oci

package
v1.0.1 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jun 25, 2024 License: Apache-2.0 Imports: 73 Imported by: 0

Documentation

Index

Constants

View Source
const (
	AttachPipeStdin  = 1
	AttachPipeStdout = 2
	AttachPipeStderr = 3
)

Sync with stdpipe_t in conmon.c

View Source
const (
	// ContainerStateCreated represents the created state of a container
	ContainerStateCreated = "created"
	// ContainerStatePaused represents the paused state of a container
	ContainerStatePaused = "paused"
	// ContainerStateRunning represents the running state of a container
	ContainerStateRunning = "running"
	// ContainerStateStopped represents the stopped state of a container
	ContainerStateStopped = "stopped"
	// ContainerCreateTimeout represents the value of container creating timeout
	ContainerCreateTimeout = 240 * time.Second
)
View Source
const InfraContainerName = "POD"
View Source
const (
	KataVirtualVolumeOptionName = "io.katacontainers.volume"
)
View Source
const (
	// RuntimeTypeOCI is the type representing the RuntimeOCI implementation.
	RuntimeTypeOCI = "oci"
)

Variables

View Source
var (
	ErrContainerStopped = errors.New("container is already stopped")
	ErrNotFound         = errors.New("container process not found")
	ErrNotInitialized   = errors.New("container PID not initialized")
)

Functions

func EncodeKataVirtualVolumeToBase64

func EncodeKataVirtualVolumeToBase64(ctx context.Context, volume *katavolume.KataVirtualVolume) (string, error)

func GetPidStartTimeFromFile

func GetPidStartTimeFromFile(file string) (string, error)

GetPidStartTimeFromFile reads a file as if it were a /proc/<PID>/stat file, looking for a process start time for a given PID. It is abstracted out to allow for unit testing.

func Kill

func Kill(pid int) error

func ReadConmonPidFile

func ReadConmonPidFile(c *Container) (int, error)

ReadConmonPidFile attempts to read conmon's pid from its pid file This function makes no verification that this file should exist it is up to the caller to verify that this container has a conmon

func TruncateAndReadFile

func TruncateAndReadFile(ctx context.Context, path string, size int64) ([]byte, error)

Types

type Container

type Container struct {
	// contains filtered or unexported fields
}

Container represents a runtime container.

func NewContainer

func NewContainer(id, name, bundlePath, logPath string, labels, crioAnnotations, annotations map[string]string, userRequestedImage string, imageName *references.RegistryImageReference, imageID *storage.StorageImageID, someRepoDigest string, md *types.ContainerMetadata, sandbox string, terminal, stdin, stdinOnce bool, runtimeHandler, dir string, created time.Time, stopSignal string) (*Container, error)

NewContainer creates a container object. userRequestedImage is the users' input originally used to find imageID; it might evaluate to a different image (or to a different kind of reference!) at any future time. imageName, if set, is _some_ name of the image imageID; it may have NO RELATIONSHIP to the users’ requested image name. imageID is nil for infra containers. someRepoDigest, if set, is some repo@some digest of the image imageID; it may have NO RELATIONSHIP to the users’ requested image name (and, which should be fixed eventually, may be a repo@digest combination which has never existed on a registry).

func NewSpoofedContainer

func NewSpoofedContainer(id, name string, labels map[string]string, sandbox string, created time.Time, dir string) *Container

func (*Container) AddExecPID

func (c *Container) AddExecPID(pid int, shouldKill bool) error

AddExecPID registers a PID associated with an exec session. It is tracked so exec sessions can be cancelled when the container is being stopped. If the PID is conmon, shouldKill should be false, as we should not call SIGKILL on conmon. If it is an exec session, shouldKill should be true, as we can't guarantee the exec process will have a SIGINT handler.

func (*Container) AddManagedPIDNamespace

func (c *Container) AddManagedPIDNamespace(ns nsmgr.Namespace)

func (*Container) AddVolume

func (c *Container) AddVolume(v ContainerVolume)

AddVolume adds a volume to list of container volumes.

func (*Container) Annotations

func (c *Container) Annotations() map[string]string

Annotations returns the annotations of the container.

