Add runtime state configuration and structs #87
There are no files selected for viewing
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,5 +1,34 @@ | ||
| # Runtime and Lifecycle | ||
|
|
||
| ## State | ||
|
|
||
| The runtime state for a container is persisted on disk so that external tools can consume and act on this information. | ||
| The runtime state is stored in a JSON encoded file. | ||
| It is recommended that this file is stored in a temporary filesystem so that it can be removed on a system reboot. | ||
| On Linux based systems the state information should be stored in `/run/oci/containers`. | ||
| The directory structure for a container is `/run/oci/containers/<containerID>/state.json`. | ||
| By providing a default location that container state is stored external applications can find all containers running on a system. | ||
|
|
||
| * **version** (string) Version of the OCI specification used when creating the container. | ||
| * **id** (string) ID is the container's ID. | ||
|
There was a problem hiding this comment. id is a bit under specified; are there any restrictions on the format of the string? what is the uniqueness domain? There was a problem hiding this comment. How about all lowercase alphabets and digits? There was a problem hiding this comment. On Wed, Aug 05, 2015 at 09:19:02AM -0700, Mrunal Patel wrote:
That sounds good to me, although we might want to allow hyphens for Do we want to add requirements for the uniqueness domain? Unique to There was a problem hiding this comment. We need to add a comment that the reason we have an ID is because the hooks only get an open fd to this json document so they won't know the unique ID which may be useful for removal, etc. There was a problem hiding this comment. Also need to note that containerID MUST match the containerID subdirectory field. There was a problem hiding this comment. On Wed, Aug 26, 2015 at 10:12:52AM -0700, Brandon Philips wrote:
I wasn't clear on how it would be useful for removal. Everyone got on |
||
| * **pid** (int) Pid is the ID of the main process within the container. | ||
|
There was a problem hiding this comment. Maybe clarify the host's process namespace? For example:
assuming we land something like #107 to get a definition for “application”. Although this somewhat conflates the initial process and the whole tree descending from that process under application. And I'm not sure what happens if there are fork/exec calls to split off new trees and the container isn't using process namespacing. |
||
| * **root** (string) Root is the path to the container's bundle directory. | ||
|
There was a problem hiding this comment. My understanding of today's meeting was that we did need host-side path to the container's root filesystem here. Folks were motivating this entry for mounting additional host-side content into the container's filesystem. I don't see how the bundle root would help much there. Maybe bundle-root → There was a problem hiding this comment. In fact, I don't see why we'd need There was a problem hiding this comment.
That is assuming that root has been mounted? There was a problem hiding this comment. @vbatts Can we get the host path to the bundle root from /proc/{application pid}/mountinfo? I think that is the point of this field. There was a problem hiding this comment. @crosbymichael can you clarify if this is the root of the bundle or the rootfs of the bundle? We should probably call it bundlepath or rootfs or something to clarify. There was a problem hiding this comment. @vbatts ack, ok, all we need now is for @crosbymichael to clarify where this actually points in the bundle There was a problem hiding this comment. On Sat, Aug 29, 2015 at 09:36:51AM -0700, Vincent Batts wrote:
You mentioned root needing to be mounted for this 1, but I'm not $ cat /proc/6468/mountinfo showing that the container's root is at the host's And here's a container without a mount namespace: $ cat /proc/6304/mountinfo showing that the container's root is the same as my host's root. |
||
|
|
||
| The ID is provided in the state because hooks will be executed with the state as the payload. | ||
| This allows the hook to perform clean and teardown logic after the runtime destroys its own state. | ||
|
|
||
| The root directory to the bundle is provided in the state so that consumers can find the container's configuration and rootfs where it is located on the host's filesystem. | ||
|
|
||
| *Example* | ||
|
|
||
| ```json | ||
| { | ||
| "id": "oci-container", | ||
| "pid": 4422, | ||
| "root": "/containers/redis" | ||
| } | ||
| ``` | ||
|
|
||
| ## Lifecycle | ||
|
|
||
| ### Create | ||
|
|
||
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
After the meeting, my understanding was that we wanted a flat
/run/oci/{containerID}/state.jsonnamespace, with internal-to-the-state content for figuring out the semantics of the state content. If thestate.jsonrequires a version field that clarifies the associated spec (e.g. my suggestion here), there would be no need for thecontainers/path to namespace different types of container specs.