diff --git a/docs/installation.md b/docs/installation.md index f0e9d5a80..c3cc1bfee 100644 --- a/docs/installation.md +++ b/docs/installation.md @@ -1,4 +1,3 @@ - # Install Containerd with Release Tarball This document provides the steps to install `containerd` and its dependencies with the release tarball, and bring up a Kubernetes cluster using kubeadm. diff --git a/docs/registry.md b/docs/registry.md index d3dba4917..5b084128a 100644 --- a/docs/registry.md +++ b/docs/registry.md @@ -1,6 +1,7 @@ # Configure Image Registry This document describes the method to configure the image registry for `containerd` for use with the `cri` plugin. +## Configure Registry Endpoint With containerd, `docker.io` is the default image registry. You can also set up other image registries similar to docker. To configure image registries create/modify the `/etc/containerd/config.toml` as follows: @@ -19,4 +20,26 @@ The default configuration can be generated by `containerd config default > /etc/ The endpoint is a list that can contain multiple image registry URLs split by commas. When pulling an image from a registry, containerd will try these endpoint URLs one by one, and use the first working one. -After modify the config file, you need restart the `containerd` service. +After modify this config, you need restart the `containerd` service. + +## Configure Registry Credentials + +`cri` plugin also supports docker like registry credential config. + +To configure a credential for a specific registry endpoint, create/modify the +`/etc/containerd/config.toml` as follows: +```toml +[plugins.cri.registry.auths] + [plugins.cri.registry.auths."https://gcr.io"] + username = "" + password = "" + auth = "" + identitytoken = "" +``` +The meaning of each field is the same with the corresponding field in `.docker/config.json`. + +Please note that auth config passed by CRI takes precedence over this config. +The registry credential in this config will only be used when auth config is +not specified by Kubernetes via CRI. + +After modify this config, you need restart the `containerd` service. diff --git a/hack/verify-lint.sh b/hack/verify-lint.sh index 32731d55c..36ccec1c4 100755 --- a/hack/verify-lint.sh +++ b/hack/verify-lint.sh @@ -20,7 +20,7 @@ set -o pipefail for d in $(find . -type d -a \( -iwholename './pkg*' -o -iwholename './cmd*' \) -not -iwholename './pkg/api*'); do echo for directory ${d} ... gometalinter \ - --exclude='error return value not checked.*(Close|Log|Print).*\(errcheck\)$' \ + --exclude='error return value not checked.*(Close|Log|Print|Fprint).*\(errcheck\)$' \ --exclude='.*_test\.go:.*error return value not checked.*\(errcheck\)$' \ --exclude='duplicate of.*_test.go.*\(dupl\)$' \ --exclude='.*/mock_.*\.go:.*\(golint\)$' \ diff --git a/pkg/config/config.go b/pkg/config/config.go index 8ec2be834..e6cefbd4b 100644 --- a/pkg/config/config.go +++ b/pkg/config/config.go @@ -61,16 +61,32 @@ type CniConfig struct { // Mirror contains the config related to the registry mirror type Mirror struct { // Endpoints are endpoints for a namespace. CRI plugin will try the endpoints - // one by one until a working one is found. + // one by one until a working one is found. The endpoint must be a valid url + // with host specified. Endpoints []string `toml:"endpoint" json:"endpoint"` - // TODO (Abhi) We might need to add auth per namespace. Looks like - // image auth information is passed by kube itself. +} + +// AuthConfig contains the config related to authentication to a specific registry +type AuthConfig struct { + // Username is the username to login the registry. + Username string `toml:"username" json:"username"` + // Password is the password to login the registry. + Password string `toml:"password" json:"password"` + // Auth is a base64 encoded string from the concatenation of the username, + // a colon, and the password. + Auth string `toml:"auth" json:"auth"` + // IdentityToken is used to authenticate the user and get + // an access token for the registry. + IdentityToken string `toml:"identitytoken" json:"identitytoken"` } // Registry is registry settings configured type Registry struct { // Mirrors are namespace to mirror mapping for all namespaces. Mirrors map[string]Mirror `toml:"mirrors" json:"mirrors"` + // Auths are registry endpoint to auth config mapping. The registry endpoint must + // be a valid url with host specified. + Auths map[string]AuthConfig `toml:"auths" json:"auths"` } // PluginConfig contains toml config related to CRI plugin, @@ -81,7 +97,7 @@ type PluginConfig struct { // CniConfig contains config related to cni CniConfig `toml:"cni" json:"cni"` // Registry contains config related to the registry - Registry `toml:"registry" json:"registry"` + Registry