lib

package
v1.10.0 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Mar 29, 2018 License: Apache-2.0 Imports: 36 Imported by: 0

Documentation

Index

Constants

View Source
const (
	// DefaultPidsLimit is the default value for maximum number of processes
	// allowed inside a container
	DefaultPidsLimit = 1024

	// DefaultLogSizeMax is the default value for the maximum log size
	// allowed for a container. Negative values mean that no limit is imposed.
	DefaultLogSizeMax = -1
)
View Source
const (
	// DefaultHooksDirPath Default directory containing hooks config files
	DefaultHooksDirPath = "/usr/share/containers/oci/hooks.d"
	// OverrideHooksDirPath Directory where admin can override the default configuration
	OverrideHooksDirPath = "/etc/containers/oci/hooks.d"
)

Variables

This section is empty.

Functions

This section is empty.

Types

type Config

Config represents the entire set of configuration values that can be set for the server. This is intended to be loaded from a toml-encoded config file.

func DefaultConfig

func DefaultConfig() *Config

DefaultConfig returns the default configuration for crio.

func (*Config) ToFile

func (c *Config) ToFile(path string) error

ToFile outputs the given Config as a TOML-encoded file at the given path. Returns errors encountered when generating or writing the file, or nil otherwise.

func (*Config) UpdateFromFile

func (c *Config) UpdateFromFile(path string) error

UpdateFromFile populates the Config from the TOML-encoded file at the given path. Returns errors encountered when reading or parsing the files, or nil otherwise.

type ContainerServer

type ContainerServer struct {
	// contains filtered or unexported fields
}

ContainerServer implements the ImageServer

func New

func New(config *Config) (*ContainerServer, error)

New creates a new ContainerServer with options provided

func (*ContainerServer) AddContainer

func (c *ContainerServer) AddContainer(ctr *oci.Container)

AddContainer adds a container to the container state store

func (*ContainerServer) AddHook added in v1.10.0

func (c *ContainerServer) AddHook(hookPath string)

AddHook adds an hook by hook's path

func (*ContainerServer) AddInfraContainer

func (c *ContainerServer) AddInfraContainer(ctr *oci.Container)

AddInfraContainer adds a container to the container state store

func (*ContainerServer) AddSandbox

func (c *ContainerServer) AddSandbox(sb *sandbox.Sandbox)

AddSandbox adds a sandbox to the sandbox state store

func (*ContainerServer) Config

func (c *ContainerServer) Config() *Config

Config gets the configuration for the ContainerServer

func (*ContainerServer) ContainerKill

func (c *ContainerServer) ContainerKill(container string, killSignal syscall.Signal) (string, error)

ContainerKill sends the user provided signal to the containers primary process.

func (*ContainerServer) ContainerPause

func (c *ContainerServer) ContainerPause(container string) (string, error)

ContainerPause pauses a running container.

func (*ContainerServer) ContainerRename

func (c *ContainerServer) ContainerRename(container, name string) error

ContainerRename renames the given container

func (*ContainerServer) ContainerStateFromDisk

func (c *ContainerServer) ContainerStateFromDisk(ctr *oci.Container) error

ContainerStateFromDisk retrieves information on the state of a running container from the disk

func (*ContainerServer) ContainerStateToDisk

func (c *ContainerServer) ContainerStateToDisk(ctr *oci.Container) error

ContainerStateToDisk writes the container's state information to a JSON file on disk

func (*ContainerServer) ContainerStop

func (c *ContainerServer) ContainerStop(ctx context.Context, container string, timeout int64) (string, error)

ContainerStop stops a running container with a grace period (i.e., timeout).

func (*ContainerServer) ContainerUnpause

func (c *ContainerServer) ContainerUnpause(container string) (string, error)

ContainerUnpause unpauses a running container with a grace period (i.e., timeout).

func (*ContainerServer) ContainerWait

func (c *ContainerServer) ContainerWait(container string) (int32, error)

ContainerWait stops a running container with a grace period (i.e., timeout).

func (*ContainerServer) CtrIDIndex

func (c *ContainerServer) CtrIDIndex() *truncindex.TruncIndex

CtrIDIndex returns the TruncIndex for the ContainerServer

func (*ContainerServer) CtrNameIndex

func (c *ContainerServer) CtrNameIndex() *registrar.Registrar

CtrNameIndex returns the Registrar for the ContainerServer

func (*ContainerServer) GetContainer

func (c *ContainerServer) GetContainer(id string) *oci.Container

GetContainer returns a container by its ID

func (*ContainerServer) GetContainerFromShortID added in v1.10.0

func (c *ContainerServer) GetContainerFromShortID(cid string) (*oci.Container, error)