func (*Container) BundlePath

func (c *Container) BundlePath() string

BundlePath returns the bundlePath of the container.

func (*Container) CRIAttributes

func (c *Container) CRIAttributes() *types.ContainerAttributes

func (*Container) CRIContainer

func (c *Container) CRIContainer() *types.Container

func (*Container) CheckpointPath

func (c *Container) CheckpointPath() string

CheckpointPath returns the path to the directory containing the checkpoint

func (*Container) CheckpointedAt

func (c *Container) CheckpointedAt() time.Time

CheckpointedAt returns the container checkpoint time

func (*Container) CleanupConmonCgroup

func (c *Container) CleanupConmonCgroup(ctx context.Context)

CleanupConmonCgroup cleans up conmon's group when using cgroupfs.

func (*Container) ConmonCgroupfsPath

func (c *Container) ConmonCgroupfsPath() string

ConmonCgroupfsPath returns the path to conmon's cgroup. This is only set when cgroupfs is used as a cgroup manager.

func (*Container) Created

func (c *Container) Created() bool

Created returns whether the container was created successfully

func (*Container) CreatedAt

func (c *Container) CreatedAt() time.Time

CreatedAt returns the container creation time

func (*Container) CrioAnnotations

func (c *Container) CrioAnnotations() map[string]string

CrioAnnotations returns the crio annotations of the container.

func (*Container) DeleteExecPID

func (c *Container) DeleteExecPID(pid int)

DeleteExecPID is for deregistering a pid after it has exited.

func (*Container) Description

func (c *Container) Description() string

Description returns a description for the container

func (*Container) Dir

func (c *Container) Dir() string

Dir returns the dir of the container

func (*Container) FromDisk

func (c *Container) FromDisk() error

FromDisk restores container's state from disk Calls to FromDisk should always be preceded by call to Runtime.UpdateContainerStatus. This is because FromDisk() initializes the InitStartTime for the saved container state when CRI-O is being upgraded to a version that supports tracking PID, but does no verification the container is actually still running. If we assume the container is still running, we could incorrectly think a process with the same PID running on the host is our container. A call to `$runtime state` will protect us against this.

func (*Container) GetResources

func (c *Container) GetResources() *types.ContainerResources

GetResources returns a copy of the Linux resources from Container

func (*Container) GetStopSignal

func (c *Container) GetStopSignal() string

GetStopSignal returns the container's own stop signal configured from the image configuration or the default one.

func (*Container) ID

func (c *Container) ID() string

ID returns the id of the container.

func (*Container) IDMappings

func (c *Container) IDMappings() *idtools.IDMappings

IDMappings returns the ID/GID mappings used for the container

func (*Container) ImageID

func (c *Container) ImageID() *storage.StorageImageID

ImageID returns the image ID of the container, or nil for infra containers.

func (*Container) ImageName

ImageName returns _some_ name of the image imageID, if any; it may have NO RELATIONSHIP to the users’ requested image name.

func (*Container) IsInfra

func (c *Container) IsInfra() bool

func (*Container) KillExecPIDs

func (c *Container) KillExecPIDs()

KillExecPIDs loops through the saved execPIDs and sends a signal to them. If shouldKill is true, the signal is SIGKILL. Otherwise, SIGINT.

func (*Container) Labels

func (c *Container) Labels() map[string]string

Labels returns the labels of the container.

func (*Container) Living

func (c *Container) Living() error

Living checks if a container's init PID exists and it's running, without calling a given runtime directly to check the state, which is expensive.

func (*Container) LogPath

func (c *Container) LogPath() string

LogPath returns the log path of the container.

func (*Container) Metadata

func (c *Container) Metadata() *types.ContainerMetadata

Metadata returns the metadata of the container.

func (*Container) MountPoint

func (c *Container) MountPoint() string

MountPoint returns the container mount point

func (*Container) Name

func (c *Container) Name() string

Name returns the name of the container.

func (*Container) Pid

func (c *Container) Pid() (int, error)

Pid returns the container's init PID. It will fail if the saved PID no longer belongs to the container.

func (*Container) ProcessState

func (c *Container) ProcessState() (string, error)

ProcessState checks if a container's init PID exists and it's running without calling a given runtime directly to check the state, which is expensive, and additionally returns the current state of the init process as reported by the operating system.

func (*Container) RemoveManagedPIDNamespace

func (c *Container) RemoveManagedPIDNamespace() error

func (*Container) Restore

func (c *Container) Restore() bool

Restore returns if the container is marked as being restored from a checkpoint

func (*Container) RestoreArchivePath

func (c *Container) RestoreArchivePath() string

If Restore(), and the container is being restored from a local path, RestoreArchivePath returns that path.

func (*Container) RestoreStorageImageID

func (c *Container) RestoreStorageImageID() *storage.StorageImageID

If Restore(), and the container is being restored from a container image, restoreStorageImageID returns the ID of that image.

func (*Container) RuntimePathForPlatform

func (c *Container) RuntimePathForPlatform(r *runtimeOCI) string

RuntimePathForPlatform returns the runtime path for a given platform.

func (*Container) Sandbox

func (c *Container) Sandbox() string

Sandbox returns the sandbox name of the container.

func (*Container) SeccompProfilePath

func (c *Container) SeccompProfilePath() string

SeccompProfilePath returns the seccomp profile path.

func (*Container) SetAsDoneStopping

func (c *Container) SetAsDoneStopping()

func (*Container) SetAsStopping

func (c *Container) SetAsStopping() (setToStopping bool)

SetAsStopping marks a container as being stopped. Returns true if the container was not set as stopping before, and false otherwise (i.e. on subsequent calls)."

func (*Container) SetCheckpointedAt

func (c *Container) SetCheckpointedAt(checkpointedAt time.Time)

SetCheckpointedAt sets the time of checkpointing

func (*Container) SetCreated

func (c *Container) SetCreated()

SetCreated sets the created flag to true once container is created

func (*Container) SetIDMappings

func (c *Container) SetIDMappings(mappings *idtools.IDMappings)

SetIDMappings sets the ID/GID mappings used for the container

func (*Container) SetMountPoint

func (c *Container) SetMountPoint(mp string)

SetMountPoint sets the container mount point

func (*Container) SetResources

func (c *Container) SetResources(s *specs.Spec)

SetResources loads the OCI Spec.Linux.Resources in the container struct

func (*Container) SetRestore

func (c *Container) SetRestore(restore bool)

SetRestore marks the container as being restored from a checkpoint

func (*Container) SetRestoreArchivePath

func (c *Container) SetRestoreArchivePath(restoreArchivePath string)

func (*Container) SetRestoreStorageImageID

func (c *Container) SetRestoreStorageImageID(restoreStorageImageID *storage.StorageImageID)

func (*Container) SetRuntimePathForPlatform

func (c *Container) SetRuntimePathForPlatform(runtimePath string)

SetRuntimePathForPlatform sets the runtime path for a given platform.

func (*Container) SetSandbox

func (c *Container) SetSandbox(podSandboxID string)

SetSandbox sets the ID of the Sandbox.

func (*Container) SetSeccompProfilePath

func (c *Container) SetSeccompProfilePath(pp string)

SetSeccompProfilePath sets the seccomp profile path.

func (*Container) SetSpec

func (c *Container) SetSpec(s *specs.Spec)

SetSpec loads the OCI spec in the container struct

func (*Container) SetStartFailed

func (c *Container) SetStartFailed(err error)

SetStartFailed sets the container state appropriately after a start failure

func (*Container) ShouldBeStopped

func (c *Container) ShouldBeStopped() error

ShouldBeStopped checks whether the container state is in a place where attempting to stop it makes sense a container is not stoppable if it's paused or stopped if it's paused, that's an error, and is reported as such

func (*Container) Spec

func (c *Container) Spec() specs.Spec

Spec returns a copy of the spec for the container

func (*Container) Spoofed

func (c *Container) Spoofed() bool

Spoofed returns whether this container is spoofed. A container should be spoofed when it doesn't have to exist in the container runtime, but does need to exist in the storage. The main use of this is when an infra container is not needed, but sandbox metadata should be stored with a spoofed infra container.

func (*Container) State

func (c *Container) State() *ContainerState

State returns the state of the running container

func (*Container) StateNoLock

func (c *Container) StateNoLock() *ContainerState

StateNoLock returns the state of a container without using a lock.

func (*Container) StatePath

func (c *Container) StatePath() string

StatePath returns the containers state.json path

func (*Container) StdinOnce

func (c *Container) StdinOnce() bool

StdinOnce returns whether stdin once is set for the container.

func (*Container) StopSignal

func (c *Container) StopSignal() syscall.Signal

StopSignal returns the container's own stop signal configured from the image configuration or the default one.

func (*Container) UserRequestedImage

func (c *Container) UserRequestedImage() string

UserRequestedImage returns the users' input originally used to find imageID; it might evaluate to a different image (or to a different kind of reference!) at any future time.

func (*Container) Volumes

func (c *Container) Volumes() []ContainerVolume

Volumes returns the list of container volumes.

func (*Container) WaitOnStopTimeout

func (c *Container) WaitOnStopTimeout(ctx context.Context, timeout int64)

type ContainerState

type ContainerState struct {
	specs.State
	Created       time.Time `json:"created"`
	Started       time.Time `json:"started,omitempty"`
	Finished      time.Time `json:"finished,omitempty"`
	ExitCode      *int32    `json:"exitCode,omitempty"`
	OOMKilled     bool      `json:"oomKilled,omitempty"`
	SeccompKilled bool      `json:"seccompKilled,omitempty"`
	Error         string    `json:"error,omitempty"`
	InitPid       int       `json:"initPid,omitempty"`
	// The unix start time of the container's init PID.
	// This is used to track whether the PID we have stored
	// is the same as the corresponding PID on the host.
	InitStartTime string `json:"initStartTime,omitempty"`
	// Checkpoint/Restore related states
	CheckpointedAt time.Time `json:"checkpointedTime,omitempty"`
}

ContainerState represents the status of a container.

func (*ContainerState) SetInitPid

func (cstate *ContainerState) SetInitPid(pid int) error

SetInitPid initializes the InitPid and InitStartTime for the container state given a PID. These values should be set once, and not changed again.

type ContainerStorer

type ContainerStorer interface {
	// Add appends a new container to the store.
	Add(string, *Container)
	// Get returns a container from the store by the identifier it was stored with.
	Get(string) *Container
	// Delete removes a container from the store by the identifier it was stored with.
	Delete(string)
	// List returns a list of containers from the store.
	List() []*Container
	// Size returns the number of containers in the store.
	Size() int
	// First returns the first container found in the store by a given filter.
	First(StoreFilter) *Container
	// ApplyAll calls the reducer function with every container in the store.
	ApplyAll(StoreReducer)
}

ContainerStorer defines an interface that any container store must implement.

func NewMemoryStore

func NewMemoryStore() ContainerStorer

NewMemoryStore initializes a new memory store.

type ContainerVolume

type ContainerVolume struct {
	ContainerPath     string                 `json:"container_path"`
	HostPath          string                 `json:"host_path"`
	Readonly          bool                   `json:"readonly"`
	RecursiveReadOnly bool                   `json:"recursive_read_only"`
	Propagation       types.MountPropagation `json:"propagation"`
	SelinuxRelabel    bool                   `json:"selinux_relabel"`
}

ContainerVolume is a bind mount for the container.

type ExecSyncError

type ExecSyncError struct {
	Stdout   bytes.Buffer
	Stderr   bytes.Buffer
	ExitCode int32
	Err      error
}

ExecSyncError wraps command's streams, exit code and error on ExecSync error.

func (*ExecSyncError) Error

func (e *ExecSyncError) Error() string

type History

type History []*Container

History is a convenience type for storing a list of containers, sorted by creation date in descendant order.

func (*History) Len

func (history *History) Len() int

Len returns the number of containers in the history.

func (*History) Less

func (history *History) Less(i, j int) bool

Less compares two containers and returns true if the second one was created before the first one.

func (*History) Swap

func (history *History) Swap(i, j int)

