diff options
Diffstat (limited to 'shim/v1')
| -rw-r--r-- | shim/v1/BUILD | 10 | ||||
| -rw-r--r-- | shim/v1/README.md | 14 | ||||
| -rw-r--r-- | shim/v1/api.go | 24 | ||||
| -rw-r--r-- | shim/v1/main.go | 38 |
4 files changed, 53 insertions, 33 deletions
diff --git a/shim/v1/BUILD b/shim/v1/BUILD index 3a863ecbb..7b837630c 100644 --- a/shim/v1/BUILD +++ b/shim/v1/BUILD @@ -6,28 +6,26 @@ package(licenses = ["notice"]) go_binary( name = "gvisor-containerd-shim", srcs = [ + "api.go", "config.go", "main.go", ], - pure = True, + static = True, visibility = [ "//visibility:public", ], deps = [ "//pkg/shim/runsc", "//pkg/shim/v1/shim", - "//pkg/shim/v2", "@com_github_burntsushi_toml//:go_default_library", "@com_github_containerd_containerd//events:go_default_library", "@com_github_containerd_containerd//namespaces:go_default_library", - "@com_github_containerd_containerd//runtime/v1/linux/proc:go_default_library", - "@com_github_containerd_containerd//runtime/v1/shim:go_default_library", "@com_github_containerd_containerd//runtime/v1/shim/v1:go_default_library", - "@com_github_containerd_containerd//runtime/v2/shim:go_default_library", + "@com_github_containerd_containerd//sys:go_default_library", + "@com_github_containerd_containerd//sys/reaper:go_default_library", "@com_github_containerd_ttrpc//:go_default_library", "@com_github_containerd_typeurl//:go_default_library", "@com_github_gogo_protobuf//types:go_default_library", - "@com_github_opencontainers_runc//libcontainer/system:go_default_library", "@org_golang_x_sys//unix:go_default_library", ], ) diff --git a/shim/v1/README.md b/shim/v1/README.md index fcdf3ad77..7aa4513a1 100644 --- a/shim/v1/README.md +++ b/shim/v1/README.md @@ -29,15 +29,15 @@ sudo systemctl restart containerd ## Shim Confguration -The shim configuration is stored in `/etc/containerd/runsc.toml`. The +The shim configuration is stored in `/etc/containerd/runsc.toml`. The configuration file supports two values. -* `runc_shim`: The path to the runc shim. This is used by - `gvisor-containerd-shim` to run standard containers. +* `runc_shim`: The path to the runc shim. This is used by + `gvisor-containerd-shim` to run standard containers. -* `runsc_config`: This is a set of key/value pairs that are converted into - `runsc` command line flags. You can learn more about which flags are available - by running `runsc flags`. +* `runsc_config`: This is a set of key/value pairs that are converted into + `runsc` command line flags. You can learn more about which flags are + available by running `runsc flags`. For example, a configuration might look as follows: @@ -46,5 +46,5 @@ runc_shim = "/usr/local/bin/containerd-shim" [runsc_config] platform = "kvm" debug = true -debug-log = /var/log/%ID%/gvisor.log +debug-log = /var/log/%ID%/gvisor/ ``` diff --git a/shim/v1/api.go b/shim/v1/api.go new file mode 100644 index 000000000..2444d23f1 --- /dev/null +++ b/shim/v1/api.go @@ -0,0 +1,24 @@ +// Copyright 2018 The containerd Authors. +// Copyright 2019 The gVisor Authors. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// https://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package main + +import ( + shim "github.com/containerd/containerd/runtime/v1/shim/v1" +) + +type KillRequest = shim.KillRequest + +var registerShimService = shim.RegisterShimService diff --git a/shim/v1/main.go b/shim/v1/main.go index 43deee858..3159923af 100644 --- a/shim/v1/main.go +++ b/shim/v1/main.go @@ -32,13 +32,11 @@ import ( "github.com/containerd/containerd/events" "github.com/containerd/containerd/namespaces" - "github.com/containerd/containerd/runtime/v1/linux/proc" - containerdshim "github.com/containerd/containerd/runtime/v1/shim" - shimapi "github.com/containerd/containerd/runtime/v1/shim/v1" + "github.com/containerd/containerd/sys" + "github.com/containerd/containerd/sys/reaper" "github.com/containerd/ttrpc" "github.com/containerd/typeurl" - ptypes "github.com/gogo/protobuf/types" - "github.com/opencontainers/runc/libcontainer/system" + "github.com/gogo/protobuf/types" "golang.org/x/sys/unix" "gvisor.dev/gvisor/pkg/shim/runsc" @@ -56,17 +54,17 @@ var ( shimConfigFlag string ) +// Containerd defaults to runc, unless another runtime is explicitly specified. +// We keep the same default to make the default behavior consistent. +const defaultRoot = "/run/containerd/runc" + func init() { flag.BoolVar(&debugFlag, "debug", false, "enable debug output in logs") flag.StringVar(&namespaceFlag, "namespace", "", "namespace that owns the shim") flag.StringVar(&socketFlag, "socket", "", "abstract socket path to serve") flag.StringVar(&addressFlag, "address", "", "grpc address back to main containerd") flag.StringVar(&workdirFlag, "workdir", "", "path used to storge large temporary data") - - // Containerd default to runc, unless another runtime is explicitly - // specified. We keep the same default to make the default behavior - // consistent. - flag.StringVar(&runtimeRootFlag, "runtime-root", proc.RuncRoot, "root directory for the runtime") + flag.StringVar(&runtimeRootFlag, "runtime-root", defaultRoot, "root directory for the runtime") // Currently, the `containerd publish` utility is embedded in the // daemon binary. The daemon invokes `containerd-shim @@ -148,7 +146,7 @@ func executeShim() error { if err != nil { return err } - shimapi.RegisterShimService(server, sv) + registerShimService(server, sv) if err := serve(server, socketFlag); err != nil { return err } @@ -191,10 +189,10 @@ func setupSignals() (chan os.Signal, error) { signal.Notify(signals, unix.SIGTERM, unix.SIGINT, unix.SIGCHLD, unix.SIGPIPE) // make sure runc is setup to use the monitor for waiting on processes. // TODO(random-liu): Move shim/reaper.go to a separate package. - runsc.Monitor = containerdshim.Default + runsc.Monitor = reaper.Default // Set the shim as the subreaper for all orphaned processes created by // the container. - if err := system.SetSubreaper(1); err != nil { + if err := unix.Prctl(unix.PR_SET_CHILD_SUBREAPER, 1, 0, 0, 0); err != nil { return nil, err } return signals, nil @@ -213,21 +211,21 @@ func handleSignals(signals chan os.Signal, server *ttrpc.Server, sv *shim.Servic case s := <-signals: switch s { case unix.SIGCHLD: - if err := containerdshim.Reap(); err != nil { - log.Printf("reap exit status: %v") + if _, err := sys.Reap(false); err != nil { + log.Printf("reap error: %v", err) } case unix.SIGTERM, unix.SIGINT: go termOnce.Do(func() { ctx := context.TODO() if err := server.Shutdown(ctx); err != nil { - log.Printf("failed to shutdown server: %v") + log.Printf("failed to shutdown server: %v", err) } // Ensure our child is dead if any. - sv.Kill(ctx, &shimapi.KillRequest{ + sv.Kill(ctx, &KillRequest{ Signal: uint32(syscall.SIGKILL), All: true, }) - sv.Delete(context.Background(), &ptypes.Empty{}) + sv.Delete(context.Background(), &types.Empty{}) close(done) }) case unix.SIGPIPE: @@ -252,11 +250,11 @@ func (l *remoteEventsPublisher) Publish(ctx context.Context, topic string, event } cmd := exec.CommandContext(ctx, containerdBinaryFlag, "--address", l.address, "publish", "--topic", topic, "--namespace", ns) cmd.Stdin = bytes.NewReader(data) - c, err := containerdshim.Default.Start(cmd) + c, err := reaper.Default.Start(cmd) if err != nil { return err } - status, err := containerdshim.Default.Wait(cmd, c) + status, err := reaper.Default.Wait(cmd, c) if err != nil { return fmt.Errorf("failed to publish event: %w", err) } |