Fix ctr run for Windows containers
1. Fixes bugs in ctr run that were introduced by 1d9b969
2. Adds support for the --isolated flag that runs Windows HyperV
cotainers instead of process isolated containers on Windows.
Signed-off-by: Justin Terry (VM) <juterry@microsoft.com>
This commit is contained in:
Justin Terry (VM)
parent
7768ab1b5e
commit
547bb94e4b
@ -106,6 +106,10 @@ var Command = cli.Command{
|
||||
Name: "fifo-dir",
|
||||
Usage: "directory used for storing IO FIFOs",
|
||||
},
|
||||
cli.BoolFlag{
|
||||
Name: "isolated",
|
||||
Usage: "run the container with vm isolation",
|
||||
},
|
||||
}, append(commands.SnapshotterFlags, commands.ContainerFlags...)...),
|
||||
Action: func(context *cli.Context) error {
|
||||
var (
|
||||
|
||||
@ -30,32 +30,60 @@ import (
|
||||
|
||||
// NewContainer creates a new container
|
||||
func NewContainer(ctx gocontext.Context, client *containerd.Client, context *cli.Context) (containerd.Container, error) {
|
||||
var (
|
||||
id string
|
||||
opts []oci.SpecOpts
|
||||
cOpts []containerd.NewContainerOpts
|
||||
spec containerd.NewContainerOpts
|
||||
|
||||
config = context.IsSet("config")
|
||||
)
|
||||
|
||||
if config {
|
||||
id = context.Args().First()
|
||||
opts = append(opts, oci.WithSpecFromFile(context.String("config")))
|
||||
} else {
|
||||
var (
|
||||
ref = context.Args().First()
|
||||
id = context.Args().Get(1)
|
||||
args = context.Args()[2:]
|
||||
)
|
||||
|
||||
id = context.Args().Get(1)
|
||||
snapshotter := context.String("snapshotter")
|
||||
if snapshotter == "windows-lcow" {
|
||||
opts = append(opts, oci.WithDefaultSpecForPlatform("linux/amd64"))
|
||||
// Clear the rootfs section.
|
||||
opts = append(opts, oci.WithRootFSPath(""))
|
||||
} else {
|
||||
opts = append(opts, oci.WithDefaultSpec())
|
||||
}
|
||||
opts = append(opts, oci.WithEnv(context.StringSlice("env")))
|
||||
opts = append(opts, withMounts(context))
|
||||
|
||||
image, err := client.GetImage(ctx, ref)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
var (
|
||||
opts []oci.SpecOpts
|
||||
cOpts []containerd.NewContainerOpts
|
||||
spec containerd.NewContainerOpts
|
||||
)
|
||||
|
||||
if context.IsSet("config") {
|
||||
opts = append(opts, oci.WithSpecFromFile(context.String("config")))
|
||||
} else {
|
||||
opts = append(opts, oci.WithDefaultSpec())
|
||||
unpacked, err := image.IsUnpacked(ctx, snapshotter)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
if !unpacked {
|
||||
if err := image.Unpack(ctx, snapshotter); err != nil {
|
||||
return nil, err
|
||||
}
|
||||
}
|
||||
|
||||
opts = append(opts, oci.WithImageConfig(image))
|
||||
opts = append(opts, oci.WithEnv(context.StringSlice("env")))
|
||||
opts = append(opts, withMounts(context))
|
||||
cOpts = append(cOpts, containerd.WithImage(image))
|
||||
cOpts = append(cOpts, containerd.WithSnapshotter(snapshotter))
|
||||
cOpts = append(cOpts, containerd.WithNewSnapshot(id, image))
|
||||
|
||||
if len(args) > 0 {
|
||||
opts = append(opts, oci.WithProcessArgs(args...))
|
||||
}
|
||||
if cwd := context.String("cwd"); cwd != "" {
|
||||
opts = append(opts, oci.WithProcessCwd(cwd))
|
||||
}
|
||||
if context.Bool("tty") {
|
||||
opts = append(opts, oci.WithTTY)
|
||||
|
||||
@ -66,22 +94,17 @@ func NewContainer(ctx gocontext.Context, client *containerd.Client, context *cli
|
||||
}
|
||||
opts = append(opts, oci.WithTTYSize(int(size.Width), int(size.Height)))
|
||||
}
|
||||
if context.Bool("isolated") {
|
||||
opts = append(opts, oci.WithWindowsHyperV)
|
||||
}
|
||||
}
|
||||
|
||||
if len(args) > 0 {
|
||||
opts = append(opts, oci.WithProcessArgs(args...))
|
||||
}
|
||||
if cwd := context.String("cwd"); cwd != "" {
|
||||
opts = append(opts, oci.WithProcessCwd(cwd))
|
||||
}
|
||||
cOpts = append(cOpts, containerd.WithContainerLabels(commands.LabelArgs(context.StringSlice("label"))))
|
||||
cOpts = append(cOpts, containerd.WithRuntime(context.String("runtime"), nil))
|
||||
|
||||
var s specs.Spec
|
||||
spec = containerd.WithSpec(&s, opts...)
|
||||
|
||||
cOpts = append(cOpts, containerd.WithContainerLabels(commands.LabelArgs(context.StringSlice("label"))))
|
||||
cOpts = append(cOpts, containerd.WithImage(image))
|
||||
cOpts = append(cOpts, containerd.WithSnapshotter(context.String("snapshotter")))
|
||||
cOpts = append(cOpts, containerd.WithNewSnapshot(id, image))
|
||||
cOpts = append(cOpts, containerd.WithRuntime(context.String("runtime"), nil))
|
||||
cOpts = append(cOpts, spec)
|
||||
|
||||
return client.NewContainer(ctx, id, cOpts...)
|
||||
|
||||
@ -1011,3 +1011,14 @@ var WithPrivileged = Compose(
|
||||
WithApparmorProfile(""),
|
||||
WithSeccompUnconfined,
|
||||
)
|
||||
|
||||
// WithWindowsHyperV sets the Windows.HyperV section for HyperV isolation of containers.
|
||||
func WithWindowsHyperV(_ context.Context, _ Client, _ *containers.Container, s *Spec) error {
|
||||
if s.Windows == nil {
|
||||
s.Windows = &specs.Windows{}
|
||||
}
|
||||
if s.Windows.HyperV == nil {
|
||||
s.Windows.HyperV = &specs.WindowsHyperV{}
|
||||
}
|
||||
return nil
|
||||
}
|
||||
|
||||
@ -49,7 +49,6 @@ import (
|
||||
)
|
||||
|
||||
const (
|
||||
runhcsBinary = "runhcs"
|
||||
runhcsShimVersion = "0.0.1"
|
||||
)
|
||||
|
||||
|
||||
Loading…
Reference in New Issue
Block a user