Swap switches containers i and j positions in the history.

type Runtime

type Runtime struct {
	// contains filtered or unexported fields
}

Runtime is the generic structure holding both global and specific information about the runtime.

func New

func New(c *config.Config) (*Runtime, error)

New creates a new Runtime with options provided

func (*Runtime) AllowedAnnotations

func (r *Runtime) AllowedAnnotations(handler string) ([]string, error)

AllowedAnnotations returns the allowed annotations for this runtime.

func (*Runtime) AttachContainer

func (r *Runtime) AttachContainer(ctx context.Context, c *Container, inputStream io.Reader, outputStream, errorStream io.WriteCloser, tty bool, resizeChan <-chan remotecommand.TerminalSize) error

AttachContainer attaches IO to a running container.

func (*Runtime) CheckpointContainer

func (r *Runtime) CheckpointContainer(ctx context.Context, c *Container, specgen *rspec.Spec, leaveRunning bool) error

CheckpointContainer checkpoints a container.

func (*Runtime) ContainerStats

func (r *Runtime) ContainerStats(ctx context.Context, c *Container, cgroup string) (*cgmgr.CgroupStats, error)

ContainerStats provides statistics of a container.

func (*Runtime) CreateContainer

func (r *Runtime) CreateContainer(ctx context.Context, c *Container, cgroupParent string, restore bool) error

CreateContainer creates a container.

func (*Runtime) DeleteContainer

func (r *Runtime) DeleteContainer(ctx context.Context, c *Container) (err error)

DeleteContainer deletes a container.

func (*Runtime) ExecContainer

func (r *Runtime) ExecContainer(ctx context.Context, c *Container, cmd []string, stdin io.Reader, stdout, stderr io.WriteCloser, tty bool, resizeChan <-chan remotecommand.TerminalSize) error

ExecContainer prepares a streaming endpoint to execute a command in the container.

func (*Runtime) ExecSyncContainer

func (r *Runtime) ExecSyncContainer(ctx context.Context, c *Container, command []string, timeout int64) (*types.ExecSyncResponse, error)

ExecSyncContainer execs a command in a container and returns it's stdout, stderr and return code.

func (*Runtime) GetContainerMinMemory

func (r *Runtime) GetContainerMinMemory(runtimeHandler string) (int64, error)

GetContainerMinMemory returns the minimum memory for a container for a given runtime handler.

func (*Runtime) PauseContainer

func (r *Runtime) PauseContainer(ctx context.Context, c *Container) error

PauseContainer pauses a container.

func (*Runtime) PlatformRuntimePath

func (r *Runtime) PlatformRuntimePath(handler, platform string) (string, error)

PlatformRuntimePath returns the runtime path for a given platform.

func (*Runtime) PortForwardContainer

func (r *Runtime) PortForwardContainer(ctx context.Context, c *Container, netNsPath string, port int32, stream io.ReadWriteCloser) error

PortForwardContainer forwards the specified port provides statistics of a container.

func (*Runtime) PrivilegedWithoutHostDevices

func (r *Runtime) PrivilegedWithoutHostDevices(handler string) (bool, error)

PrivilegedWithoutHostDevices returns a boolean value configured for the runtimeHandler indicating if devices on the host are passed/not passed to a container running as privileged.

func (*Runtime) ReopenContainerLog

func (r *Runtime) ReopenContainerLog(ctx context.Context, c *Container) error

ReopenContainerLog reopens the log file of a container.

func (*Runtime) RestoreContainer

func (r *Runtime) RestoreContainer(ctx context.Context, c *Container, cgroupParent, mountLabel string) error

RestoreContainer restores a container.

func (*Runtime) RuntimeImpl

func (r *Runtime) RuntimeImpl(c *Container) (RuntimeImpl, error)

RuntimeImpl returns the runtime implementation for a given container

func (*Runtime) RuntimeSupportsIDMap

func (r *Runtime) RuntimeSupportsIDMap(runtimeHandler string) bool

RuntimeSupportsIDMap returns whether the runtime of runtimeHandler supports the "runtime features" command, and that the output of that command advertises IDMapped mounts as an option

func (*Runtime) RuntimeSupportsRROMounts

func (r *Runtime) RuntimeSupportsRROMounts(runtimeHandler string) bool

RuntimeSupportsRROMounts returns whether the runtime of runtimeHandler supports the "runtime features" command and that the output advertises support for the Recursive Read-only (RRO) mount as an option.

