* bump containerd-dev to 2.0.2
Signed-off-by: Avi Deitcher <avi@deitcher.net>
* update pkg/init libs to containerd-20
Signed-off-by: Avi Deitcher <avi@deitcher.net>
* bump linuxkit CLI containerd deps to 20
Signed-off-by: Avi Deitcher <avi@deitcher.net>
* update test/pkg/containerd to work with containerd v2.x tests
Signed-off-by: Avi Deitcher <avi@deitcher.net>
* update containerd-dev deps
Signed-off-by: Avi Deitcher <avi@deitcher.net>
* update pkg/init and pkg/containerd dependencies
Signed-off-by: Avi Deitcher <avi@deitcher.net>
* update test/pkg/containerd deps
Signed-off-by: Avi Deitcher <avi@deitcher.net>
---------
Signed-off-by: Avi Deitcher <avi@deitcher.net>
cgroups v2 has been out since 2015. Not having
to set a kernel parameter helps improve the user
experience by not requiring it when it is required
by services in a build. Making this the default was
discussed back in 2021.
Signed-off-by: Jacob Weinstock <jakobweinstock@gmail.com>
These are easier to create than cgroupv1 cgroups as they are only a
single mkdir.
Detect which mode we are in by looking for the presence of the
cgroupv2-only cgroup.controllers file.
Signed-off-by: David Scott <dave@recoil.org>
NOTE: This will be a shared mount, due to root being turned into a
shared with `MC_REC` set: `mount("", "/", "", rec|shared, "")`.
For some reason setting `shared` when mounting `/sys/fs/bpf` doesn't
work at all, perhaps that's just a kernel feature.
Signed-off-by: Ilya Dmitrichenko <errordeveloper@gmail.com>
- use the mkimage hashes that we had in LinuxKit as more up to date than tool.
- update docs
- move the code from moby under src/cmd/linuxkit
Signed-off-by: Justin Cormack <justin@specialbusservice.com>
When logging directly to files (the not-using-memlogd case) the onboot
services must log to /run/log because /var/log might be overmounted
by a persistent disk. Therefore we create a symlink at the end of
the onboot section.
When logging via memlogd, all logs are buffered until a logwrite service
starts, so no symlink is needed.
Signed-off-by: David Scott <dave.scott@docker.com>
If external logging is enabled, this patch sets the stdout and stderr
of the `runc` invocations to one end of a socketpair and the other end is
sent to the logging service. Otherwise we log to files as before.
Signed-off-by: David Scott <dave.scott@docker.com>
An external logging system exists if the socket
/var/run/linuxkit-external-logging.sock
exists.
If an external logging system is enabled then create FIFOs for
containerd and send the other end of the FIFOs to the logging service.
Otherwise use /var/log files as before.
Signed-off-by: David Scott <dave.scott@docker.com>
Since we are building containerd v1.1.0 with go 1.10 (as it requires) to the
same for init and runc too for consistency. In the case of init it is actually
required since we use the containerd client library there.
The subreaper interfaces have been removed from containerd and replaced with a
similar interface in runc/libcontainer, update init to use that now.
Signed-off-by: Ian Campbell <ijc@docker.com>
This is similar to ae64ab6b82 from #2849 which
did the same for runtime.mkdir.
This makes it possible to specify both host (absolute) or container (relative)
paths.
Signed-off-by: Ian Campbell <ijc@docker.com>
This PR correctly plumbs a single context to propagate the containerd
namespace to the necessary commands. Services launched with containerd
after this change will now be in a default namespace of
`services.linuxkit`.
A top-level flag is added to the service command,
`--containerd-namespace` which can be used to change, if needed.
Signed-off-by: Stephen J Day <stephen.day@docker.com>
Use unix.Reboot from golang.org/x/sys/unix for poweroff and reboot
instead of relying on external commands.
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
Implements https://github.com/moby/tool/pull/181
Design for things like Kubernetes setup that requires some cgroups to
exist when the service starts but it is not running in these, other
services are, so there would be a race if they are not created in each.
Essentially it is just a sugared `mkdir` in all the cgroup dirs.
Signed-off-by: Justin Cormack <justin.cormack@docker.com>
golint on pkg/init now complains:
golint...
./init.go:199:2: redundant if ...; err != nil check, just return error instead.
Resulting in a change which doesn't seem like an improvement to me.
Signed-off-by: Ian Campbell <ijc@docker.com>
This removes more shell scripts to improve maintainability.
This now also works correctly in userspace, so it can be used for
running LinuxKit images in Docker and other such use cases.
It is a literal conversion of the shell scripts with a few small
tweaks.
Signed-off-by: Justin Cormack <justin.cormack@docker.com>
Previously we would pass the path `/var/log/service.log` for both
stdout and stderr to containerd. containerd would construct a dict
with the paths as keys[1] and, due to the duplicate key, would only
open one of the files and start one `io.Copy` instance. Writes to
the other stream would be buffered by the pipe connected to
containerd-shim and would eventually block.
If we modified containerd to open the file twice and start 2
`io.Copy` instances, we would end up with the two streams interleaved
together. It seems cleaner to keep the streams separate; therefore
this patch logs stdout to `/var/log/service.out.log` and stderr to
`/var/log/service.err.log`.
[1]
49437711c3/linux/shim/io.go (L51)
Signed-off-by: David Scott <dave.scott@docker.com>
This removes all the code that had knowledge of how to do read only
and read write container mounts, and just uses the runtime config.
Signed-off-by: Justin Cormack <justin.cormack@docker.com>
