cli: implement spec command#196
Conversation
c7e05a3 to
b2c2805
Compare
Codecov Report
@@ Coverage Diff @@
## master #196 +/- ##
==========================================
- Coverage 65.33% 65.26% -0.08%
==========================================
Files 73 74 +1
Lines 7709 7730 +21
==========================================
+ Hits 5037 5045 +8
- Misses 2128 2135 +7
- Partials 544 550 +6
Continue to review full report at Codecov.
|
| @@ -0,0 +1,108 @@ | |||
| package main | |||
cli/spec.go
Outdated
| if err != nil { | ||
| return err | ||
| } | ||
| if err := ioutil.WriteFile(specConfig, data, 0666); err != nil { |
There was a problem hiding this comment.
I think runc is using 0666: https://github.com/opencontainers/runc/blob/master/spec.go#L110
But I don't know why, I think 0640 could be enough.
There was a problem hiding this comment.
that's weird
$ docker-runc spec
$ ls -l config.json
-rw-rw-r-- 1 X X 597 Apr 11 10:33 config.json
There was a problem hiding this comment.
Yes, let's do better than runc here, 0640 will be enough.
| Usage: "generate a configuration for a rootless container", | ||
| }, | ||
| }, | ||
| Action: func(context *cli.Context) error { |
cli/spec.go
Outdated
| cli.BoolFlag{ | ||
| Name: "rootless", | ||
| Usage: "generate a configuration for a rootless container", | ||
| }, |
There was a problem hiding this comment.
I'm not sure if we can support "rootless" container in kata in future, as I know this is a runc feature that allows you to run a container without root privilege.
This flag needs to be removed if it's not supported yet.
cli/spec.go
Outdated
| rootless := context.Bool("rootless") | ||
| if rootless { | ||
| specconv.ToRootless(spec) | ||
| } |
There was a problem hiding this comment.
This part needs to be removed if rootless container isn't supported yet
|
I'm wondering if these vendor files added by And thanks for adding spec command, this is useful especially for following runc command line. |
|
Could you add a test case the makes sure we can run a kata container using the default spec? There is an example in runv for creating a busybox bundle that might help you. |
|
@bergwolf Sure. Thanks. I'm working on this. |
2dad24c to
e6e88d1
Compare
|
@WeiZhang555 Vendor updated. |
|
@caoruidong I don't think we can do it in |
|
@bergwolf So I think test_data/Makefile should be moved to https://github.com/kata-containers/tests. |
|
@caoruidong Feel free to use it when adding new tests. I just pointed to the runv tests for your reference. |
|
@devimc PTAL. |
|
@jodh-intel @WeiZhang555 PTAL |
|
@caoruidong rebase please |
|
LGTM after rebase. |
|
Rebased! |
|
Can this be merged? |
jodh-intel
left a comment
There was a problem hiding this comment.
lgtm. I'd better update kata-containers/documentation#48 to remove this limitation... ;)
Update the limitations document to remove the `spec` command limitation (implemented on kata-containers/runtime#196). Signed-off-by: James O. D. Hunt <james.o.hunt@intel.com>
|
Tests fine in stand-alone mode fwiw (using the strategy below for |
|
The only thing stopping the merge is the red codecov reports - if we are happy with that @jodh-intel , then let's merge... |
cli/spec.go
Outdated
| // Copyright (c) 2014,2015,2016,2017 Docker, Inc. | ||
| // Copyright (c) 2018 Huawei Corporation. | ||
| // | ||
| // Licensed under the Apache License, Version 2.0 (the "License"); |
There was a problem hiding this comment.
Ah, I thought the standard for this project (the whole of kata) was the SPDX style copyright like:
https://github.com/kata-containers/runtime/blob/master/cli/fatal.go#L3
but, I note we have some non-SPDX copyright in the code base already, such as:
https://github.com/kata-containers/runtime/blob/master/cli/config.go#L3
@egernst @sboeuf @jodh-intel , thoughts?
And, maybe we can add a static check to catch any future deviations (whichever way we go) to the CI - maybe.
Other than that, this copyright looks correct to me afaict - the original code coming from https://github.com/opencontainers/runc/blob/master/spec.go I believe. That original file does not have an explicit copyright (it relies on the project wide LICENSE file I believe), so I presume we looked at the git logs to get the date range in the above - which I believe is fine and correct.
Maybe we can add a URL reference to that original file just below the copyright to make the historical origins clear?
There was a problem hiding this comment.
btw, if we do all agree on SPDX (which we did I think at project inception, but we probably did not document well enough, and have not always caught transgressions), then I'm happy to Issue/PR to update/fix them all etc.
There was a problem hiding this comment.
Good spot @grahamwhaley! Yep, I agree - we should ensure all our files have the SPDX header where possible.
I've raised kata-containers/tests#240 to add a CI check to enforce this for new / modified files, but would be great to have the existing codebase "SPDX-ified" 😄
|
@grahamwhaley It's green last time... I'll update again. |
Add spec command that generates a basic config.json for kata. fixes kata-containers#188 Signed-off-by: Ruidong Cao <caoruidong@huawei.com> Signed-off-by: Ruidong <caoruidong@huawei.com>
|
yep - let's do this! ;) |
Update the limitations document to remove the `spec` command limitation (implemented on kata-containers/runtime#196). Signed-off-by: James O. D. Hunt <james.o.hunt@intel.com>
agent: Rollback properly when container creation fails
Add spec command that that generates a basic config.json for kata.
fixes #188
Signed-off-by: Ruidong Cao caoruidong@huawei.com