func (*Runtime) RuntimeType

func (r *Runtime) RuntimeType(runtimeHandler string) (string, error)

RuntimeType returns the type of runtimeHandler This is needed when callers need to do specific work for oci vs vm containers, like monitor an oci container's conmon.

func (*Runtime) Runtimes

func (r *Runtime) Runtimes() config.Runtimes

Runtimes returns the map of OCI runtimes.

func (*Runtime) SignalContainer

func (r *Runtime) SignalContainer(ctx context.Context, c *Container, sig syscall.Signal) error

SignalContainer sends a signal to a container process.

func (*Runtime) StartContainer

func (r *Runtime) StartContainer(ctx context.Context, c *Container) error

StartContainer starts a container.

func (*Runtime) StopContainer

func (r *Runtime) StopContainer(ctx context.Context, c *Container, timeout int64) error

StopContainer stops a container. Timeout is given in seconds.

func (*Runtime) Timezone

func (r *Runtime) Timezone() string

Timezone returns the timezone configured inside the container.

func (*Runtime) UnpauseContainer

func (r *Runtime) UnpauseContainer(ctx context.Context, c *Container) error

UnpauseContainer unpauses a container.

func (*Runtime) UpdateContainer

func (r *Runtime) UpdateContainer(ctx context.Context, c *Container, res *rspec.LinuxResources) error

UpdateContainer updates container resources

func (*Runtime) UpdateContainerStatus

func (r *Runtime) UpdateContainerStatus(ctx context.Context, c *Container) error

UpdateContainerStatus refreshes the status of the container.

func (*Runtime) ValidateRuntimeHandler

func (r *Runtime) ValidateRuntimeHandler(handler string) (*config.RuntimeHandler, error)

ValidateRuntimeHandler returns an error if the runtime handler string provided does not match any valid use case.

type RuntimeImpl

type RuntimeImpl interface {
	CreateContainer(context.Context, *Container, string, bool) error
	StartContainer(context.Context, *Container) error
	ExecContainer(context.Context, *Container, []string, io.Reader, io.WriteCloser, io.WriteCloser,
		bool, <-chan remotecommand.TerminalSize) error
	ExecSyncContainer(context.Context, *Container, []string, int64) (*types.ExecSyncResponse, error)
	UpdateContainer(context.Context, *Container, *rspec.LinuxResources) error
	StopContainer(context.Context, *Container, int64) error
	DeleteContainer(context.Context, *Container) error
	UpdateContainerStatus(context.Context, *Container) error
	PauseContainer(context.Context, *Container) error
	UnpauseContainer(context.Context, *Container) error
	ContainerStats(context.Context, *Container, string) (*cgmgr.CgroupStats, error)
	SignalContainer(context.Context, *Container, syscall.Signal) error
	AttachContainer(context.Context, *Container, io.Reader, io.WriteCloser, io.WriteCloser,
		bool, <-chan remotecommand.TerminalSize) error
	PortForwardContainer(context.Context, *Container, string,
		int32, io.ReadWriteCloser) error
	ReopenContainerLog(context.Context, *Container) error
	CheckpointContainer(context.Context, *Container, *rspec.Spec, bool) error
	RestoreContainer(context.Context, *Container, string, string) error
}

RuntimeImpl is an interface used by the caller to interact with the container runtime. The purpose of this interface being to abstract implementations and their associated assumptions regarding the way to interact with containers. This will allow for new implementations of this interface, especially useful for the case of VM based container runtimes. Assumptions based on the fact that a container process runs on the host will be limited to the RuntimeOCI implementation.

type StoreFilter

type StoreFilter func(*Container) bool

StoreFilter defines a function to filter container in the store.

type StoreReducer

type StoreReducer func(*Container)

StoreReducer defines a function to manipulate containers in the store

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL