Runtime v2 (shim API)

[crosbymichael]

This implements the shimv2 API proposed in #2426. The tests are using the new io.containerd.oci.v1 runtime under the new TaskManger implementing the v2 APIs.

Runtime v2

Runtime v2 introduces a first class shim API for runtime authors to integrate with containerd.
The shim API is minimal and scoped to the execution lifecycle of a container.

Binary Naming

Users specify the runtime they wish to use when creating a container.
The runtime can also be changed via a container update.

> ctr run --runtime io.containerd.runc.v1

When a user specifies a runtime name, io.containerd.runc.v1, they will specify the name and version of the runtime.
This will be trasnlated by containerd into a binary name for the shim.

io.containerd.runc.v1 -> containerd-shim-runc-v1

containerd keeps the containerd-shim-* prefix so that users can ps aux | grep containerd-shim to see running shims on their system.

Shim Authoring

This section is dedicated to runtime authors wishing to build a shim.
It will detail how the API works and different considerations when building shim.

Commands

Container information is provided to a shim in two ways.
The OCI Runtime Bundle and on the Create rpc request.

start

Each shim MUST implement a start subcommand.
This command will launch new shims.
The start command MUST accept the following flags:

• -namespace the namespace for the container
• -id the id of the container
• -address the address of the containerd's main socket
• -publish-binary the binary path to publish events back to containerd

The start command, as well as all binary calls to the shim, has the bundle for the container set as the cwd.

The start command MUST return an address to a shim for containerd to issue API requests for container operations.

The start command can either start a new shim or return an address to an existing shim based on the shim's logic.

delete

Each shim MUST implement a delete subcommand.
This command allows containerd to delete any container resources created, mounted, and/or run by a shim when containerd can no longer communicate over rpc.
This happens if a shim is SIGKILL'd with a running container.
These resources will need to be cleaned up when containerd looses the connection to a shim.
This is also used when containerd boots and reconnects to shims.
If a bundle is still on disk but containerd cannot connect to a shim, the delete command is invoked.

The delete command MUST accept the following flags:

• -namespace the namespace for the container
• -id the id of the container
• -address the address of the containerd's main socket
• -publish-binary the binary path to publish events back to containerd

The delete command will be executed in the container's bundle as its cwd.

Host Level Shim Configuration

containerd does not provide any host level configuration for shims via the API.
If a shim needs configuration from the user with host level information across all instances, a shim specific configuration file can be setup.

Container Level Shim Configuration

On the create request, there is a generic *protobuf.Any that allows a user to specify container level configuration for the shim.

message CreateTaskRequest {
	string id = 1;
	...
	google.protobuf.Any options = 10;
}

A shim author can create their own protobuf message for configuration and clients can import and provide this information is needed.

I/O

I/O for a container is provided by the client to the shim via fifo on Linux, named pipes on Windows, or log files on disk.
The paths to these files are provided on the Create rpc for the initial creation and on the Exec rpc for additional processes.

message CreateTaskRequest {
	string id = 1;
	bool terminal = 4;
	string stdin = 5;
	string stdout = 6;
	string stderr = 7;
}

message ExecProcessRequest {
	string id = 1;
	string exec_id = 2;
	bool terminal = 3;
	string stdin = 4;
	string stdout = 5;
	string stderr = 6;
}

Containers that are to be launched with an interactive terminal will have the terminal field set to true, data is still copied over the files(fifos,pipes) in the same way as non interactive containers.

Root Filesystems

The root filesytems for the containers is provided by on the Create rpc.
Shims are responsible for managing the lifecycle of the filesystem mount during the lifecycle of a container.

message CreateTaskRequest {
	string id = 1;
	string bundle = 2;
	repeated containerd.types.Mount rootfs = 3;
	...
}

The mount protobuf message is:

message Mount {
	// Type defines the nature of the mount.
	string type = 1;
	// Source specifies the name of the mount. Depending on mount type, this
	// may be a volume name or a host path, or even ignored.
	string source = 2;
	// Target path in container
	string target = 3;
	// Options specifies zero or more fstab style mount options.
	repeated string options = 4;
}

Shims are responsible for mounting the filesystem into the rootfs/ directory of the bundle.
Shims are also responsible for unmounting of the filesystem.
During a delete binary call, the shim MUST ensure that filesystem is also unmounted.
Filesystems are provided by the containerd snapshotters.

Other

Unsupported rpcs

If a shim does not or cannot implement an rpc call, it MUST return a github.com/containerd/containerd/errdefs.ErrNotImplemented error.

ttrpc

ttrpc is the only currently supported protocol for shims.
It works with standard protobufs and GRPC services as well as generating clients.
The only difference between grpc and ttrpc is the wire protocol.
ttrpc removes the http stack in order to save memory and binary size to keep shims small.
It is recommended to use ttrpc in your shim but grpc support is also in development.

Closes #2426

[stevvooe]

linux

[mlaventure]

Looks good so far, don't have the time to finish goign through it all atm, but I'll try to get another pass at it.

[mlaventure]

linux

[mlaventure]

containerd-shim-oci-v1

[mlaventure]

Not handled anymore?

[crosbymichael]

I looked at the test and it really wasn't testing much, killing the shim then killing the process. I don't think it was a valid test or it was and changed sometime in the past. Felt safe to remove.

[mlaventure]

It checks that the container process (redis) is correctly cleaned up if the shim crash/is sigkilled (e.g. by oom).
It doesn't actually kill the process, it checks that it died.

[crosbymichael]

ok, my bad, i'll fix it. i missed the kill 0

[estesp]

Seems this test is still removed in the latest commit? or did I miss a move somewhere else?

[crosbymichael]

ok, so I researched this more and the test is only valid for v1 when container was still running and didn't have to reconnect to a shim again. The reason is that it sets an exit handler that does the "cleanup on dead shim" code. However, this only runs if the shim process that containerd is doing a waidpid on returns and checks the shim pid.

I think its safe to remove this as it doesn't really work, it only works in the tests because the daemon isn't restarted. If we want to keep it, i can do some refactoring but it will take a little bit of work to make this work across daemon reboots with running shims. I can do that in a followup PR.

[mlaventure]

Makes sense.

I haven't yet got the time to compile and play around with the new API to see how it actually behave.

Having a way to start a "cleanup shim" in such scenario may be a cleaner solution for v2 though (and if that fails, things are left to the user to clean).

[mlaventure]

No timeout / cancel / Sync ? We could end up with several go routine getting the stats on the same task, no?

[crosbymichael]

they are sync'd in the caller, hard to have a timeout for this because under load, collection could be slower

[mlaventure]

oh, right. I missed the waitgroup, my bad.

[mlaventure]

nit, but could we bundle exported variables together?

[mlaventure]

why the separation between the base dir and the last dir in the path?

[crosbymichael]

base should always be created while mkdir should return an exists error if something is already there

[dmcgowan]

What is the reason behind doing them in 2 loops if the remove all happens on error anyway? Also what does it mean if Mkdir returns an exist on the second part, seems odd that it would both return an exists error and delete the directory.

[mlaventure]

cleanup stdin if created?

[mlaventure]

missing cleanup of in/outw

[jterry75]

@crosbymichael - This is a really good start. I can rebase my windows side changes on this and resubmit

[codecov-io]

Codecov Report

Merging #2434 into master will decrease coverage by 0.03%.
The diff coverage is 0%.

@@            Coverage Diff             @@
##           master    #2434      +/-   ##
==========================================
- Coverage   44.76%   44.73%   -0.04%     
==========================================
  Files          92       93       +1     
  Lines        9483     9490       +7     
==========================================
  Hits         4245     4245              
- Misses       4555     4562       +7     
  Partials      683      683

Flag	Coverage Δ
#linux	48.96% <0%> (-0.02%)	⬇️
#windows	41.03% <ø> (ø)	⬆️

Impacted Files	Coverage Δ
sys/reaper.go	0% <ø> (ø)	⬆️
sys/reaper_linux.go	0% <0%> (ø)

---

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 02579c8...d53a96f. Read the comment docs.

[dmcgowan]

wrapping this could be useful, I don't think the message includes the path

[dmcgowan]

Why is this command not given the bundle id anywhere?

[crosbymichael]

its not needed and comes on the Create request

[dmcgowan]

What does this exec with the delete arg intended to do?

[dmcgowan]

Currently name will never be absolute, but is it worth considering a case where name is in the same directory as self but not in the lookup path? In that case the name might be better found at os.Join(os.Dir(self), name). Unless there is a plan here to document setting PATH on containerd for the runtime binary installation location.

[crosbymichael]

i think for now, we say that it must be in PATH. i'll remove this abs code

[ehazlett]

nit: either Wrap or add the ID?

[ehazlett]

Should we return or log this error?

[ehazlett]

include the ID?

[ehazlett]

Do we need to check the StatusUnknown task type or have a runtime.UnknownStatus?

[dmcgowan]

The formatting here is off

[dmcgowan]

Should we add a default case and explanation for not using now?

[dmcgowan]

Should this be trimmed? Also wondering if we should just take the stdout rather than combined output.

You previously expressed that this extra connect could cause some additional time, although mostly negligible. Could we still pass in the socket and if the returned address doesn't match just remove it and create a new connection, or would that end up being even longer?

[dmcgowan]

LGTM

[stevvooe]

I know this isn't popular, but let's document the intent of these fields.

[stevvooe]

It would be good to document what each method does.

[stevvooe]

I don't see anything wildly controversial here. It would be good to document the methods and fields used in GRPC.

[crosbymichael]

@stevvooe I was going to do documentation in a separate PR. I'll take care of proto comments there as well. I wanted to make a document for shim authors, "Building a shim 101"

[Random-Liu]

@crosbymichael Will take a look at this PR tomorrow. Sorry for the delay.

[crosbymichael]

Update the description and added a readme for shim authors.

Runtime v2

Runtime v2 introduces a first class shim API for runtime authors to integrate with containerd.
The shim API is minimal and scoped to the execution lifecycle of a container.

Binary Naming

Users specify the runtime they wish to use when creating a container.
The runtime can also be changed via a container update.

> ctr run --runtime io.containerd.runc.v1

When a user specifies a runtime name, io.containerd.runc.v1, they will specify the name and version of the runtime.
This will be trasnlated by containerd into a binary name for the shim.

io.containerd.runc.v1 -> containerd-shim-runc-v1

containerd keeps the containerd-shim-* prefix so that users can ps aux | grep containerd-shim to see running shims on their system.

Shim Authoring

This section is dedicated to runtime authors wishing to build a shim.
It will detail how the API works and different considerations when building shim.

Commands

Container information is provided to a shim in two ways.
The OCI Runtime Bundle and on the Create rpc request.

start

Each shim MUST implement a start subcommand.
This command will launch new shims.
The start command MUST accept the following flags:

• -namespace the namespace for the container
• -id the id of the container
• -address the address of the containerd's main socket
• -publish-binary the binary path to publish events back to containerd

The start command, as well as all binary calls to the shim, has the bundle for the container set as the cwd.

The start command MUST return an address to a shim for containerd to issue API requests for container operations.

The start command can either start a new shim or return an address to an existing shim based on the shim's logic.

delete

Each shim MUST implement a delete subcommand.
This command allows containerd to delete any container resources created, mounted, and/or run by a shim when containerd can no longer communicate over rpc.
This happens if a shim is SIGKILL'd with a running container.
These resources will need to be cleaned up when containerd looses the connection to a shim.
This is also used when containerd boots and reconnects to shims.
If a bundle is still on disk but containerd cannot connect to a shim, the delete command is invoked.

The delete command MUST accept the following flags:

• -namespace the namespace for the container
• -id the id of the container
• -address the address of the containerd's main socket
• -publish-binary the binary path to publish events back to containerd

The delete command will be executed in the container's bundle as its cwd.

Host Level Shim Configuration

containerd does not provide any host level configuration for shims via the API.
If a shim needs configuration from the user with host level information across all instances, a shim specific configuration file can be setup.

Container Level Shim Configuration

On the create request, there is a generic *protobuf.Any that allows a user to specify container level configuration for the shim.

message CreateTaskRequest {
	string id = 1;
	...
	google.protobuf.Any options = 10;
}

A shim author can create their own protobuf message for configuration and clients can import and provide this information is needed.

I/O

I/O for a container is provided by the client to the shim via fifo on Linux, named pipes on Windows, or log files on disk.
The paths to these files are provided on the Create rpc for the initial creation and on the Exec rpc for additional processes.

message CreateTaskRequest {
	string id = 1;
	bool terminal = 4;
	string stdin = 5;
	string stdout = 6;
	string stderr = 7;
}

message ExecProcessRequest {
	string id = 1;
	string exec_id = 2;
	bool terminal = 3;
	string stdin = 4;
	string stdout = 5;
	string stderr = 6;
}

Containers that are to be launched with an interactive terminal will have the terminal field set to true, data is still copied over the files(fifos,pipes) in the same way as non interactive containers.

Root Filesystems

The root filesytems for the containers is provided by on the Create rpc.
Shims are responsible for managing the lifecycle of the filesystem mount during the lifecycle of a container.

message CreateTaskRequest {
	string id = 1;
	string bundle = 2;
	repeated containerd.types.Mount rootfs = 3;
	...
}

The mount protobuf message is:

message Mount {
	// Type defines the nature of the mount.
	string type = 1;
	// Source specifies the name of the mount. Depending on mount type, this
	// may be a volume name or a host path, or even ignored.
	string source = 2;
	// Target path in container
	string target = 3;
	// Options specifies zero or more fstab style mount options.
	repeated string options = 4;
}

Shims are responsible for mounting the filesystem into the rootfs/ directory of the bundle.
Shims are also responsible for unmounting of the filesystem.
During a delete binary call, the shim MUST ensure that filesystem is also unmounted.
Filesystems are provided by the containerd snapshotters.

Other

Unsupported rpcs

If a shim does not or cannot implement an rpc call, it MUST return a github.com/containerd/containerd/errdefs.ErrNotImplemented error.

ttrpc

ttrpc is the only currently supported protocol for shims.
It works with standard protobufs and GRPC services as well as generating clients.
The only difference between grpc and ttrpc is the wire protocol.
ttrpc removes the http stack in order to save memory and binary size to keep shims small.
It is recommended to use ttrpc in your shim but grpc support is also in development.

[Random-Liu]

The api LGTM overall. One thing is that can we include required events? e.g. TaskExit (required), OOMEvents (optional/required?) etc.

[crosbymichael]

@Random-Liu ok, updated the README with events.

[thaJeztah]

it's merged! 🎉 🙌👏👏