CgroupManager        cgroups.Manager
	InitProcessStartTime uint64
	InitProcess          parentProcess
	M                    sync.Mutex
	CriuVersion          int
	Created              time.Time
	DockerConfig         *dockerTypes.ContainerJSON
	IntelRdtManager      *Manager
	State                containerState
}

func Create added in v0.9.5 

func Create(root, id string, config *configs.Config) (*RuncContainer, error)

func CreateContainer added in v0.8.0 

func CreateContainer(context *RuncOpts, id string, spec *specs.Spec) (*RuncContainer, error)

func GetContainerFromRunc added in v0.8.0 

func GetContainerFromRunc(containerID string, root string) *RuncContainer

func (*RuncContainer) ID added in v0.9.5 

func (c *RuncContainer) ID() string

ID returns the container's unique ID

func (*RuncContainer) Restore added in v0.9.5 

func (c *RuncContainer) Restore(process *Process, criuOpts *CriuOpts, runcRoot string, bundle string, netPid int) error

func (*RuncContainer) RuncCheckpoint 

func (c *RuncContainer) RuncCheckpoint(criuOpts *CriuOpts, pid int, runcRoot string, pauseConfig *configs.Config) error

type RuncOpts added in v0.8.0 

type RuncOpts struct {
	Root            string
	ContainerId     string
	Bundle          string
	SystemdCgroup   bool
	NoPivot         bool
	NoMountFallback bool
	NoNewKeyring    bool
	Rootless        string
	NoSubreaper     bool
	Keep            bool
	ConsoleSocket   string
	Detatch         bool
	PidFile         string
	PreserveFds     int
	Pid             int
	NetPid          int
}

type Runner added in v0.8.0 

type Runner struct {
	// contains filtered or unexported fields
}

func (*Runner) Run added in v0.8.0 

func (r *Runner) Run(config *specs.Process, runcRoot string) (int, error)

type State added in v0.8.0 

type State struct {
	BaseState

	// Specified if the container was started under the rootless mode.
	// Set to true if BaseState.Config.RootlessEUID && BaseState.Config.RootlessCgroups
	Rootless bool `json:"rootless"`

	// Paths to all the container's cgroups, as returned by (*cgroups.Manager).GetPaths
	//
	// For cgroup v1, a key is cgroup subsystem name, and the value is the path
	// to the cgroup for this subsystem.
	//
	// For cgroup v2 unified hierarchy, a key is "", and the value is the unified path.
	CgroupPaths map[string]string `json:"cgroup_paths"`

	// NamespacePaths are filepaths to the container's namespaces. Key is the namespace type
	// with the value as the path.
	NamespacePaths map[configs.NamespaceType]string `json:"namespace_paths"`

	// Container's standard descriptors (std{in,out,err}), needed for checkpoint and restore
	ExternalDescriptors []string `json:"external_descriptors,omitempty"`

	// Intel RDT "resource control" filesystem path
	IntelRdtPath string `json:"intel_rdt_path"`
}

type Status added in v0.8.0 

type Status int
const (
	// Created is the status that denotes the container exists but has not been run yet.
	Created Status = iota
	// Running is the status that denotes the container exists and is running.
	Running
	// Paused is the status that denotes the container exists, but all its processes are paused.
	Paused
	// Stopped is the status that denotes the container does not have a created or running process.
	Stopped
)

func (Status) String added in v0.9.5 

func (s Status) String() string

type VethPairName 

type VethPairName struct {
	ContainerInterfaceName string
	HostInterfaceName      string
}

this comes from runc, see github.com/cedana/runc they use an external CriuOpts struct that's populated

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.