Documentation ¶
Index ¶
- Variables
- func AppContext(context gocontext.Context) (gocontext.Context, gocontext.CancelFunc)
- func CheckRuntime(current, expected string) bool
- func ContainerdCheckpoint(imagePath, id string) error
- func GetCgroupMounts(m *configs.Mount) ([]*configs.Mount, error)
- func Init()
- func IsAlreadyExists(err error) bool
- func NewNotifySocket(context *RuncOpts, notifySocketHost string, id string) *notifySocket
- func Restore(imgPath string, containerID string) error
- func Root() (string, error)
- func RuncRestore(imgPath string, containerId string, opts RuncOpts) error
- func StartContainer(context *RuncOpts, action CtAct, criuOpts *CriuOpts) (int, error)
- func WriteIntelRdtTasks(dir string, pid int) error
- type BaseState
- type CheckpointTaskInfo
- type CheckpointTaskOpts
- type Config
- type ContainerStateJson
- type CriuOpts
- type CtAct
- type Fields
- type IO
- type Manager
- type Process
- type RuncContainer
- type RuncOpts
- type Runner
- type State
- type Status
- type VethPairName
Constants ¶
This section is empty.
Variables ¶
var ( ErrUnknown = errors.New("unknown") // used internally to represent a missed mapping. ErrInvalidArgument = errors.New("invalid argument") ErrNotFound = errors.New("not found") ErrAlreadyExists = errors.New("already exists") ErrFailedPrecondition = errors.New("failed precondition") ErrNotImplemented = errors.New("not implemented") // represents not supported and unimplemented )
var ( ErrExist = errors.New("container with given ID already exists") ErrInvalidID = errors.New("invalid container ID format") ErrNotExist = errors.New("container does not exist") ErrPaused = errors.New("container paused") ErrRunning = errors.New("container still running") ErrNotRunning = errors.New("container not running") ErrNotPaused = errors.New("container not paused") )
Functions ¶
func AppContext ¶ added in v0.8.0
AppContext returns the context for a command. Should only be called once per command, near the start.
This will ensure the namespace is picked up and set the timeout, if one is defined.
func CheckRuntime ¶ added in v0.8.0
CheckRuntime returns true if the current runtime matches the expected runtime. Providing various parts of the runtime schema will match those parts of the expected runtime
func ContainerdCheckpoint ¶ added in v0.9.95
func GetCgroupMounts ¶ added in v0.8.0
func IsAlreadyExists ¶ added in v0.8.0
func NewNotifySocket ¶ added in v0.8.0
func RuncRestore ¶ added in v0.8.0
func StartContainer ¶ added in v0.8.0
func WriteIntelRdtTasks ¶ added in v0.8.0
WriteIntelRdtTasks writes the specified pid into the "tasks" file
Types ¶
type BaseState ¶ added in v0.8.0
type BaseState struct { // ID is the container ID. ID string `json:"id"` // InitProcessPid is the init process id in the parent namespace. InitProcessPid int `json:"init_process_pid"` // InitProcessStartTime is the init process start time in clock cycles since boot time. InitProcessStartTime uint64 `json:"init_process_start"` // Created is the unix timestamp for the creation time of the container in UTC Created time.Time `json:"created"` // Config is the container's configuration. Config configs.Config `json:"config"` }
type CheckpointTaskInfo ¶ added in v0.8.0
type CheckpointTaskInfo struct { Name string // ParentCheckpoint is the digest of a parent checkpoint ParentCheckpoint digest.Digest // Options hold runtime specific settings for checkpointing a task Options interface{} // contains filtered or unexported fields }
CheckpointTaskInfo allows specific checkpoint information to be set for the task
