Documentation ¶
Index ¶
- Constants
- Variables
- func EncodeKataVirtualVolumeToBase64(ctx context.Context, volume *katavolume.KataVirtualVolume) (string, error)
- func GetPidStartTimeFromFile(file string) (string, error)
- func Kill(pid int) error
- func ReadConmonPidFile(c *Container) (int, error)
- func TruncateAndReadFile(ctx context.Context, path string, size int64) ([]byte, error)
- type Container
- func (c *Container) AddExecPID(pid int, shouldKill bool) error
- func (c *Container) AddManagedPIDNamespace(ns nsmgr.Namespace)
- func (c *Container) AddVolume(v ContainerVolume)
- func (c *Container) Annotations() map[string]string
- func (c *Container) BundlePath() string
- func (c *Container) CRIAttributes() *types.ContainerAttributes
- func (c *Container) CRIContainer() *types.Container
- func (c *Container) CheckpointPath() string
- func (c *Container) CheckpointedAt() time.Time
- func (c *Container) CleanupConmonCgroup(ctx context.Context)
- func (c *Container) ConmonCgroupfsPath() string
- func (c *Container) Created() bool
- func (c *Container) CreatedAt() time.Time
- func (c *Container) CrioAnnotations() map[string]string
- func (c *Container) DeleteExecPID(pid int)
- func (c *Container) Description() string
- func (c *Container) Dir() string
- func (c *Container) FromDisk() error
- func (c *Container) GetResources() *types.ContainerResources
- func (c *Container) GetStopSignal() string
- func (c *Container) ID() string
- func (c *Container) IDMappings() *idtools.IDMappings
- func (c *Container) ImageID() *storage.StorageImageID
- func (c *Container) ImageName() *references.RegistryImageReference
- func (c *Container) IsInfra() bool
- func (c *Container) KillExecPIDs()
- func (c *Container) Labels() map[string]string
- func (c *Container) Living() error
- func (c *Container) LogPath() string
- func (c *Container) Metadata() *types.ContainerMetadata
- func (c *Container) MountPoint() string
- func (c *Container) Name() string
- func (c *Container) Pid() (int, error)
- func (c *Container) ProcessState() (string, error)
- func (c *Container) RemoveManagedPIDNamespace() error
- func (c *Container) Restore() bool
- func (c *Container) RestoreArchivePath() string
- func (c *Container) RestoreStorageImageID() *storage.StorageImageID
- func (c *Container) RuntimePathForPlatform(r *runtimeOCI) string
- func (c *Container) Sandbox() string
- func (c *Container) SeccompProfilePath() string
- func (c *Container) SetAsDoneStopping()
- func (c *Container) SetAsStopping() (setToStopping bool)
- func (c *Container) SetCheckpointedAt(checkpointedAt time.Time)
- func (c *Container) SetCreated()
- func (c *Container) SetIDMappings(mappings *idtools.IDMappings)
- func (c *Container) SetMountPoint(mp string)
- func (c *Container) SetResources(s *specs.Spec)
- func (c *Container) SetRestore(restore bool)
- func (c *Container) SetRestoreArchivePath(restoreArchivePath string)
- func (c *Container) SetRestoreStorageImageID(restoreStorageImageID *storage.StorageImageID)
- func (c *Container) SetRuntimePathForPlatform(runtimePath string)
- func (c *Container) SetSandbox(podSandboxID string)
- func (c *Container) SetSeccompProfilePath(pp string)
- func (c *Container) SetSpec(s *specs.Spec)
- func (c *Container) SetStartFailed(err error)
- func (c *Container) ShouldBeStopped() error
- func (c *Container) Spec() specs.Spec
- func (c *Container) Spoofed() bool
- func (c *Container) State() *ContainerState
- func (c *Container) StateNoLock() *ContainerState
- func (c *Container) StatePath() string
- func (c *Container) StdinOnce() bool
- func (c *Container) StopSignal() syscall.Signal
- func (c *Container) UserRequestedImage() string
- func (c *Container) Volumes() []ContainerVolume
- func (c *Container) WaitOnStopTimeout(ctx context.Context, timeout int64)
- type ContainerState
- type ContainerStorer
- type ContainerVolume
- type ExecSyncError
- type History
- type Runtime
- func (r *Runtime) AllowedAnnotations(handler string) ([]string, error)
- func (r *Runtime) AttachContainer(ctx context.Context, c *Container, inputStream io.Reader, ...) error
- func (r *Runtime) CheckpointContainer(ctx context.Context, c *Container, specgen *rspec.Spec, leaveRunning bool) error
- func (r *Runtime) ContainerStats(ctx context.Context, c *Container, cgroup string) (*cgmgr.CgroupStats, error)
- func (r *Runtime) CreateContainer(ctx context.Context, c *Container, cgroupParent string, restore bool) error
- func (r *Runtime) DeleteContainer(ctx context.Context, c *Container) (err error)
- func (r *Runtime) ExecContainer(ctx context.Context, c *Container, cmd []string, stdin io.Reader, ...) error
- func (r *Runtime) ExecSyncContainer(ctx context.Context, c *Container, command []string, timeout int64) (*types.ExecSyncResponse, error)
- func (r *Runtime) GetContainerMinMemory(runtimeHandler string) (int64, error)
- func (r *Runtime) PauseContainer(ctx context.Context, c *Container) error
- func (r *Runtime) PlatformRuntimePath(handler, platform string) (string, error)
- func (r *Runtime) PortForwardContainer(ctx context.Context, c *Container, netNsPath string, port int32, ...) error
- func (r *Runtime) PrivilegedWithoutHostDevices(handler string) (bool, error)
- func (r *Runtime) ReopenContainerLog(ctx context.Context, c *Container) error
- func (r *Runtime) RestoreContainer(ctx context.Context, c *Container, cgroupParent, mountLabel string) error
- func (r *Runtime) RuntimeImpl(c *Container) (RuntimeImpl, error)
- func (r *Runtime) RuntimeSupportsIDMap(runtimeHandler string) bool
- func (r *Runtime) RuntimeSupportsRROMounts(runtimeHandler string) bool
- func (r *Runtime) RuntimeType(runtimeHandler string) (string, error)
- func (r *Runtime) Runtimes() config.Runtimes
- func (r *Runtime) SignalContainer(ctx context.Context, c *Container, sig syscall.Signal) error
- func (r *Runtime) StartContainer(ctx context.Context, c *Container) error
- func (r *Runtime) StopContainer(ctx context.Context, c *Container, timeout int64) error
- func (r *Runtime) Timezone() string
- func (r *Runtime) UnpauseContainer(ctx context.Context, c *Container) error
- func (r *Runtime) UpdateContainer(ctx context.Context, c *Container, res *rspec.LinuxResources) error
- func (r *Runtime) UpdateContainerStatus(ctx context.Context, c *Container) error
- func (r *Runtime) ValidateRuntimeHandler(handler string) (*config.RuntimeHandler, error)
- type RuntimeImpl
- type StoreFilter
- type StoreReducer
Constants ¶
const ( AttachPipeStdin = 1 AttachPipeStdout = 2 AttachPipeStderr = 3 )
Sync with stdpipe_t in conmon.c
const ( // ContainerStateCreated represents the created state of a container ContainerStateCreated = "created" // ContainerStatePaused represents the paused state of a container ContainerStatePaused = "paused" // ContainerStateRunning represents the running state of a container ContainerStateRunning = "running" // ContainerStateStopped represents the stopped state of a container ContainerStateStopped = "stopped" // ContainerCreateTimeout represents the value of container creating timeout ContainerCreateTimeout = 240 * time.Second )
const InfraContainerName = "POD"
const (
KataVirtualVolumeOptionName = "io.katacontainers.volume"
)
const (
// RuntimeTypeOCI is the type representing the RuntimeOCI implementation.
RuntimeTypeOCI = "oci"
)
Variables ¶
Functions ¶
func EncodeKataVirtualVolumeToBase64 ¶
func EncodeKataVirtualVolumeToBase64(ctx context.Context, volume *katavolume.KataVirtualVolume) (string, error)
func GetPidStartTimeFromFile ¶
GetPidStartTimeFromFile reads a file as if it were a /proc/<PID>/stat file, looking for a process start time for a given PID. It is abstracted out to allow for unit testing.
func ReadConmonPidFile ¶
ReadConmonPidFile attempts to read conmon's pid from its pid file This function makes no verification that this file should exist it is up to the caller to verify that this container has a conmon
Types ¶
type Container ¶
type Container struct {
// contains filtered or unexported fields
}
Container represents a runtime container.
func NewContainer ¶
func NewContainer(id, name, bundlePath, logPath string, labels, crioAnnotations, annotations map[string]string, userRequestedImage string, imageName *references.RegistryImageReference, imageID *storage.StorageImageID, someRepoDigest string, md *types.ContainerMetadata, sandbox string, terminal, stdin, stdinOnce bool, runtimeHandler, dir string, created time.Time, stopSignal string) (*Container, error)
NewContainer creates a container object. userRequestedImage is the users' input originally used to find imageID; it might evaluate to a different image (or to a different kind of reference!) at any future time. imageName, if set, is _some_ name of the image imageID; it may have NO RELATIONSHIP to the users’ requested image name. imageID is nil for infra containers. someRepoDigest, if set, is some repo@some digest of the image imageID; it may have NO RELATIONSHIP to the users’ requested image name (and, which should be fixed eventually, may be a repo@digest combination which has never existed on a registry).
func NewSpoofedContainer ¶
func (*Container) AddExecPID ¶
AddExecPID registers a PID associated with an exec session. It is tracked so exec sessions can be cancelled when the container is being stopped. If the PID is conmon, shouldKill should be false, as we should not call SIGKILL on conmon. If it is an exec session, shouldKill should be true, as we can't guarantee the exec process will have a SIGINT handler.
func (*Container) AddManagedPIDNamespace ¶
func (*Container) AddVolume ¶
func (c *Container) AddVolume(v ContainerVolume)
AddVolume adds a volume to list of container volumes.
func (*Container) Annotations ¶
Annotations returns the annotations of the container.
func (*Container) BundlePath ¶
BundlePath returns the bundlePath of the container.
func (*Container) CRIAttributes ¶
func (c *Container) CRIAttributes() *types.ContainerAttributes
func (*Container) CRIContainer ¶
func (*Container) CheckpointPath ¶
CheckpointPath returns the path to the directory containing the checkpoint
func (*Container) CheckpointedAt ¶
CheckpointedAt returns the container checkpoint time
func (*Container) CleanupConmonCgroup ¶
CleanupConmonCgroup cleans up conmon's group when using cgroupfs.
func (*Container) ConmonCgroupfsPath ¶
ConmonCgroupfsPath returns the path to conmon's cgroup. This is only set when cgroupfs is used as a cgroup manager.
func (*Container) CrioAnnotations ¶
CrioAnnotations returns the crio annotations of the container.
func (*Container) DeleteExecPID ¶
DeleteExecPID is for deregistering a pid after it has exited.
func (*Container) Description ¶
Description returns a description for the container
func (*Container) FromDisk ¶
FromDisk restores container's state from disk Calls to FromDisk should always be preceded by call to Runtime.UpdateContainerStatus. This is because FromDisk() initializes the InitStartTime for the saved container state when CRI-O is being upgraded to a version that supports tracking PID, but does no verification the container is actually still running. If we assume the container is still running, we could incorrectly think a process with the same PID running on the host is our container. A call to `$runtime state` will protect us against this.
func (*Container) GetResources ¶
func (c *Container) GetResources() *types.ContainerResources
GetResources returns a copy of the Linux resources from Container
func (*Container) GetStopSignal ¶
GetStopSignal returns the container's own stop signal configured from the image configuration or the default one.
func (*Container) IDMappings ¶
func (c *Container) IDMappings() *idtools.IDMappings
IDMappings returns the ID/GID mappings used for the container
func (*Container) ImageID ¶
func (c *Container) ImageID() *storage.StorageImageID
ImageID returns the image ID of the container, or nil for infra containers.
func (*Container) ImageName ¶
func (c *Container) ImageName() *references.RegistryImageReference
ImageName returns _some_ name of the image imageID, if any; it may have NO RELATIONSHIP to the users’ requested image name.
func (*Container) KillExecPIDs ¶
func (c *Container) KillExecPIDs()
KillExecPIDs loops through the saved execPIDs and sends a signal to them. If shouldKill is true, the signal is SIGKILL. Otherwise, SIGINT.
func (*Container) Living ¶
Living checks if a container's init PID exists and it's running, without calling a given runtime directly to check the state, which is expensive.
func (*Container) Metadata ¶
func (c *Container) Metadata() *types.ContainerMetadata
Metadata returns the metadata of the container.
func (*Container) MountPoint ¶
MountPoint returns the container mount point
func (*Container) Pid ¶
Pid returns the container's init PID. It will fail if the saved PID no longer belongs to the container.
func (*Container) ProcessState ¶
ProcessState checks if a container's init PID exists and it's running without calling a given runtime directly to check the state, which is expensive, and additionally returns the current state of the init process as reported by the operating system.
func (*Container) RemoveManagedPIDNamespace ¶
func (*Container) Restore ¶
Restore returns if the container is marked as being restored from a checkpoint
func (*Container) RestoreArchivePath ¶
If Restore(), and the container is being restored from a local path, RestoreArchivePath returns that path.
func (*Container) RestoreStorageImageID ¶
func (c *Container) RestoreStorageImageID() *storage.StorageImageID
If Restore(), and the container is being restored from a container image, restoreStorageImageID returns the ID of that image.
func (*Container) RuntimePathForPlatform ¶
RuntimePathForPlatform returns the runtime path for a given platform.
func (*Container) SeccompProfilePath ¶
SeccompProfilePath returns the seccomp profile path.
func (*Container) SetAsDoneStopping ¶
func (c *Container) SetAsDoneStopping()
func (*Container) SetAsStopping ¶
SetAsStopping marks a container as being stopped. Returns true if the container was not set as stopping before, and false otherwise (i.e. on subsequent calls)."
func (*Container) SetCheckpointedAt ¶
SetCheckpointedAt sets the time of checkpointing
func (*Container) SetCreated ¶
func (c *Container) SetCreated()
SetCreated sets the created flag to true once container is created
func (*Container) SetIDMappings ¶
func (c *Container) SetIDMappings(mappings *idtools.IDMappings)
SetIDMappings sets the ID/GID mappings used for the container
func (*Container) SetMountPoint ¶
SetMountPoint sets the container mount point
func (*Container) SetResources ¶
SetResources loads the OCI Spec.Linux.Resources in the container struct
func (*Container) SetRestore ¶
SetRestore marks the container as being restored from a checkpoint
func (*Container) SetRestoreArchivePath ¶
func (*Container) SetRestoreStorageImageID ¶
func (c *Container) SetRestoreStorageImageID(restoreStorageImageID *storage.StorageImageID)
func (*Container) SetRuntimePathForPlatform ¶
SetRuntimePathForPlatform sets the runtime path for a given platform.
func (*Container) SetSandbox ¶
SetSandbox sets the ID of the Sandbox.
func (*Container) SetSeccompProfilePath ¶
SetSeccompProfilePath sets the seccomp profile path.
func (*Container) SetStartFailed ¶
SetStartFailed sets the container state appropriately after a start failure
func (*Container) ShouldBeStopped ¶
ShouldBeStopped checks whether the container state is in a place where attempting to stop it makes sense a container is not stoppable if it's paused or stopped if it's paused, that's an error, and is reported as such
func (*Container) Spoofed ¶
Spoofed returns whether this container is spoofed. A container should be spoofed when it doesn't have to exist in the container runtime, but does need to exist in the storage. The main use of this is when an infra container is not needed, but sandbox metadata should be stored with a spoofed infra container.
func (*Container) State ¶
func (c *Container) State() *ContainerState
State returns the state of the running container
func (*Container) StateNoLock ¶
func (c *Container) StateNoLock() *ContainerState
StateNoLock returns the state of a container without using a lock.
func (*Container) StopSignal ¶
StopSignal returns the container's own stop signal configured from the image configuration or the default one.
func (*Container) UserRequestedImage ¶
UserRequestedImage returns the users' input originally used to find imageID; it might evaluate to a different image (or to a different kind of reference!) at any future time.
func (*Container) Volumes ¶
func (c *Container) Volumes() []ContainerVolume
Volumes returns the list of container volumes.
type ContainerState ¶
type ContainerState struct { specs.State Created time.Time `json:"created"` Started time.Time `json:"started,omitempty"` Finished time.Time `json:"finished,omitempty"` ExitCode *int32 `json:"exitCode,omitempty"` OOMKilled bool `json:"oomKilled,omitempty"` SeccompKilled bool `json:"seccompKilled,omitempty"` Error string `json:"error,omitempty"` InitPid int `json:"initPid,omitempty"` // The unix start time of the container's init PID. // This is used to track whether the PID we have stored // is the same as the corresponding PID on the host. InitStartTime string `json:"initStartTime,omitempty"` // Checkpoint/Restore related states CheckpointedAt time.Time `json:"checkpointedTime,omitempty"` }
ContainerState represents the status of a container.
func (*ContainerState) SetInitPid ¶
func (cstate *ContainerState) SetInitPid(pid int) error
SetInitPid initializes the InitPid and InitStartTime for the container state given a PID. These values should be set once, and not changed again.
type ContainerStorer ¶
type ContainerStorer interface { // Add appends a new container to the store. Add(string, *Container) // Get returns a container from the store by the identifier it was stored with. Get(string) *Container // Delete removes a container from the store by the identifier it was stored with. Delete(string) // List returns a list of containers from the store. List() []*Container // Size returns the number of containers in the store. Size() int // First returns the first container found in the store by a given filter. First(StoreFilter) *Container // ApplyAll calls the reducer function with every container in the store. ApplyAll(StoreReducer) }
ContainerStorer defines an interface that any container store must implement.
func NewMemoryStore ¶
func NewMemoryStore() ContainerStorer
NewMemoryStore initializes a new memory store.
type ContainerVolume ¶
type ContainerVolume struct { ContainerPath string `json:"container_path"` HostPath string `json:"host_path"` Readonly bool `json:"readonly"` RecursiveReadOnly bool `json:"recursive_read_only"` Propagation types.MountPropagation `json:"propagation"` SelinuxRelabel bool `json:"selinux_relabel"` }
ContainerVolume is a bind mount for the container.
type ExecSyncError ¶
ExecSyncError wraps command's streams, exit code and error on ExecSync error.
func (*ExecSyncError) Error ¶
func (e *ExecSyncError) Error() string
type History ¶
type History []*Container
History is a convenience type for storing a list of containers, sorted by creation date in descendant order.
type Runtime ¶
type Runtime struct {
// contains filtered or unexported fields
}
Runtime is the generic structure holding both global and specific information about the runtime.
func (*Runtime) AllowedAnnotations ¶
AllowedAnnotations returns the allowed annotations for this runtime.
func (*Runtime) AttachContainer ¶
func (r *Runtime) AttachContainer(ctx context.Context, c *Container, inputStream io.Reader, outputStream, errorStream io.WriteCloser, tty bool, resizeChan <-chan remotecommand.TerminalSize) error
AttachContainer attaches IO to a running container.
func (*Runtime) CheckpointContainer ¶
func (r *Runtime) CheckpointContainer(ctx context.Context, c *Container, specgen *rspec.Spec, leaveRunning bool) error
CheckpointContainer checkpoints a container.
func (*Runtime) ContainerStats ¶
func (r *Runtime) ContainerStats(ctx context.Context, c *Container, cgroup string) (*cgmgr.CgroupStats, error)
ContainerStats provides statistics of a container.
func (*Runtime) CreateContainer ¶
func (r *Runtime) CreateContainer(ctx context.Context, c *Container, cgroupParent string, restore bool) error
CreateContainer creates a container.
func (*Runtime) DeleteContainer ¶
DeleteContainer deletes a container.
func (*Runtime) ExecContainer ¶
func (r *Runtime) ExecContainer(ctx context.Context, c *Container, cmd []string, stdin io.Reader, stdout, stderr io.WriteCloser, tty bool, resizeChan <-chan remotecommand.TerminalSize) error
ExecContainer prepares a streaming endpoint to execute a command in the container.
func (*Runtime) ExecSyncContainer ¶
func (r *Runtime) ExecSyncContainer(ctx context.Context, c *Container, command []string, timeout int64) (*types.ExecSyncResponse, error)
ExecSyncContainer execs a command in a container and returns it's stdout, stderr and return code.
func (*Runtime) GetContainerMinMemory ¶
GetContainerMinMemory returns the minimum memory for a container for a given runtime handler.
func (*Runtime) PauseContainer ¶
PauseContainer pauses a container.
func (*Runtime) PlatformRuntimePath ¶
PlatformRuntimePath returns the runtime path for a given platform.
