add memory limit, pid info into metric subcommand, since moby also
show them. As blkio read/write IO need more calculation,not add them.
Signed-off-by: Ace-Tang <aceapril@126.com>
The default duration of cpu profile collection in net/http/pprof is 30
seconds. User should have chance to set the specific duration for the
collection.
Signed-off-by: Wei Fu <fuweid89@gmail.com>
The OCI image specification includes a `StopSignal` field in the image
configuration, denoting the system call signal to be sent to the
container to exit. This commit adds a new `WithImageStopSignal` container
option that can be used for storing the `StopSignal` field as a label on
the container. This commit also adjusts `ctr run` to call
`WithImageStopSignal` and `ctr tasks kill` to send the signal stored in
that label by default.
Signed-off-by: Samuel Karp <skarp@amazon.com>
Signed-off-by: Lifubang <lifubang@aliyun.com>
fix some errors
use typeurl.UnmarshalAny instead json.Unmarshal to interface{}
Signed-off-by: Lifubang <lifubang@aliyun.com>
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
1. Fixes bugs in ctr run that were introduced by 1d9b969
2. Adds support for the --isolated flag that runs Windows HyperV
cotainers instead of process isolated containers on Windows.
Signed-off-by: Justin Terry (VM) <juterry@microsoft.com>
Add flag and With-helper to set NoNewPrivileges to false since it is on
by default in the default UNIX spec for containerd, but off by default
in Docker and CRI plugin use. This allows for easy testing with it off
for comparison.
Signed-off-by: Phil Estes <estesp@linux.vnet.ibm.com>
This allows users to consume the install functionality but also install
to other areas instead of the managed `/opt` dir.
```bash
> ctr install --path /usr/local
```
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
On Windows we need to be able to create both Linux and Windows OCI spec
files by default to support WCOW and LCOW scenarios. This merges the
compile time differences into runtime differences between the two based
on the spec and platform the user sets.
It maintains the old behavior with Default specs resulting in the
platform default the binary is compiled for.
Signed-off-by: Justin Terry (VM) <juterry@microsoft.com>
Adds a new platform interface for matching and comparing platforms.
This new interface allows both filtering and ordering of platforms
to support running multiple platform and choosing the best platform.
Signed-off-by: Derek McGowan <derek@mcgstyle.net>
These opts either inherit the parent cgroup device.list or append the
default unix devices like /dev/null /dev/random so that the container
has access.
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
This makes it easier for callers to call this function and populate the
config without relying on specific flags across commands.
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
Some images like `criu` will have extra libs that it requires. This
adds lib support via LD_LIBRARY_PATH and InstallOpts
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
This adds a way for users to programatically install containerd binary
dependencies.
With runtime v2 and new shim's being built, it will be a challenge to
get those onto machines. Users would have to find the link, download,
place it in their path, yada yada yada.
With this functionality of a managed `/opt` directory, containerd can
use existing image and distribution infra. to get binarys, shims, etc
onto the system.
Configuration:
*default:* `/opt/containerd`
*containerd config:*
```toml
[plugins.opt]
path = "/opt/mypath"
```
Usage:
*code:*
```go
image, err := client.Pull(ctx, "docker.io/crosbymichael/runc:latest")
client.Install(ctx, image)
```
*ctr:*
```bash
ctr content fetch docker.io/crosbymichael/runc:latest
ctr install docker.io/crosbymichael/runc:latest
```
You can manage versions and see what is running via standard image
commands.
Images:
These images MUST be small and only contain binaries.
```Dockerfile
FROM scratch
Add runc /bin/runc
```
Containerd will only extract files in `/bin` of the image.
Later on, we can add support for `/lib`.
The code adds a service to manage an `/opt/containerd` directory and
provide that path to callers via the introspection service.
How to Test:
Delete runc from your system.
```bash
> sudo ctr run --rm docker.io/library/redis:alpine redis
ctr: OCI runtime create failed: unable to retrieve OCI runtime error (open /run/containerd/io.containerd.runtime.v1.linux/default/redis/log.json: no such file or directory): exec: "runc": executable file not found in $PATH: unknown
> sudo ctr content fetch docker.io/crosbymichael/runc:latest
> sudo ctr install docker.io/crosbymichael/runc:latest
> sudo ctr run --rm docker.io/library/redis:alpine redis
1:C 01 Aug 15:59:52.864 # oO0OoO0OoO0Oo Redis is starting oO0OoO0OoO0Oo
1:C 01 Aug 15:59:52.864 # Redis version=4.0.10, bits=64, commit=00000000, modified=0, pid=1, just started
1:C 01 Aug 15:59:52.864 # Warning: no config file specified, using the default config. In order to specify a config file use redis-server /path/to/redis.conf
1:M 01 Aug 15:59:52.866 # You requested maxclients of 10000 requiring at least 10032 max file descriptors.
1:M 01 Aug 15:59:52.866 # Server can't set maximum open files to 10032 because of OS error: Operation not permitted.
1:M 01 Aug 15:59:52.866 # Current maximum open files is 1024. maxclients has been reduced to 992 to compensate for low ulimit. If you need higher maxclients increase 'ulimit -n'.
1:M 01 Aug 15:59:52.870 * Running mode=standalone, port=6379.
1:M 01 Aug 15:59:52.870 # WARNING: The TCP backlog setting of 511 cannot be enforced because /proc/sys/net/core/somaxconn is set to the lower value of 128.
1:M 01 Aug 15:59:52.870 # Server initialized
1:M 01 Aug 15:59:52.870 # WARNING overcommit_memory is set to 0! Background save may fail under low memory condition. To fix this issue add 'vm.overcommit_memory = 1' to /etc/sysctl.conf and then reboot or run the command 'sysctl vm.overcommit_memory=1' for this to take effect.
1:M 01 Aug 15:59:52.870 # WARNING you have Transparent Huge Pages (THP) support enabled in your kernel. This will create latency and memory usage issues with Redis. To fix this issue run the command 'echo never > /sys/kernel/mm/transparent_hugepage/enabled' as root, and add it to your /etc/rc.local in order to retain the setting after a reboot. Redis must be restarted after THP is disabled.
1:M 01 Aug 15:59:52.870 * Ready to accept connections
^C1:signal-handler (1533139193) Received SIGINT scheduling shutdown...
1:M 01 Aug 15:59:53.472 # User requested shutdown...
1:M 01 Aug 15:59:53.472 * Saving the final RDB snapshot before exiting.
1:M 01 Aug 15:59:53.484 * DB saved on disk
1:M 01 Aug 15:59:53.484 # Redis is now ready to exit, bye bye...
```
Signed-off-by: Evan Hazlett <ejhazlett@gmail.com>
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