func (*CheckpointTaskInfo) Runtime ¶ added in v0.8.0
func (i *CheckpointTaskInfo) Runtime() string
Runtime name for the container
type CheckpointTaskOpts ¶ added in v0.8.0
type CheckpointTaskOpts func(*CheckpointTaskInfo) error
func WithCheckpointImagePath ¶ added in v0.8.0
func WithCheckpointImagePath(path string) CheckpointTaskOpts
WithCheckpointImagePath sets image path for checkpoint option
type Config ¶ added in v0.8.0
type Config struct { // BlockIOConfigFile specifies the path to blockio configuration file BlockIOConfigFile string `toml:"blockio_config_file" json:"blockioConfigFile"` // RdtConfigFile specifies the path to RDT configuration file RdtConfigFile string `toml:"rdt_config_file" json:"rdtConfigFile"` }
Config for the tasks service plugin
type ContainerStateJson ¶ added in v0.9.5
type ContainerStateJson struct { // Version is the OCI version for the container Version string `json:"ociVersion"` // ID is the container ID ID string `json:"id"` // InitProcessPid is the init process id in the parent namespace InitProcessPid int `json:"pid"` // Status is the current status of the container, running, paused, ... Status string `json:"status"` // Bundle is the path on the filesystem to the bundle Bundle string `json:"bundle"` // Rootfs is a path to a directory containing the container's root filesystem. Rootfs string `json:"rootfs"` // Created is the unix timestamp for the creation time of the container in UTC Created time.Time `json:"created"` // Annotations is the user defined annotations added to the config. Annotations map[string]string `json:"annotations,omitempty"` // The owner of the state directory (the owner of the container). Owner string `json:"owner"` }
func GetContainers ¶ added in v0.9.5
func GetContainers(root string) ([]ContainerStateJson, error)
type CriuOpts ¶
type CriuOpts struct { ImagesDirectory string // directory for storing image files WorkDirectory string // directory to cd and write logs/pidfiles/stats to ParentImage string // directory for storing parent image files in pre-dump and dump LeaveRunning bool // leave container in running state after checkpoint TcpEstablished bool // checkpoint/restore established TCP connections ExternalUnixConnections bool // allow external unix connections ShellJob bool // allow to dump and restore shell jobs FileLocks bool // handle file locks, for safety PreDump bool // call criu predump to perform iterative checkpoint VethPairs []VethPairName // pass the veth to criu when restore ManageCgroupsMode criurpc.CriuCgMode // dump or restore cgroup mode EmptyNs uint32 // don't c/r properties for namespace from this mask AutoDedup bool // auto deduplication for incremental dumps LazyPages bool // restore memory pages lazily using userfaultfd StatusFd int // fd for feedback when lazy server is ready LsmProfile string // LSM profile used to restore the container LsmMountContext string // LSM mount context value to use during restore External []string // ignore external namespaces MntnsCompatMode bool TcpClose bool }
Higher level CriuOptions that are used to turn on/off the flags passed to criu
type IO ¶ added in v0.9.5
type IO struct { Stdin io.WriteCloser Stdout io.ReadCloser Stderr io.ReadCloser }
type Manager ¶ added in v0.8.0
type Manager struct {
// contains filtered or unexported fields
}
func NewManager ¶ added in v0.8.0
NewManager returns a new instance of Manager, or nil if the Intel RDT functionality is not specified in the config, available from hardware or enabled in the kernel.
func (*Manager) Apply ¶ added in v0.8.0
Applies Intel RDT configuration to the process with the specified pid
func (*Manager) Destroy ¶ added in v0.8.0
Destroys the Intel RDT container-specific 'container_id' group
type Process ¶ added in v0.9.5
type Process struct { // The command to be run followed by any arguments. Args []string // Env specifies the environment variables for the process. Env []string // User will set the uid and gid of the executing process running inside the container // local to the container's user and group configuration. User string // AdditionalGroups specifies the gids that should be added to supplementary groups // in addition to those that the user belongs to. AdditionalGroups []string // Cwd will change the processes current working directory inside the container's rootfs. Cwd string // Stdin is a pointer to a reader which provides the standard input stream. Stdin io.Reader // Stdout is a pointer to a writer which receives the standard output stream. Stdout io.Writer // Stderr is a pointer to a writer which receives the standard error stream. Stderr io.Writer // ExtraFiles specifies additional open files to be inherited by the container ExtraFiles []*os.File // Initial sizings for the console ConsoleWidth uint16 ConsoleHeight uint16 // Capabilities specify the capabilities to keep when executing the process inside the container // All capabilities not specified will be dropped from the processes capability mask Capabilities *configs.Capabilities // AppArmorProfile specifies the profile to apply to the process and is // changed at the time the process is execed AppArmorProfile string // Label specifies the label to apply to the process. It is commonly used by selinux Label string // NoNewPrivileges controls whether processes can gain additional privileges. NoNewPrivileges *bool // Rlimits specifies the resource limits, such as max open files, to set in the container // If Rlimits are not set, the container will inherit rlimits from the parent process Rlimits []configs.Rlimit // ConsoleSocket provides the masterfd console. ConsoleSocket *os.File // Init specifies whether the process is the first process in the container. Init bool // LogLevel is a string containing a numeric representation of the current // log level (i.e. "4", but never "info"). It is passed on to runc init as // _LIBCONTAINER_LOGLEVEL environment variable. LogLevel string // SubCgroupPaths specifies sub-cgroups to run the process in. // Map keys are controller names, map values are paths (relative to // container's top-level cgroup). // // If empty, the default top-level container's cgroup is used. // // For cgroup v2, the only key allowed is "". SubCgroupPaths map[string]string // contains filtered or unexported fields }
func (*Process) InitializeIO ¶ added in v0.9.5
InitializeIO creates pipes for use with the process's stdio and returns the opposite side for each. Do not use this if you want to have a pseudoterminal set up for you by libcontainer (TODO: fix that too). TODO: This is mostly unnecessary, and should be handled by clients.
type RuncContainer ¶
type RuncContainer struct { Id string StateDir string Root string Pid int Config *configs.Config // standin for configs.Config from runc CgroupManager cgroups.Manager InitProcessStartTime uint64 InitProcess parentProcess M sync.Mutex CriuVersion int Created time.Time DockerConfig *dockerTypes.ContainerJSON IntelRdtManager *Manager State containerState }
func Create ¶ added in v0.9.5
func Create(root, id string, config *configs.Config) (*RuncContainer, error)
func CreateContainer ¶ added in v0.8.0
func CreateContainer(context *RuncOpts, id string, spec *specs.Spec) (*RuncContainer, error)
func GetContainerFromRunc ¶ added in v0.8.0
func GetContainerFromRunc(containerID string, root string) *RuncContainer
func (*RuncContainer) ID ¶ added in v0.9.5
func (c *RuncContainer) ID() string
ID returns the container's unique ID
func (*RuncContainer) RuncCheckpoint ¶
type State ¶ added in v0.8.0
type State struct { BaseState // Specified if the container was started under the rootless mode. // Set to true if BaseState.Config.RootlessEUID && BaseState.Config.RootlessCgroups Rootless bool `json:"rootless"` // Paths to all the container's cgroups, as returned by (*cgroups.Manager).GetPaths // // For cgroup v1, a key is cgroup subsystem name, and the value is the path // to the cgroup for this subsystem. // // For cgroup v2 unified hierarchy, a key is "", and the value is the unified path. CgroupPaths map[string]string `json:"cgroup_paths"` // NamespacePaths are filepaths to the container's namespaces. Key is the namespace type // with the value as the path. NamespacePaths map[configs.NamespaceType]string `json:"namespace_paths"` // Container's standard descriptors (std{in,out,err}), needed for checkpoint and restore ExternalDescriptors []string `json:"external_descriptors,omitempty"` // Intel RDT "resource control" filesystem path IntelRdtPath string `json:"intel_rdt_path"` }
type Status ¶ added in v0.8.0
type Status int
const ( // Created is the status that denotes the container exists but has not been run yet. Created Status = iota // Running is the status that denotes the container exists and is running. Running // Paused is the status that denotes the container exists, but all its processes are paused. Paused // Stopped is the status that denotes the container does not have a created or running process. Stopped )
type VethPairName ¶
this comes from runc, see github.com/cedana/runc they use an external CriuOpts struct that's populated