func (*Runtime) PortForwardContainer ¶
func (r *Runtime) PortForwardContainer(ctx context.Context, c *Container, netNsPath string, port int32, stream io.ReadWriteCloser) error
PortForwardContainer forwards the specified port provides statistics of a container.
func (*Runtime) PrivilegedWithoutHostDevices ¶
PrivilegedWithoutHostDevices returns a boolean value configured for the runtimeHandler indicating if devices on the host are passed/not passed to a container running as privileged.
func (*Runtime) ReopenContainerLog ¶
ReopenContainerLog reopens the log file of a container.
func (*Runtime) RestoreContainer ¶
func (r *Runtime) RestoreContainer(ctx context.Context, c *Container, cgroupParent, mountLabel string) error
RestoreContainer restores a container.
func (*Runtime) RuntimeImpl ¶
func (r *Runtime) RuntimeImpl(c *Container) (RuntimeImpl, error)
RuntimeImpl returns the runtime implementation for a given container
func (*Runtime) RuntimeSupportsIDMap ¶
RuntimeSupportsIDMap returns whether the runtime of runtimeHandler supports the "runtime features" command, and that the output of that command advertises IDMapped mounts as an option
func (*Runtime) RuntimeSupportsRROMounts ¶
RuntimeSupportsRROMounts returns whether the runtime of runtimeHandler supports the "runtime features" command and that the output advertises support for the Recursive Read-only (RRO) mount as an option.
func (*Runtime) RuntimeType ¶
RuntimeType returns the type of runtimeHandler This is needed when callers need to do specific work for oci vs vm containers, like monitor an oci container's conmon.
func (*Runtime) SignalContainer ¶
SignalContainer sends a signal to a container process.
func (*Runtime) StartContainer ¶
StartContainer starts a container.
func (*Runtime) StopContainer ¶
StopContainer stops a container. Timeout is given in seconds.
func (*Runtime) UnpauseContainer ¶
UnpauseContainer unpauses a container.
func (*Runtime) UpdateContainer ¶
func (r *Runtime) UpdateContainer(ctx context.Context, c *Container, res *rspec.LinuxResources) error
UpdateContainer updates container resources
func (*Runtime) UpdateContainerStatus ¶
UpdateContainerStatus refreshes the status of the container.
func (*Runtime) ValidateRuntimeHandler ¶
func (r *Runtime) ValidateRuntimeHandler(handler string) (*config.RuntimeHandler, error)
ValidateRuntimeHandler returns an error if the runtime handler string provided does not match any valid use case.
type RuntimeImpl ¶
type RuntimeImpl interface { CreateContainer(context.Context, *Container, string, bool) error StartContainer(context.Context, *Container) error ExecContainer(context.Context, *Container, []string, io.Reader, io.WriteCloser, io.WriteCloser, bool, <-chan remotecommand.TerminalSize) error ExecSyncContainer(context.Context, *Container, []string, int64) (*types.ExecSyncResponse, error) UpdateContainer(context.Context, *Container, *rspec.LinuxResources) error StopContainer(context.Context, *Container, int64) error DeleteContainer(context.Context, *Container) error UpdateContainerStatus(context.Context, *Container) error PauseContainer(context.Context, *Container) error UnpauseContainer(context.Context, *Container) error ContainerStats(context.Context, *Container, string) (*cgmgr.CgroupStats, error) SignalContainer(context.Context, *Container, syscall.Signal) error AttachContainer(context.Context, *Container, io.Reader, io.WriteCloser, io.WriteCloser, bool, <-chan remotecommand.TerminalSize) error PortForwardContainer(context.Context, *Container, string, int32, io.ReadWriteCloser) error ReopenContainerLog(context.Context, *Container) error CheckpointContainer(context.Context, *Container, *rspec.Spec, bool) error RestoreContainer(context.Context, *Container, string, string) error }
RuntimeImpl is an interface used by the caller to interact with the container runtime. The purpose of this interface being to abstract implementations and their associated assumptions regarding the way to interact with containers. This will allow for new implementations of this interface, especially useful for the case of VM based container runtimes. Assumptions based on the fact that a container process runs on the host will be limited to the RuntimeOCI implementation.
type StoreFilter ¶
StoreFilter defines a function to filter container in the store.
type StoreReducer ¶
type StoreReducer func(*Container)
StoreReducer defines a function to manipulate containers in the store