GetContainerFromShortID gets an oci container matching the specified full or partial id

func (*ContainerServer) GetContainerRootFsSize

func (c *ContainerServer) GetContainerRootFsSize(containerID string) (int64, error)

GetContainerRootFsSize gets the size of the container's root filesystem A container FS is split into two parts. The first is the top layer, a mutable layer, and the rest is the RootFS: the set of immutable layers that make up the image on which the container is based

func (*ContainerServer) GetContainerRwSize

func (c *ContainerServer) GetContainerRwSize(containerID string) (int64, error)

GetContainerRwSize Gets the size of the mutable top layer of the container

func (*ContainerServer) GetContainerStats

func (c *ContainerServer) GetContainerStats(ctr *oci.Container, previousStats *ContainerStats) (*ContainerStats, error)

GetContainerStats gets the running stats for a given container

func (*ContainerServer) GetContainerTopLayerID

func (c *ContainerServer) GetContainerTopLayerID(containerID string) (string, error)

GetContainerTopLayerID gets the ID of the top layer of the given container

func (*ContainerServer) GetInfraContainer

func (c *ContainerServer) GetInfraContainer(id string) *oci.Container

GetInfraContainer returns a container by its ID

func (*ContainerServer) GetLogs

func (c *ContainerServer) GetLogs(container string, logChan chan string, opts LogOptions) error

GetLogs gets each line of a log file and, if it matches the criteria in logOptions, sends it down logChan

func (*ContainerServer) GetSandbox

func (c *ContainerServer) GetSandbox(id string) *sandbox.Sandbox

GetSandbox returns a sandbox by its ID

func (*ContainerServer) GetSandboxContainer

func (c *ContainerServer) GetSandboxContainer(id string) *oci.Container

GetSandboxContainer returns a sandbox's infra container

func (*ContainerServer) GetStorageContainer

func (c *ContainerServer) GetStorageContainer(container string) (*cstorage.Container, error)

GetStorageContainer searches for a container with the given name or ID in the given store

func (*ContainerServer) HasContainer

func (c *ContainerServer) HasContainer(id string) bool

HasContainer checks if a container exists in the state

func (*ContainerServer) HasSandbox

func (c *ContainerServer) HasSandbox(id string) bool

HasSandbox checks if a sandbox exists in the state

func (*ContainerServer) Hooks

func (c *ContainerServer) Hooks() map[string]HookParams

Hooks returns the oci hooks for the ContainerServer

func (*ContainerServer) ImageContext

func (c *ContainerServer) ImageContext() *types.SystemContext

ImageContext returns the SystemContext for the ContainerServer

func (*ContainerServer) ListContainers

func (c *ContainerServer) ListContainers(filters ...func(*oci.Container) bool) ([]*oci.Container, error)

ListContainers returns a list of all containers stored by the server state that match the given filter function

func (*ContainerServer) ListSandboxes

func (c *ContainerServer) ListSandboxes() []*sandbox.Sandbox

ListSandboxes lists all sandboxes in the state store

func (*ContainerServer) LoadContainer

func (c *ContainerServer) LoadContainer(id string) error

LoadContainer loads a container from the disk into the container store

func (*ContainerServer) LoadSandbox

func (c *ContainerServer) LoadSandbox(id string) error

LoadSandbox loads a sandbox from the disk into the sandbox store

func (*ContainerServer) LookupContainer

func (c *ContainerServer) LookupContainer(idOrName string) (*oci.Container, error)

LookupContainer returns the container with the given name or full or partial id

func (*ContainerServer) LookupSandbox

func (c *ContainerServer) LookupSandbox(idOrName string) (*sandbox.Sandbox, error)

LookupSandbox returns the pod sandbox with the given name or full or partial id

func (*ContainerServer) PodIDIndex

func (c *ContainerServer) PodIDIndex() *truncindex.TruncIndex

PodIDIndex returns the index of pod IDs

func (*ContainerServer) PodNameIndex

func (c *ContainerServer) PodNameIndex() *registrar.Registrar

PodNameIndex returns the index of pod names

func (*ContainerServer) ReleaseContainerName

func (c *ContainerServer) ReleaseContainerName(name string)

ReleaseContainerName releases a container name from the index so that it can be used by other containers

func (*ContainerServer) ReleasePodName

func (c *ContainerServer) ReleasePodName(name string)

ReleasePodName releases a pod name from the index so it can be used by other pods

func (*ContainerServer) Remove

func (c *ContainerServer) Remove(ctx context.Context, container string, force bool) (string, error)

Remove removes a container

func (*ContainerServer) RemoveContainer

func (c *ContainerServer) RemoveContainer(ctr *oci.Container)

RemoveContainer removes a container from the container state store

func (*ContainerServer) RemoveHook added in v1.10.0

func (c *ContainerServer) RemoveHook(hook string)

RemoveHook removes an hook by name

func (*ContainerServer) RemoveInfraContainer

func (c *ContainerServer) RemoveInfraContainer(ctr *oci.Container)

RemoveInfraContainer removes a container from the container state store

func (*ContainerServer) RemoveSandbox

func (c *ContainerServer) RemoveSandbox(id string)

RemoveSandbox removes a sandbox from the state store

func (*ContainerServer) ReserveContainerName

func (c *ContainerServer) ReserveContainerName(id, name string) (string, error)

ReserveContainerName holds a name for a container that is being created

func (*ContainerServer) ReservePodName

func (c *ContainerServer) ReservePodName(id, name string) (string, error)

ReservePodName holds a name for a pod that is being created

func (*ContainerServer) Runtime

func (c *ContainerServer) Runtime() *oci.Runtime

Runtime returns the oci runtime for the ContainerServer

func (*ContainerServer) Shutdown

func (c *ContainerServer) Shutdown() error

Shutdown attempts to shut down the server's storage cleanly

func (*ContainerServer) StorageImageServer

func (c *ContainerServer) StorageImageServer() storage.ImageServer

StorageImageServer returns the ImageServer for the ContainerServer

func (*ContainerServer) StorageRuntimeServer

func (c *ContainerServer) StorageRuntimeServer() storage.RuntimeServer

StorageRuntimeServer gets the runtime server for the ContainerServer

func (*ContainerServer) Store

func (c *ContainerServer) Store() cstorage.Store

Store returns the Store for the ContainerServer

func (*ContainerServer) Update

func (c *ContainerServer) Update() error

Update makes changes to the server's state (lists of pods and containers) to reflect the list of pods and containers that are stored on disk, possibly having been modified by other parties

type ContainerStats

type ContainerStats struct {
	Container   string
	CPU         float64
	CPUNano     uint64
	SystemNano  int64
	MemUsage    uint64
	MemLimit    uint64
	MemPerc     float64
	NetInput    uint64
	NetOutput   uint64
	BlockInput  uint64
	BlockOutput uint64
	PIDs        uint64
}

ContainerStats contains the statistics information for a running container

type HookParams

type HookParams struct {
	Hook          string   `json:"hook"`
	Stage         []string `json:"stage"`
	Cmds          []string `json:"cmd"`
	Annotations   []string `json:"annotation"`
	HasBindMounts bool     `json:"hasbindmounts"`
	Arguments     []string `json:"arguments"`
}

HookParams is the structure returned from read the hooks configuration

type ImageConfig

type ImageConfig struct {
	// DefaultTransport is a value we prefix to image names that fail to
	// validate source references.
	DefaultTransport string `toml:"default_transport"`
	// PauseImage is the name of an image which we use to instantiate infra
	// containers.
	PauseImage string `toml:"pause_image"`
	// PauseCommand is the path of the binary we run in an infra
	// container that's been instantiated using PauseImage.
	PauseCommand string `toml:"pause_command"`
	// SignaturePolicyPath is the name of the file which decides what sort
	// of policy we use when deciding whether or not to trust an image that
	// we've pulled.  Outside of testing situations, it is strongly advised
	// that this be left unspecified so that the default system-wide policy
	// will be used.
	SignaturePolicyPath string `toml:"signature_policy"`
	// InsecureRegistries is a list of registries that must be contacted w/o
	// TLS verification.
	InsecureRegistries []string `toml:"insecure_registries"`
	// ImageVolumes controls how volumes specified in image config are handled
	ImageVolumes ImageVolumesType `toml:"image_volumes"`
	// Registries holds a list of registries used to pull unqualified images
	Registries []string `toml:"registries"`
}

ImageConfig represents the "crio.image" TOML config table.

type ImageVolumesType

type ImageVolumesType string

ImageVolumesType describes image volume handling strategies

const (
	// ImageVolumesMkdir option is for using mkdir to handle image volumes
	ImageVolumesMkdir ImageVolumesType = "mkdir"
	// ImageVolumesIgnore option is for ignoring image volumes altogether
	ImageVolumesIgnore ImageVolumesType = "ignore"
	// ImageVolumesBind option is for using bind mounted volumes
	ImageVolumesBind ImageVolumesType = "bind"
)

type LogOptions

type LogOptions struct {
	Details   bool
	Follow    bool
	SinceTime time.Time
	Tail      uint64
}

LogOptions contains all of the options for displaying logs in podman

type NetworkConfig

type NetworkConfig struct {
	// NetworkDir is where CNI network configuration files are stored.
	NetworkDir string `toml:"network_dir"`

	// PluginDir is where CNI plugin binaries are stored.
	PluginDir string `toml:"plugin_dir"`
}

NetworkConfig represents the "crio.network" TOML config table

type RootConfig

type RootConfig struct {
	// Root is a path to the "root directory" where data not
	// explicitly handled by other options will be stored.
	Root string `toml:"root"`

	// RunRoot is a path to the "run directory" where state information not
	// explicitly handled by other options will be stored.
	RunRoot string `toml:"runroot"`

	// Storage is the name of the storage driver which handles actually
	// storing the contents of containers.
	Storage string `toml:"storage_driver"`

	// StorageOption is a list of storage driver specific options.
	StorageOptions []string `toml:"storage_option"`

	// LogDir is the default log directory were all logs will go unless kubelet
	// tells us to put them somewhere else.
	LogDir string `toml:"log_dir"`

	// FileLocking specifies whether to use file-based or in-memory locking
	// File-based locking is required when multiple users of lib are
	// present on the same system
	FileLocking bool `toml:"file_locking"`
}

RootConfig represents the root of the "crio" TOML config table.

type RuntimeConfig

type RuntimeConfig struct {
	// Runtime is the OCI compatible runtime used for trusted container workloads.
	// This is a mandatory setting as this runtime will be the default one and
	// will also be used for untrusted container workloads if
	// RuntimeUntrustedWorkload is not set.
	Runtime string `toml:"runtime"`

	// RuntimeUntrustedWorkload is the OCI compatible runtime used for untrusted
	// container workloads. This is an optional setting, except if
	// DefaultWorkloadTrust is set to "untrusted".
	RuntimeUntrustedWorkload string `toml:"runtime_untrusted_workload"`

	// DefaultWorkloadTrust is the default level of trust crio puts in container
	// workloads. This can either be "trusted" or "untrusted" and the default
	// is "trusted"
	// Containers can be run through different container runtimes, depending on
	// the trust hints we receive from kubelet:
	// - If kubelet tags a container workload as untrusted, crio will try first
	// to run it through the untrusted container workload runtime. If it is not
	// set, crio will use the trusted runtime.
	// - If kubelet does not provide any information about the container workload trust
	// level, the selected runtime will depend on the DefaultWorkloadTrust setting.
	// If it is set to "untrusted", then all containers except for the host privileged
	// ones, will be run by the RuntimeUntrustedWorkload runtime. Host privileged
	// containers are by definition trusted and will always use the trusted container
	// runtime. If DefaultWorkloadTrust is set to "trusted", crio will use the trusted
	// container runtime for all containers.
	DefaultWorkloadTrust string `toml:"default_workload_trust"`

	// NoPivot instructs the runtime to not use `pivot_root`, but instead use `MS_MOVE`
	NoPivot bool `toml:"no_pivot"`

	// Conmon is the path to conmon binary, used for managing the runtime.
	Conmon string `toml:"conmon"`

	// ConmonEnv is the environment variable list for conmon process.
	ConmonEnv []string `toml:"conmon_env"`

	// SELinux determines whether or not SELinux is used for pod separation.
	SELinux bool `toml:"selinux"`

	// SeccompProfile is the seccomp json profile path which is used as the
	// default for the runtime.
	SeccompProfile string `toml:"seccomp_profile"`

	// ApparmorProfile is the apparmor profile name which is used as the
	// default for the runtime.
	ApparmorProfile string `toml:"apparmor_profile"`

	// CgroupManager is the manager implementation name which is used to
	// handle cgroups for containers.
	CgroupManager string `toml:"cgroup_manager"`

	// HooksDirPath location of oci hooks config files
	HooksDirPath string `toml:"hooks_dir_path"`

	// DefaultMounts is the list of mounts to be mounted for each container
	// The format of each mount is "host-path:container-path"
	DefaultMounts []string `toml:"default_mounts"`

	// Hooks List of hooks to run with container
	Hooks map[string]HookParams

	// PidsLimit is the number of processes each container is restricted to
	// by the cgroup process number controller.
	PidsLimit int64 `toml:"pids_limit"`

	// LogSizeMax is the maximum number of bytes after which the log file
	// will be truncated. It can be expressed as a human-friendly string
	// that is parsed to bytes.
	// Negative values indicate that the log file won't be truncated.
	LogSizeMax int64 `toml:"log_size_max"`

	// ContainerExitsDir is the directory in which container exit files are
	// written to by conmon.
	ContainerExitsDir string `toml:"container_exits_dir"`

	// ManageNetworkNSLifecycle determines whether we pin and remove network namespace
	// and manage its lifecycle
	ManageNetworkNSLifecycle bool `toml:"manage_network_ns_lifecycle"`
}

RuntimeConfig represents the "crio.runtime" TOML config table.

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL