github/containerd
4
0
Fork 0
Code Issues Pull Requests Packages Projects Releases 2 Wiki Activity
9,587 Commits 3 Branches 4 Tags
24cec9be560c44bf7ab3135836ebf9caddbf7c61
Commit Graph

91 Commits

Author SHA1 Message Date
Akihiro Suda
d3aa7ee9f0 Run go fmt with Go 1.17 
The new `go fmt` adds `//go:build` lines (https://golang.org/doc/go1.17#tools).

Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
 2021-08-22 09:31:50 +09:00
Derek McGowan
6f027e38a8 Remove redundant build tags 
Remove build tags which are already implied by the name of the file.
Ensures build tags are used consistently

Signed-off-by: Derek McGowan <derek@mcg.dev>
 2021-08-05 22:27:46 -07:00
Shiming Zhang
45df696bf3 Fix return event publishing error 
Signed-off-by: Shiming Zhang <wzshiming@foxmail.com>
 2021-04-09 11:54:58 +08:00
Samuel Karp
b459209188 Compile for FreeBSD 
Signed-off-by: Samuel Karp <me@samuelkarp.com>
 2020-12-09 00:30:29 -08:00
Samuel Karp
126b35ca43 containerd-shim: use path-based unix socket 
This allows filesystem-based ACLs for configuring access to the socket
of a shim.

Ported from Michael Crosby's similar patch for v2 shims.

Signed-off-by: Samuel Karp <skarp@amazon.com>
 2020-11-11 11:47:47 -08:00
Sebastiaan van Stijn
1b66fecad3 Integrate sys.SetSubreaper, sys.GetSubreaper in sys/reaper package 
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
 2020-05-04 08:44:02 +02:00
Sebastiaan van Stijn
23aab35fdb Remove libcontainer from containerd-shim 
Replace the libcontainer variant with the one in our sys package

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
 2020-05-03 16:53:24 +02:00
Michael Crosby
bee4c1a8a2 Add retry and non-blocking send for exit events 
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
 2019-08-16 13:55:05 +00:00
Michael Crosby
0d27d8f4f2 Unifi reaper logic into package 
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
 2019-08-16 13:55:05 +00:00
Michael Crosby
6601b406b7 Refactor runtime code for code sharing 
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
 2019-07-08 11:47:53 -04:00
Shukui Yang
ec78305c49 Close the inherited socket fd 
containerd-shim has dup the fd 3, and it don't need fd 3 any more.

Signed-off-by: Shukui Yang <keloyangsk@gmail.com>
 2019-06-20 19:35:05 +08:00
Wei Fu
fbb80b9510 containerd-shim: redirect output into stdout fifo 
Redirect is used to make sure that containerd still can read the log of
shim after restart.

Signed-off-by: Wei Fu <fuweid89@gmail.com>
 2019-05-12 23:03:28 +08:00
Lantao Liu
74eb0dc812 Return event publish errors. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2019-04-04 14:55:38 -07:00
Justin Cormack
8be05eb237 Fix freebsd build 
This brings freebsd in line with Darwin, ie it builds, but some parts may not yet
be fully functional. There is now a WIP `runc` port for FreeBSD at
https://github.com/clovertrail/runc/tree/1501-SupportOnFreeBSD so should be able
to test further.

Signed-off-by: Justin Cormack <justin@specialbusservice.com>
 2018-12-16 14:27:42 +00:00
Julia Nedialkova
1d4105cacf Use named pipes for shim logs 
Relating to issue [#2606](https://github.com/containerd/containerd/issues/2606)

Co-authored-by: Oliver Stenbom <ostenbom@pivotal.io>
Co-authored-by: Georgi Sabev <georgethebeatle@gmail.com>
Co-authored-by: Giuseppe Capizzi <gcapizzi@pivotal.io>
Co-authored-by: Danail Branekov <danailster@gmail.com>

Signed-off-by: Oliver Stenbom <ostenbom@pivotal.io>
Signed-off-by: Georgi Sabev <georgethebeatle@gmail.com>
Signed-off-by: Giuseppe Capizzi <gcapizzi@pivotal.io>
Signed-off-by: Danail Branekov <danailster@gmail.com>
 2018-11-16 16:11:43 +02:00
Michael Crosby
da1b5470cd Runtime v2 
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
 2018-07-17 10:21:29 -04:00
Michael Crosby
6a83168157 Update ttrpc to 94dde388801693c54f88a6596f713b51a8 
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
 2018-07-02 15:24:15 -04:00
Michael Crosby
08150bfe76 Update ttrpc for containerd repo 
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
 2018-06-28 09:53:40 -04:00
Evan Hazlett
821c8eaa91 runtime/linux/shim -> runtime/shim 
Signed-off-by: Evan Hazlett <ejhazlett@gmail.com>
 2018-06-06 14:35:06 -04:00
Evan Hazlett
cae94b930d linux -> runtime/linux 
Signed-off-by: Evan Hazlett <ejhazlett@gmail.com>
 2018-05-30 09:23:10 -04:00
Michael Crosby
0bafe236b4 Move reaper under shim package 
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
 2018-05-22 11:38:20 -04:00
Kenfe-Mickael Laventure
3c3a676490 Return a better error message is unix socket path is too long. 
Signed-off-by: Kenfe-Mickael Laventure <mickael.laventure@gmail.com>
 2018-03-30 09:00:02 -07:00
Michael Crosby
1eabab31aa Handle SIGPIPE in shims 
ref: https://github.com/moby/moby/issues/36464

Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
 2018-03-06 12:54:16 -05:00
Kunal Kushwaha
b12c3215a0 Licence header added 
Signed-off-by: Kunal Kushwaha <kushwaha_kunal_v7@lab.ntt.co.jp>
 2018-02-19 10:32:26 +09:00
Michael Crosby
8ee29a17e6 Bump gc threshold to 40% 
Doing tests, this is a better balance for the threshold in reguards to
memory and cpu usage.

Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
 2018-02-02 11:00:34 -05:00
Stephen Day
3fcc52b091 Merge pull request #2055 from stevvooe/aggressive-memory-shim 
cmd/containerd-shim: aggressive memory reclamation
 2018-01-24 16:06:57 -08:00
Stephen J Day
71e9f6dac2 cmd/containerd-shim, reaper: reduce channel allocation 
Signed-off-by: Stephen J Day <stephen.day@docker.com>
 2018-01-24 15:14:08 -08:00
Stephen J Day
0e8f08476c cmd/containerd-shim: aggressive memory reclamation 
To avoid having the shim hold on to too much memory, we've made a few
adjustments to favor more aggressive reclamation of memory from the
operating system. Typically, this would be negligible, on the order of a
few megabytes, but this is impactful when running several containers.

The first fix is to lower the threshold used to determine when to run
the garbage collector. The second runs `runtime/debug.FreeOSMemory` at a
regular interval.

Under test, this result in a sustained memory usage of around 3.7 MB.

Signed-off-by: Stephen J Day <stephen.day@docker.com>
 2018-01-24 14:51:13 -08:00
Phil Estes
f47f6af585 Remove unnecessary subreaper API from sys/ 
Given these same exact functions are both now available in
opencontainers/runc (libcontainer/system) package, and we only use the
`SetSubreaper` today from the shim, there seems to be no reason for
duplication.

Signed-off-by: Phil Estes <estesp@linux.vnet.ibm.com>
 2018-01-23 10:30:29 -05:00
Stephen J Day
2d966df174 cmd/containerd-shim: require unix socket credentials 
Signed-off-by: Stephen J Day <stephen.day@docker.com>
 2017-11-30 20:34:29 -08:00
Stephen J Day
6c416fa3a7 shim: we use ttrpc in the shim now 
Signed-off-by: Stephen J Day <stephen.day@docker.com>
 2017-11-30 12:58:40 -08:00
Michael Crosby
74b3cb3391 Fix exit event handling in shim 
Could issues where when exec processes fail the wait block is not
released.

Second, you could not dump stacks if the reaper loop locks up.

Third, the publisher was not waiting on the correct pid.

Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
 2017-11-28 14:32:06 -05:00
Phil Estes
2556c594ec Merge pull request #1767 from stevvooe/ttrpc-shim 
linux/shim: reduce memory overhead by using ttrpc
 2017-11-28 12:43:41 -05:00
Stephen J Day
5764bf1bad cmd/containerd-shim: set GOMAXPROCS to 2 
The shim doesn't need massive concurrency and a bunch of CPUs to do its
job correctly. We can reduce the number of threads to save memory at
little cost to performance.

Signed-off-by: Stephen J Day <stephen.day@docker.com>
 2017-11-27 13:40:35 -08:00
Stephen J Day
e8f52c35ce linux/shim: reduce memory overhead by using ttrpc 
By replacing grpc with ttrpc, we can reduce total memory runtime
requirements and binary size. With minimal code changes, the shim can
now be controlled by the much lightweight protocol, reducing the total
memory required per container.

When reviewing this change, take particular notice of the generated shim
code.

Signed-off-by: Stephen J Day <stephen.day@docker.com>
 2017-11-22 12:21:48 -08:00
Daniel Nephin
f74862a0dd Add structcheck, unused, and varcheck linters. 
Warn on unused and dead code

Signed-off-by: Daniel Nephin <dnephin@gmail.com>
 2017-11-21 11:14:37 -05:00
Akihiro Suda
7ef4aa5c25 shim: support non-default binary name 
The binary name used for executing "containerd publish" was hard-coded
in the shim code, and hence it did not work with customized daemon
binary name. (e.g. `docker-containerd`)

This commit allows specifying custom daemon binary via `containerd-shim
-containerd-binary ...`.
The daemon invokes this command with `os.Executable()` path.

Signed-off-by: Akihiro Suda <suda.akihiro@lab.ntt.co.jp>
 2017-11-17 22:21:54 +00:00
Stephen J Day
c5022ad92d protobuf: use the gogo/types package for empty 
Signed-off-by: Stephen J Day <stephen.day@docker.com>
 2017-11-15 19:08:54 -08:00
Michael Crosby
a522a6c7ee Add publish subcommand for publishing events 
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
 2017-11-15 11:30:03 -05:00
Michael Crosby
1fe5a251c4 Move Exec creation to init process 
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
 2017-11-13 16:45:25 -05:00
Michael Crosby
13c7c3ef10 Remove urfave cli dep from shim 
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
 2017-11-07 10:51:12 -05:00
Michael Crosby
526d15bd86 Move dial funcs to dialer pkg 
This reduces shim size from 30mb to 18mb

Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
 2017-11-07 10:51:12 -05:00
Michael Crosby
f43b7acfd2 Update files based on go lint 
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
 2017-10-02 10:15:28 -04:00
Michael Crosby
d22160c28e Vendor typeurl package 
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
 2017-09-19 09:43:55 -04:00
Kenfe-Mickael Laventure
1b79170849 linux: Add RuntimeRoot to RuncOptions 
This allow specifying wher the OCI runtime should store its state data.

Signed-off-by: Kenfe-Mickael Laventure <mickael.laventure@gmail.com>
 2017-08-31 14:35:05 -07:00
Kenfe-Mickael Laventure
ab0cb4e756 linux: Honor RuncOptions if set on container 
This also fix the type used for RuncOptions.SystemCgroup, hence introducing
an API break.

Signed-off-by: Kenfe-Mickael Laventure <mickael.laventure@gmail.com>
 2017-08-31 14:35:05 -07:00
Kenfe-Mickael Laventure
3f34c421d3 Add missing "/tasks/exec-started" event topic 
Signed-off-by: Kenfe-Mickael Laventure <mickael.laventure@gmail.com>
 2017-08-29 08:27:44 -07:00
Kenfe-Mickael Laventure
9923a49e97 linux/shim: Kill container upon SIG{TERM,KILL} 
Signed-off-by: Kenfe-Mickael Laventure <mickael.laventure@gmail.com>
 2017-08-29 08:27:44 -07:00
Kenfe-Mickael Laventure
7ac351cdfe Share Dialer and DialAddress between client and shim 
Signed-off-by: Kenfe-Mickael Laventure <mickael.laventure@gmail.com>
 2017-08-11 09:34:29 -07:00
Kenfe-Mickael Laventure
587a811d09 Check credentials when connecting to shim 
NewUnixSocketCredentials was actually never invoked before.

Signed-off-by: Kenfe-Mickael Laventure <mickael.laventure@gmail.com>
 2017-08-11 09:34:29 -07:00