Runtime configure shim #41182
Runtime configure shim #41182
Conversation
There was a problem hiding this comment.
Note here I did not carry through with this custom runtime root path either since it doesn't really seem necessary.
daemon/runtime_unix.go
Outdated
There was a problem hiding this comment.
Why not just use containerd runtime name?
There was a problem hiding this comment.
I did this because we provide our own configuration... but maybe it's not needed.
There was a problem hiding this comment.
FYI this code moved in my last push, but is currently unchanged.
There was a problem hiding this comment.
Let's just use containerd names to avoid confusion.
1f0ef3d to
32065d5
Compare
daemon/runtime_unix.go
Outdated
There was a problem hiding this comment.
You mean: why a script? I recall there was a discussion about that in #37978 (comment)
There was a problem hiding this comment.
This is old code, I just moved it out of a huge file to group it with other runtime code.
It's here because containerd does not accept extra arguments passed to the oci runtime.
There was a problem hiding this comment.
Unrelated to this PR but we should do a validation of the permissions of this path every time it is used. Otherwise, this looks quite scary.
daemon/config/config.go
Outdated
There was a problem hiding this comment.
Should we rename to Default ? (and deprecate the old one?)
7354d8c to
794c66d
Compare
|
@AkihiroSuda @tonistiigi PTAL |
794c66d to
481ec2b
Compare
|
Updated this to add deprecation warnings for the v1 runtime. Re: naming the runtimes The containerd names are confusing. I'm not sure if it's good to use them or not. Just thinking about it. |
481ec2b to
99ea6b9
Compare
Signed-off-by: Brian Goff <cpuguy83@gmail.com>
d9d5945 to
dfb02f4
Compare
|
Tests are all green now, at least. |
Legacy shim doesn't have version. Both runc.v1 and runc.v2 are shimv2 lol |
|
My concern is that runc.v1 with the com.docker. prefix is shim API v1... |
|
Yeah, perhaps I should just use the containerd shim names as the runtime name. |
In dockerd we already have a concept of a "runtime", which specifies the OCI runtime to use (e.g. runc). This PR extends that config to add containerd shim configuration. This option is only exposed within the daemon itself (cannot be configured in daemon.json). This is due to issues in supporting unknown shims which will require more design work. What this change allows us to do is keep all the runtime config in one place. So the default "runc" runtime will just have it's already existing shim config codified within the runtime config alone. I've also added 2 more "stock" runtimes which are basically runc+shimv1 and runc+shimv2. These new runtime configurations are: - io.containerd.runtime.v1.linux - runc + v1 shim using the V1 shim API - io.containerd.runc.v2 - runc + shim v2 These names coincide with the actual names of the containerd shims. This allows the user to essentially control what shim is going to be used by either specifying these as a `--runtime` on container create or by setting `--default-runtime` on the daemon. For custom/user-specified runtimes, the default shim config (currently shim v1) is used. Signed-off-by: Brian Goff <cpuguy83@gmail.com>
dfb02f4 to
f63f73a
Compare
|
I've updated this to use the shim names as our runtime name. |
|
Looks like this may have introduced a regression (panic when configuring custom runtime); docker/for-linux#1169 |
| if err != nil { | ||
| return errors.Wrap(err, "failed to get temp dir to generate runtime scripts") | ||
| if hostConfig.Runtime == config.LinuxV1RuntimeName || (hostConfig.Runtime == "" && daemon.configStore.DefaultRuntime == config.LinuxV1RuntimeName) { | ||
| warnings = append(warnings, fmt.Sprintf("Configured runtime %q is deprecated and will be removed in the next release.", config.LinuxV1RuntimeName)) |
There was a problem hiding this comment.
We need to add a line to the deprecation log; https://github.com/docker/cli/blob/master/docs/deprecated.md
- What I did
Move all shim config into "runtime" type, and adds 2 new built-in runtimes to allow explicitly switching from runc+shimv1 and runc+shimv2
- How I did it
Add a
ShimConfigtype totypes.Runtimewhich stores the shim config.The daemon then uses that instead of having things spread between daemon and libcontainerd, some bool passing, etc.
This option is only exposed internally, i.e. it cannot be set from daemon.json.
This is due to issues being able to support unknown shims which requires knowing types to pass to those shims (e.g. does it need a runc v2 shim config, a runc v1 shim config, or some other entirely different shim).
- How to verify it
Set
--default-runtime=com.docker.runtime.runc.v2, run a container (and/or a plugin), check the process tree and see the container was created with/usr/local/bin/containerd-shim-runc-v2- Description for the changelog
Add support new built-in runtime for using the containerd v2 shim by using the runtime
com.docker.runtime.runc.v2