github/containerd
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases 2 Wiki Activity

Fix ctr run for Windows containers

Browse Source 
1. Fixes bugs in ctr run that were introduced by 1d9b969
2. Adds support for the --isolated flag that runs Windows HyperV
cotainers instead of process isolated containers on Windows.

Signed-off-by: Justin Terry (VM) <juterry@microsoft.com>
This commit is contained in:
Justin Terry (VM) 2018-09-20 10:38:03 -07:00
parent 7768ab1b5e
commit 547bb94e4b
4 changed files with 74 additions and 37 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
cmd/ctr/commands/run/run.go
View File

@ -106,6 +106,10 @@ var Command = cli.Command{
Name: "fifo-dir", Name: "fifo-dir",
Usage: "directory used for storing IO FIFOs", Usage: "directory used for storing IO FIFOs",
}, },
cli.BoolFlag{
Name: "isolated",
Usage: "run the container with vm isolation",
},
}, append(commands.SnapshotterFlags, commands.ContainerFlags...)...), }, append(commands.SnapshotterFlags, commands.ContainerFlags...)...),
Action: func(context *cli.Context) error { Action: func(context *cli.Context) error {
var ( var (

75
cmd/ctr/commands/run/run_windows.go
View File

@ -30,32 +30,60 @@ import (
// NewContainer creates a new container // NewContainer creates a new container
func NewContainer(ctx gocontext.Context, client *containerd.Client, context *cli.Context) (containerd.Container, error) { func NewContainer(ctx gocontext.Context, client *containerd.Client, context *cli.Context) (containerd.Container, error) {
var (
id string
opts []oci.SpecOpts
cOpts []containerd.NewContainerOpts
spec containerd.NewContainerOpts
config = context.IsSet("config")
)
if config {
id = context.Args().First()
opts = append(opts, oci.WithSpecFromFile(context.String("config")))
} else {
var ( var (
ref = context.Args().First() ref = context.Args().First()
id = context.Args().Get(1)
args = context.Args()[2:] args = context.Args()[2:]
) )
id = context.Args().Get(1)
snapshotter := context.String("snapshotter")
if snapshotter == "windows-lcow" {
opts = append(opts, oci.WithDefaultSpecForPlatform("linux/amd64"))
// Clear the rootfs section.
opts = append(opts, oci.WithRootFSPath(""))
} else {
opts = append(opts, oci.WithDefaultSpec())
}
opts = append(opts, oci.WithEnv(context.StringSlice("env")))
opts = append(opts, withMounts(context))
image, err := client.GetImage(ctx, ref) image, err := client.GetImage(ctx, ref)
if err != nil { if err != nil {
return nil, err return nil, err
} }
unpacked, err := image.IsUnpacked(ctx, snapshotter)
var ( if err != nil {
opts []oci.SpecOpts return nil, err
cOpts []containerd.NewContainerOpts }
spec containerd.NewContainerOpts if !unpacked {
) if err := image.Unpack(ctx, snapshotter); err != nil {
return nil, err
if context.IsSet("config") { }
opts = append(opts, oci.WithSpecFromFile(context.String("config")))
} else {
opts = append(opts, oci.WithDefaultSpec())
} }
opts = append(opts, oci.WithImageConfig(image)) opts = append(opts, oci.WithImageConfig(image))
opts = append(opts, oci.WithEnv(context.StringSlice("env"))) cOpts = append(cOpts, containerd.WithImage(image))
opts = append(opts, withMounts(context)) cOpts = append(cOpts, containerd.WithSnapshotter(snapshotter))
cOpts = append(cOpts, containerd.WithNewSnapshot(id, image))
if len(args) > 0 {
opts = append(opts, oci.WithProcessArgs(args...))
}
if cwd := context.String("cwd"); cwd != "" {
opts = append(opts, oci.WithProcessCwd(cwd))
}
if context.Bool("tty") { if context.Bool("tty") {
opts = append(opts, oci.WithTTY) opts = append(opts, oci.WithTTY)
@ -66,22 +94,17 @@ func NewContainer(ctx gocontext.Context, client *containerd.Client, context *cli
} }
opts = append(opts, oci.WithTTYSize(int(size.Width), int(size.Height))) opts = append(opts, oci.WithTTYSize(int(size.Width), int(size.Height)))
} }
if context.Bool("isolated") {
opts = append(opts, oci.WithWindowsHyperV)
}
}
if len(args) > 0 { cOpts = append(cOpts, containerd.WithContainerLabels(commands.LabelArgs(context.StringSlice("label"))))
opts = append(opts, oci.WithProcessArgs(args...)) cOpts = append(cOpts, containerd.WithRuntime(context.String("runtime"), nil))
}
if cwd := context.String("cwd"); cwd != "" {
opts = append(opts, oci.WithProcessCwd(cwd))
}
var s specs.Spec var s specs.Spec
spec = containerd.WithSpec(&s, opts...) spec = containerd.WithSpec(&s, opts...)
cOpts = append(cOpts, containerd.WithContainerLabels(commands.LabelArgs(context.StringSlice("label"))))
cOpts = append(cOpts, containerd.WithImage(image))
cOpts = append(cOpts, containerd.WithSnapshotter(context.String("snapshotter")))
cOpts = append(cOpts, containerd.WithNewSnapshot(id, image))
cOpts = append(cOpts, containerd.WithRuntime(context.String("runtime"), nil))
cOpts = append(cOpts, spec) cOpts = append(cOpts, spec)
return client.NewContainer(ctx, id, cOpts...) return client.NewContainer(ctx, id, cOpts...)

11
oci/spec_opts.go
View File

@ -1011,3 +1011,14 @@ var WithPrivileged = Compose(
WithApparmorProfile(""), WithApparmorProfile(""),
WithSeccompUnconfined, WithSeccompUnconfined,
) )
// WithWindowsHyperV sets the Windows.HyperV section for HyperV isolation of containers.
func WithWindowsHyperV(_ context.Context, _ Client, _ *containers.Container, s *Spec) error {
if s.Windows == nil {
s.Windows = &specs.Windows{}
}
if s.Windows.HyperV == nil {
s.Windows.HyperV = &specs.WindowsHyperV{}
}
return nil
}

1
runtime/v2/runhcs/service.go
View File

@ -49,7 +49,6 @@ import (
) )
const ( const (
runhcsBinary = "runhcs"
runhcsShimVersion = "0.0.1" runhcsShimVersion = "0.0.1"
) )