Registry `toml:"registry" json:"registry"` // StreamServerAddress is the ip address streaming server is listening on. StreamServerAddress string `toml:"stream_server_address" json:"streamServerAddress"` // StreamServerPort is the port streaming server is listening on. diff --git a/pkg/containerd/resolver/auth.go b/pkg/containerd/resolver/auth.go deleted file mode 100644 index 15d406a93..000000000 --- a/pkg/containerd/resolver/auth.go +++ /dev/null @@ -1,202 +0,0 @@ -/* -Copyright 2018 The Containerd Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// The corresponding file is in containerd/remote/docker/ -// This package can be removed once a more feasible and hollistic resolver -// is finalized in containerd. - -package resolver - -import ( - "net/http" - "sort" - "strings" -) - -type authenticationScheme byte - -const ( - basicAuth authenticationScheme = 1 << iota // Defined in RFC 7617 - digestAuth // Defined in RFC 7616 - bearerAuth // Defined in RFC 6750 -) - -// challenge carries information from a WWW-Authenticate response header. -// See RFC 2617. -type challenge struct { - // scheme is the auth-scheme according to RFC 2617 - scheme authenticationScheme - - // parameters are the auth-params according to RFC 2617 - parameters map[string]string -} - -type byScheme []challenge - -func (bs byScheme) Len() int { return len(bs) } -func (bs byScheme) Swap(i, j int) { bs[i], bs[j] = bs[j], bs[i] } - -// Sort in priority order: token > digest > basic -func (bs byScheme) Less(i, j int) bool { return bs[i].scheme > bs[j].scheme } - -// Octet types from RFC 2616. -type octetType byte - -var octetTypes [256]octetType - -const ( - isToken octetType = 1 << iota - isSpace -) - -func init() { - // OCTET = - // CHAR = - // CTL = - // CR = - // LF = - // SP = - // HT = - // <"> = - // CRLF = CR LF - // LWS = [CRLF] 1*( SP | HT ) - // TEXT = - // separators = "(" | ")" | "<" | ">" | "@" | "," | ";" | ":" | "\" | <"> - // | "/" | "[" | "]" | "?" | "=" | "{" | "}" | SP | HT - // token = 1* - // qdtext = > - - for c := 0; c < 256; c++ { - var t octetType - isCtl := c <= 31 || c == 127 - isChar := 0 <= c && c <= 127 - isSeparator := strings.ContainsRune(" \t\"(),/:;<=>?@[]\\{}", rune(c)) - if strings.ContainsRune(" \t\r\n", rune(c)) { - t |= isSpace - } - if isChar && !isCtl && !isSeparator { - t |= isToken - } - octetTypes[c] = t - } -} - -func parseAuthHeader(header http.Header) []challenge { - challenges := []challenge{} - for _, h := range header[http.CanonicalHeaderKey("WWW-Authenticate")] { - v, p := parseValueAndParams(h) - var s authenticationScheme - switch v { - case "basic": - s = basicAuth - case "digest": - s = digestAuth - case "bearer": - s = bearerAuth - default: - continue - } - challenges = append(challenges, challenge{scheme: s, parameters: p}) - } - sort.Stable(byScheme(challenges)) - return challenges -} - -func parseValueAndParams(header string) (value string, params map[string]string) { - params = make(map[string]string) - value, s := expectToken(header) - if value == "" { - return - } - value = strings.ToLower(value) - for { - var pkey string - pkey, s = expectToken(skipSpace(s)) - if pkey == "" { - return - } - if !strings.HasPrefix(s, "=") { - return - } - var pvalue string - pvalue, s = expectTokenOrQuoted(s[1:]) - if pvalue == "" { - return - } - pkey = strings.ToLower(pkey) - params[pkey] = pvalue - s = skipSpace(s) - if !strings.HasPrefix(s, ",") { - return - } - s = s[1:] - } -} - -func skipSpace(s string) (rest string) { - i := 0 - for ; i < len(s); i++ { - if octetTypes[s[i]]&isSpace == 0 { - break - } - } - return s[i:] -} - -func expectToken(s string) (token, rest string) { - i := 0 - for ; i < len(s); i++ { - if octetTypes[s[i]]&isToken == 0 { - break - } - } - return s[:i], s[i:] -} - -func expectTokenOrQuoted(s string) (value string, rest string) { - if !strings.HasPrefix(s, "\"") { - return expectToken(s) - } - s = s[1:] - for i := 0; i < len(s); i++ { - switch s[i] { - case '"': - return s[:i], s[i+1:] - case '\\': - p := make([]byte, len(s)-1) - j := copy(p, s[:i]) - escape := true - for i = i + 1; i < len(s); i++ { - b := s[i] - switch { - case escape: - escape = false - p[j] = b - j++ - case b == '\\': - escape = true - case b == '"': - return string(p[:j]), s[i+1:] - default: - p[j] = b - j++ - } - } - return "", "" - } - } - return "", "" -} diff --git a/pkg/containerd/resolver/fetcher.go b/pkg/containerd/resolver/fetcher.go deleted file mode 100644 index 4e01c3c4b..000000000 --- a/pkg/containerd/resolver/fetcher.go +++ /dev/null @@ -1,172 +0,0 @@ -/* -Copyright 2018 The Containerd Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// The corresponding file is in containerd/remote/docker/ -// This package can be removed once a more feasible and hollistic resolver -// is finalized in containerd. - -package resolver - -import ( - "context" - "fmt" - "io" - "io/ioutil" - "net/http" - "path" - "strings" - - "github.com/containerd/containerd/errdefs" - "github.com/containerd/containerd/images" - "github.com/containerd/containerd/log" - ocispec "github.com/opencontainers/image-spec/specs-go/v1" - "github.com/pkg/errors" - "github.com/sirupsen/logrus" -) - -type dockerFetcher struct { - *dockerBase -} - -func (r dockerFetcher) Fetch(ctx context.Context, desc ocispec.Descriptor) (io.ReadCloser, error) { - var bases []string - for _, b := range r.base { - bases = append(bases, b.String()) - } - ctx = log.WithLogger(ctx, log.G(ctx).WithFields( - logrus.Fields{ - "base": bases, - "digest": desc.Digest, - }, - )) - - urls, err := r.getV2URLPaths(ctx, desc) - if err != nil { - return nil, err - } - - ctx, err = contextWithRepositoryScope(ctx, r.refspec, false) - if err != nil { - return nil, err - } - - return newHTTPReadSeeker(desc.Size, func(offset int64) (io.ReadCloser, error) { - for _, u := range urls { - rc, err := r.open(ctx, u, desc.MediaType, offset) - if err != nil { - if errdefs.IsNotFound(err) { - continue // try one of the other urls. - } - - return nil, err - } - - return rc, nil - } - - return nil, errors.Wrapf(errdefs.ErrNotFound, - "could not fetch content descriptor %v (%v) from remote", - desc.Digest, desc.MediaType) - - }) -} - -func (r dockerFetcher) open(ctx context.Context, u, mediatype string, offset int64) (io.ReadCloser, error) { - req, err := http.NewRequest(http.MethodGet, u, nil) - if err != nil { - return nil, err - } - - req.Header.Set("Accept", strings.Join([]string{mediatype, `*`}, ", ")) - - if offset > 0 { - // Note: "Accept-Ranges: bytes" cannot be trusted as some endpoints - // will return the header without supporting the range. The content - // range must always be checked. - req.Header.Set("Range", fmt.Sprintf("bytes=%d-", offset)) - } - - resp, err := r.doRequestWithRetries(ctx, req, nil) - if err != nil { - return nil, err - } - - if resp.StatusCode > 299 { - // TODO(stevvooe): When doing a offset specific request, we should - // really distinguish between a 206 and a 200. In the case of 200, we - // can discard the bytes, hiding the seek behavior from the - // implementation. - - resp.Body.Close() - if resp.StatusCode == http.StatusNotFound { - return nil, errors.Wrapf(errdefs.ErrNotFound, "content at %v not found", u) - } - return nil, errors.Errorf("unexpected status code %v: %v", u, resp.Status) - } - if offset > 0 { - cr := resp.Header.Get("content-range") - if cr != "" { - if !strings.HasPrefix(cr, fmt.Sprintf("bytes %d-", offset)) { - return nil, errors.Errorf("unhandled content range in response: %v", cr) - - } - } else { - // TODO: Should any cases where use of content range - // without the proper header be considerd? - // 206 responses? - - // Discard up to offset - // Could use buffer pool here but this case should be rare - n, err := io.Copy(ioutil.Discard, io.LimitReader(resp.Body, offset)) - if err != nil { - return nil, errors.Wrap(err, "failed to discard to offset") - } - if n != offset { - return nil, errors.Errorf("unable to discard to offset") - } - - } - } - - return resp.Body, nil -} - -// getV2URLPaths generates the candidate urls paths for the object based on the -// set of hints and the provided object id. URLs are returned in the order of -// most to least likely succeed. -func (r *dockerFetcher) getV2URLPaths(ctx context.Context, desc ocispec.Descriptor) ([]string, error) { - var urls []string - - if len(desc.URLs) > 0 { - // handle fetch via external urls. - for _, u := range desc.URLs { - log.G(ctx).WithField("url", u).Debug("adding alternative url") - urls = append(urls, u) - } - } - - switch desc.MediaType { - case images.MediaTypeDockerSchema2Manifest, images.MediaTypeDockerSchema2ManifestList, - images.MediaTypeDockerSchema1Manifest, - ocispec.MediaTypeImageManifest, ocispec.MediaTypeImageIndex: - urls = append(urls, r.urls(path.Join("manifests", desc.Digest.String()))...) - } - - // always fallback to attempting to get the object out of the blobs store. - urls = append(urls, r.urls(path.Join("blobs", desc.Digest.String()))...) - - return urls, nil -} diff --git a/pkg/containerd/resolver/fetcher_test.go b/pkg/containerd/resolver/fetcher_test.go deleted file mode 100644 index 8c71522a8..000000000 --- a/pkg/containerd/resolver/fetcher_test.go +++ /dev/null @@ -1,94 +0,0 @@ -/* -Copyright 2018 The Containerd Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package resolver - -import ( - "context" - "fmt" - "io/ioutil" - "math/rand" - "net/http" - "net/http/httptest" - "testing" -) - -func TestFetcherOpen(t *testing.T) { - content := make([]byte, 128) - rand.New(rand.NewSource(1)).Read(content) - start := 0 - - s := httptest.NewServer(http.HandlerFunc(func(rw http.ResponseWriter, r *http.Request) { - if start > 0 { - rw.Header().Set("content-range", fmt.Sprintf("bytes %d-127/128", start)) - } - rw.Header().Set("content-length", fmt.Sprintf("%d", len(content[start:]))) - rw.Write(content[start:]) - })) - defer s.Close() - - f := dockerFetcher{&dockerBase{ - client: s.Client(), - }} - ctx := context.Background() - - checkReader := func(o int64) { - t.Helper() - rc, err := f.open(ctx, s.URL, "", o) - if err != nil { - t.Fatalf("failed to open: %+v", err) - } - b, err := ioutil.ReadAll(rc) - if err != nil { - t.Fatal(err) - } - expected := content[o:] - if len(b) != len(expected) { - t.Errorf("unexpected length %d, expected %d", len(b), len(expected)) - return - } - for i, c := range expected { - if b[i] != c { - t.Errorf("unexpected byte %x at %d, expected %x", b[i], i, c) - return - } - } - - } - - checkReader(0) - - // Test server ignores content range - checkReader(25) - - // Use content range on server - start = 20 - checkReader(20) - - // Check returning just last byte and no bytes - start = 127 - checkReader(127) - start = 128 - checkReader(128) - - // Check that server returning a different content range - // then requested errors - start = 30 - _, err := f.open(ctx, s.URL, "", 20) - if err == nil { - t.Fatal("expected error opening with invalid server response") - } -} diff --git a/pkg/containerd/resolver/httpreadseeker.go b/pkg/containerd/resolver/httpreadseeker.go deleted file mode 100644 index 16af3d7e4..000000000 --- a/pkg/containerd/resolver/httpreadseeker.go +++ /dev/null @@ -1,148 +0,0 @@ -/* -Copyright 2018 The Containerd Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// The corresponding file is in containerd/remote/docker/. -// This package can be removed once a more feasible and hollistic resolver -// is finalized in containerd. - -package resolver - -import ( - "bytes" - "io" - "io/ioutil" - - "github.com/containerd/containerd/errdefs" - "github.com/containerd/containerd/log" - "github.com/pkg/errors" -) - -type httpReadSeeker struct { - size int64 - offset int64 - rc io.ReadCloser - open func(offset int64) (io.ReadCloser, error) - closed bool -} - -func newHTTPReadSeeker(size int64, open func(offset int64) (io.ReadCloser, error)) (io.ReadCloser, error) { - return &httpReadSeeker{ - size: size, - open: open, - }, nil -} - -func (hrs *httpReadSeeker) Read(p []byte) (n int, err error) { - if hrs.closed { - return 0, io.EOF - } - - rd, err := hrs.reader() - if err != nil { - return 0, err - } - - n, err = rd.Read(p) - hrs.offset += int64(n) - return -} - -func (hrs *httpReadSeeker) Close() error { - if hrs.closed { - return nil - } - hrs.closed = true - if hrs.rc != nil { - return hrs.rc.Close() - } - - return nil -} - -func (hrs *httpReadSeeker) Seek(offset int64, whence int) (int64, error) { - if hrs.closed { - return 0, errors.Wrap(errdefs.ErrUnavailable, "Fetcher.Seek: closed") - } - - abs := hrs.offset - switch whence { - case io.SeekStart: - abs = offset - case io.SeekCurrent: - abs += offset - case io.SeekEnd: - if hrs.size == -1 { - return 0, errors.Wrap(errdefs.ErrUnavailable, "Fetcher.Seek: unknown size, cannot seek from end") - } - abs = hrs.size + offset - default: - return 0, errors.Wrap(errdefs.ErrInvalidArgument, "Fetcher.Seek: invalid whence") - } - - if abs < 0 { - return 0, errors.Wrapf(errdefs.ErrInvalidArgument, "Fetcher.Seek: negative offset") - } - - if abs != hrs.offset { - if hrs.rc != nil { - if err := hrs.rc.Close(); err != nil { - log.L.WithError(err).Errorf("Fetcher.Seek: failed to close ReadCloser") - } - - hrs.rc = nil - } - - hrs.offset = abs - } - - return hrs.offset, nil -} - -func (hrs *httpReadSeeker) reader() (io.Reader, error) { - if hrs.rc != nil { - return hrs.rc, nil - } - - if hrs.size == -1 || hrs.offset < hrs.size { - // only try to reopen the body request if we are seeking to a value - // less than the actual size. - if hrs.open == nil { - return nil, errors.Wrapf(errdefs.ErrNotImplemented, "cannot open") - } - - rc, err := hrs.open(hrs.offset) - if err != nil { - return nil, errors.Wrapf(err, "httpReaderSeeker: failed open") - } - - if hrs.rc != nil { - if err := hrs.rc.Close(); err != nil { - log.L.WithError(err).Errorf("httpReadSeeker: failed to close ReadCloser") - } - } - hrs.rc = rc - } else { - // There is an edge case here where offset == size of the content. If - // we seek, we will probably get an error for content that cannot be - // sought (?). In that case, we should err on committing the content, - // as the length is already satisified but we just return the empty - // reader instead. - - hrs.rc = ioutil.NopCloser(bytes.NewReader([]byte{})) - } - - return hrs.rc, nil -} diff --git a/pkg/containerd/resolver/resolver.go b/pkg/containerd/resolver/resolver.go deleted file mode 100644 index 3130b7876..000000000 --- a/pkg/containerd/resolver/resolver.go +++ /dev/null @@ -1,622 +0,0 @@ -/* -Copyright 2018 The Containerd Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package resolver - -import ( - "context" - "encoding/json" - "fmt" - "io" - "io/ioutil" - "net/http" - "net/url" - "path" - "strconv" - "strings" - "sync" - "time" - - "github.com/containerd/containerd/images" - "github.com/containerd/containerd/log" - "github.com/containerd/containerd/reference" - "github.com/containerd/containerd/remotes" - digest "github.com/opencontainers/go-digest" - ocispec "github.com/opencontainers/image-spec/specs-go/v1" - "github.com/pkg/errors" - "github.com/sirupsen/logrus" - "golang.org/x/net/context/ctxhttp" -) - -// This file is a modified copy of containerd/remote/docker/resolver.go. -// The changes carried over by this file includes support for image ref -// resolution and fetching image using multiple registry mirror urls. A new -// ResolverOption called Registry is added. Registry will contain a map -// of namespace relevant mirror urls. The client will use the ResolverOptions -// to set the urls associated with the namespace of the image reference. -// This package can be removed once a more feasible and hollistic resolver -// is finalized in containerd. The specific changes are made to the base -// function to calculate the base urls for the image location. urls() is -// added to fetch the mirror urls associated with the namespace of the image -// ResolverOptions are changed for client to set the namespace and mirror urls -// for to pull the image. - -var ( - // ErrNoToken is returned if a request is successful but the body does not - // contain an authorization token. - ErrNoToken = errors.New("authorization server did not include a token in the response") - - // ErrInvalidAuthorization is used when credentials are passed to a server but - // those credentials are rejected. - ErrInvalidAuthorization = errors.New("authorization failed") -) - -type containerdResolver struct { - credentials func(string) (string, string, error) - plainHTTP bool - client *http.Client - tracker StatusTracker - registry map[string][]string -} - -// Options are used to configured a new Docker register resolver -type Options struct { - // Credentials provides username and secret given a host. - // If username is empty but a secret is given, that secret - // is interpretted as a long lived token. - Credentials func(string) (string, string, error) - - // PlainHTTP specifies to use plain http and not https - PlainHTTP bool - - // Client is the http client to used when making registry requests - Client *http.Client - - // Tracker is used to track uploads to the registry. This is used - // since the registry does not have upload tracking and the existing - // mechanism for getting blob upload status is expensive. - Tracker StatusTracker - - Registry map[string][]string -} - -// NewResolver returns a new resolver to a Docker registry -func NewResolver(options Options) remotes.Resolver { - tracker := options.Tracker - if tracker == nil { - tracker = NewInMemoryTracker() - } - - return &containerdResolver{ - credentials: options.Credentials, - plainHTTP: options.PlainHTTP, - client: options.Client, - tracker: tracker, - registry: options.Registry, - } -} - -var _ remotes.Resolver = &containerdResolver{} - -func (r *containerdResolver) Resolve(ctx context.Context, ref string) (string, ocispec.Descriptor, error) { - refspec, err := reference.Parse(ref) - if err != nil { - return "", ocispec.Descriptor{}, err - } - - if refspec.Object == "" { - return "", ocispec.Descriptor{}, reference.ErrObjectRequired - } - - base, err := r.base(refspec) - if err != nil { - return "", ocispec.Descriptor{}, err - } - - fetcher := dockerFetcher{ - dockerBase: base, - } - - var ( - urls []string - dgst = refspec.Digest() - ) - - if dgst != "" { - if err := dgst.Validate(); err != nil { - // need to fail here, since we can't actually resolve the invalid - // digest. - return "", ocispec.Descriptor{}, err - } - - // turns out, we have a valid digest, make a url. - urls = append(urls, fetcher.urls("manifests", dgst.String())...) - - // fallback to blobs on not found. - urls = append(urls, fetcher.urls("blobs", dgst.String())...) - } else { - urls = append(urls, fetcher.urls("manifests", refspec.Object)...) - } - - ctx, err = contextWithRepositoryScope(ctx, refspec, false) - if err != nil { - return "", ocispec.Descriptor{}, err - } - for _, u := range urls { - log.G(ctx).WithFields(logrus.Fields{ - "url": u, - }).Debug("Trying to fetch from url") - req, err := http.NewRequest(http.MethodHead, u, nil) - if err != nil { - return "", ocispec.Descriptor{}, err - } - - // set headers for all the types we support for resolution. - req.Header.Set("Accept", strings.Join([]string{ - images.MediaTypeDockerSchema2Manifest, - images.MediaTypeDockerSchema2ManifestList, - ocispec.MediaTypeImageManifest, - ocispec.MediaTypeImageIndex, "*"}, ", ")) - - log.G(ctx).Info("resolving") - resp, err := fetcher.doRequestWithRetries(ctx, req, nil) - if err != nil { - return "", ocispec.Descriptor{}, err - } - resp.Body.Close() // don't care about body contents. - - if resp.StatusCode > 299 { - if resp.StatusCode == http.StatusNotFound { - continue - } - return "", ocispec.Descriptor{}, errors.Errorf("unexpected status code %v: %v", u, resp.Status) - } - - // this is the only point at which we trust the registry. we use the - // content headers to assemble a descriptor for the name. when this becomes - // more robust, we mostly get this information from a secure trust store. - dgstHeader := digest.Digest(resp.Header.Get("Docker-Content-Digest")) - - if dgstHeader != "" { - if err := dgstHeader.Validate(); err != nil { - return "", ocispec.Descriptor{}, errors.Wrapf(err, "%q in header not a valid digest", dgstHeader) - } - dgst = dgstHeader - } - - if dgst == "" { - return "", ocispec.Descriptor{}, errors.Errorf("could not resolve digest for %v", ref) - } - - var ( - size int64 - sizeHeader = resp.Header.Get("Content-Length") - ) - - size, err = strconv.ParseInt(sizeHeader, 10, 64) - if err != nil { - - return "", ocispec.Descriptor{}, errors.Wrapf(err, "invalid size header: %q", sizeHeader) - } - if size < 0 { - return "", ocispec.Descriptor{}, errors.Errorf("%q in header not a valid size", sizeHeader) - } - - desc := ocispec.Descriptor{ - Digest: dgst, - MediaType: resp.Header.Get("Content-Type"), // need to strip disposition? - Size: size, - } - - log.G(ctx).WithField("desc.digest", desc.Digest).Debug("resolved") - return ref, desc, nil - } - - return "", ocispec.Descriptor{}, errors.Errorf("%v not found", ref) -} - -func (r *containerdResolver) Fetcher(ctx context.Context, ref string) (remotes.Fetcher, error) { - refspec, err := reference.Parse(ref) - if err != nil { - return nil, err - } - - base, err := r.base(refspec) - if err != nil { - return nil, err - } - - return dockerFetcher{ - dockerBase: base, - }, nil -} - -func (r *containerdResolver) Pusher(ctx context.Context, ref string) (remotes.Pusher, error) { - return nil, nil -} - -type dockerBase struct { - refspec reference.Spec - base []url.URL - - client *http.Client - useBasic bool - username, secret string - token string - mu sync.Mutex -} - -func (r *containerdResolver) base(refspec reference.Spec) (*dockerBase, error) { - var ( - err error - base []url.URL - username, secret string - ) - - host := refspec.Hostname() - prefix := strings.TrimPrefix(refspec.Locator, host+"/") - - if urls, ok := r.registry[host]; ok { - urls, err := r.getV2Urls(urls, prefix) - if err != nil { - return nil, errors.Wrap(err, "failed to fetch v2 urls") - } - base = append(base, urls...) - } else if host == "docker.io" { - base = append(base, []url.URL{{Host: "registry-1.docker.io", Scheme: "https", Path: path.Join("/v2", prefix)}}...) - } else { - scheme := "https" - if r.plainHTTP || strings.HasPrefix(host, "localhost:") { - scheme = "http" - } - base = append(base, []url.URL{{Host: host, Scheme: scheme, Path: path.Join("/v2", prefix)}}...) - } - - if r.credentials != nil { - username, secret, err = r.credentials(base[0].Host) - if err != nil { - return nil, err - } - } - - return &dockerBase{ - refspec: refspec, - base: base, - client: r.client, - username: username, - secret: secret, - }, nil -} - -func (r *dockerBase) getToken() string { - r.mu.Lock() - defer r.mu.Unlock() - - return r.token -} - -func (r *dockerBase) setToken(token string) bool { - r.mu.Lock() - defer r.mu.Unlock() - - changed := r.token != token - r.token = token - - return changed -} - -func (r *dockerBase) urls(ps ...string) []string { - urls := []string{} - for _, url := range r.base { - url.Path = path.Join(url.Path, path.Join(ps...)) - urls = append(urls, url.String()) - } - return urls -} - -func (r *dockerBase) authorize(req *http.Request) { - token := r.getToken() - if r.useBasic { - req.SetBasicAuth(r.username, r.secret) - } else if token != "" { - req.Header.Set("Authorization", fmt.Sprintf("Bearer %s", token)) - } -} - -func (r *dockerBase) doRequest(ctx context.Context, req *http.Request) (*http.Response, error) { - ctx = log.WithLogger(ctx, log.G(ctx).WithField("url", req.URL.String())) - log.G(ctx).WithField("request.headers", req.Header).WithField("request.method", req.Method).Debug("do request") - r.authorize(req) - resp, err := ctxhttp.Do(ctx, r.client, req) - if err != nil { - return nil, errors.Wrap(err, "failed to do request") - } - log.G(ctx).WithFields(logrus.Fields{ - "status": resp.Status, - "response.headers": resp.Header, - }).Debug("fetch response received") - return resp, nil -} - -func (r *dockerBase) doRequestWithRetries(ctx context.Context, req *http.Request, responses []*http.Response) (*http.Response, error) { - resp, err := r.doRequest(ctx, req) - if err != nil { - return nil, err - } - - responses = append(responses, resp) - req, err = r.retryRequest(ctx, req, responses) - if err != nil { - resp.Body.Close() - return nil, err - } - if req != nil { - resp.Body.Close() - return r.doRequestWithRetries(ctx, req, responses) - } - return resp, err -} - -func (r *dockerBase) retryRequest(ctx context.Context, req *http.Request, responses []*http.Response) (*http.Request, error) { - if len(responses) > 5 { - return nil, nil - } - last := responses[len(responses)-1] - if last.StatusCode == http.StatusUnauthorized { - log.G(ctx).WithField("header", last.Header.Get("WWW-Authenticate")).Debug("Unauthorized") - for _, c := range parseAuthHeader(last.Header) { - if c.scheme == bearerAuth { - if err := invalidAuthorization(c, responses); err != nil { - r.setToken("") - return nil, err - } - if err := r.setTokenAuth(ctx, c.parameters); err != nil { - return nil, err - } - return copyRequest(req) - } else if c.scheme == basicAuth { - if r.username != "" && r.secret != "" { - r.useBasic = true - } - return copyRequest(req) - } - } - return nil, nil - } else if last.StatusCode == http.StatusMethodNotAllowed && req.Method == http.MethodHead { - // Support registries which have not properly implemented the HEAD method for - // manifests endpoint - if strings.Contains(req.URL.Path, "/manifests/") { - // TODO: copy request? - req.Method = http.MethodGet - return copyRequest(req) - } - } - - // TODO: Handle 50x errors accounting for attempt history - return nil, nil -} - -func invalidAuthorization(c challenge, responses []*http.Response) error { - errStr := c.parameters["error"] - if errStr == "" { - return nil - } - - n := len(responses) - if n == 1 || (n > 1 && !sameRequest(responses[n-2].Request, responses[n-1].Request)) { - return nil - } - - return errors.Wrapf(ErrInvalidAuthorization, "server message: %s", errStr) -} - -func sameRequest(r1, r2 *http.Request) bool { - if r1.Method != r2.Method { - return false - } - if *r1.URL != *r2.URL { - return false - } - return true -} - -func copyRequest(req *http.Request) (*http.Request, error) { - ireq := *req - if ireq.GetBody != nil { - var err error - ireq.Body, err = ireq.GetBody() - if err != nil { - return nil, err - } - } - return &ireq, nil -} - -func (r *dockerBase) setTokenAuth(ctx context.Context, params map[string]string) error { - realm, ok := params["realm"] - if !ok { - return errors.New("no realm specified for token auth challenge") - } - - realmURL, err := url.Parse(realm) - if err != nil { - return errors.Wrap(err, "invalid token auth challenge realm") - } - - to := tokenOptions{ - realm: realmURL.String(), - service: params["service"], - } - - to.scopes = getTokenScopes(ctx, params) - if len(to.scopes) == 0 { - return errors.New("no scope specified for token auth challenge") - } - - var token string - if r.secret != "" { - // Credential information is provided, use oauth POST endpoint - token, err = r.fetchTokenWithOAuth(ctx, to) - if err != nil { - return errors.Wrap(err, "failed to fetch oauth token") - } - } else { - // Do request anonymously - token, err = r.fetchToken(ctx, to) - if err != nil { - return errors.Wrap(err, "failed to fetch anonymous token") - } - } - r.setToken(token) - - return nil -} - -type tokenOptions struct { - realm string - service string - scopes []string -} - -type postTokenResponse struct { - AccessToken string `json:"access_token"` - RefreshToken string `json:"refresh_token"` - ExpiresIn int `json:"expires_in"` - IssuedAt time.Time `json:"issued_at"` - Scope string `json:"scope"` -} - -func (r *dockerBase) fetchTokenWithOAuth(ctx context.Context, to tokenOptions) (string, error) { - form := url.Values{} - form.Set("scope", strings.Join(to.scopes, " ")) - form.Set("service", to.service) - // TODO: Allow setting client_id - form.Set("client_id", "containerd-dist-tool") - - if r.username == "" { - form.Set("grant_type", "refresh_token") - form.Set("refresh_token", r.secret) - } else { - form.Set("grant_type", "password") - form.Set("username", r.username) - form.Set("password", r.secret) - } - - resp, err := ctxhttp.PostForm(ctx, r.client, to.realm, form) - if err != nil { - return "", err - } - defer resp.Body.Close() - - // Registries without support for POST may return 404 for POST /v2/token. - // As of September 2017, GCR is known to return 404. - if (resp.StatusCode == 405 && r.username != "") || resp.StatusCode == 404 || resp.StatusCode == 401 { - return r.fetchToken(ctx, to) - } else if resp.StatusCode < 200 || resp.StatusCode >= 400 { - b, _ := ioutil.ReadAll(io.LimitReader(resp.Body, 64000)) // 64KB - log.G(ctx).WithFields(logrus.Fields{ - "status": resp.Status, - "body": string(b), - }).Debugf("token request failed") - // TODO: handle error body and write debug output - return "", errors.Errorf("unexpected status: %s", resp.Status) - } - - decoder := json.NewDecoder(resp.Body) - - var tr postTokenResponse - if err = decoder.Decode(&tr); err != nil { - return "", errors.Wrap(err, "unable to decode token response") - } - - return tr.AccessToken, nil -} - -type getTokenResponse struct { - Token string `json:"token"` - AccessToken string `json:"access_token"` - ExpiresIn int `json:"expires_in"` - IssuedAt time.Time `json:"issued_at"` - RefreshToken string `json:"refresh_token"` -} - -// fetchToken fetches a token using a GET request -func (r *dockerBase) fetchToken(ctx context.Context, to tokenOptions) (string, error) { - req, err := http.NewRequest("GET", to.realm, nil) - if err != nil { - return "", err - } - - reqParams := req.URL.Query() - - if to.service != "" { - reqParams.Add("service", to.service) - } - - for _, scope := range to.scopes { - reqParams.Add("scope", scope) - } - - if r.secret != "" { - req.SetBasicAuth(r.username, r.secret) - } - - req.URL.RawQuery = reqParams.Encode() - - resp, err := ctxhttp.Do(ctx, r.client, req) - if err != nil { - return "", err - } - defer resp.Body.Close() - - if resp.StatusCode < 200 || resp.StatusCode >= 400 { - // TODO: handle error body and write debug output - return "", errors.Errorf("unexpected status: %s", resp.Status) - } - - decoder := json.NewDecoder(resp.Body) - - var tr getTokenResponse - if err = decoder.Decode(&tr); err != nil { - return "", errors.Wrap(err, "unable to decode token response") - } - - // `access_token` is equivalent to `token` and if both are specified - // the choice is undefined. Canonicalize `access_token` by sticking - // things in `token`. - if tr.AccessToken != "" { - tr.Token = tr.AccessToken - } - - if tr.Token == "" { - return "", ErrNoToken - } - - return tr.Token, nil -} - -func (r *containerdResolver) getV2Urls(urls []string, imagePath string) ([]url.URL, error) { - v2Urls := []url.URL{} - for _, u := range urls { - v2Url, err := url.Parse(u) - if err != nil { - return nil, errors.Wrapf(err, "failed to parse url during getv2 urls: %+v", u) - } - v2Url.Path = path.Join("/v2", imagePath) - v2Urls = append(v2Urls, *v2Url) - } - return v2Urls, nil -} diff --git a/pkg/containerd/resolver/scope.go b/pkg/containerd/resolver/scope.go deleted file mode 100644 index c8ced9179..000000000 --- a/pkg/containerd/resolver/scope.go +++ /dev/null @@ -1,80 +0,0 @@ -/* -Copyright 2018 The Containerd Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// The corresponding file is in containerd/remote/docker/. -// This package can be removed once a more feasible and hollistic resolver -// is finalized in containerd. - -package resolver - -import ( - "context" - "net/url" - "sort" - "strings" - - "github.com/containerd/containerd/reference" -) - -// repositoryScope returns a repository scope string such as "repository:foo/bar:pull" -// for "host/foo/bar:baz". -// When push is true, both pull and push are added to the scope. -func repositoryScope(refspec reference.Spec, push bool) (string, error) { - u, err := url.Parse("dummy://" + refspec.Locator) - if err != nil { - return "", err - } - s := "repository:" + strings.TrimPrefix(u.Path, "/") + ":pull" - if push { - s += ",push" - } - return s, nil -} - -// tokenScopesKey is used for the key for context.WithValue(). -// value: []string (e.g. {"registry:foo/bar:pull"}) -type tokenScopesKey struct{} - -// contextWithRepositoryScope returns a context with tokenScopesKey{} and the repository scope value. -func contextWithRepositoryScope(ctx context.Context, refspec reference.Spec, push bool) (context.Context, error) { - s, err := repositoryScope(refspec, push) - if err != nil { - return nil, err - } - return context.WithValue(ctx, tokenScopesKey{}, []string{s}), nil -} - -// getTokenScopes returns deduplicated and sorted scopes from ctx.Value(tokenScopesKey{}) and params["scope"]. -func getTokenScopes(ctx context.Context, params map[string]string) []string { - var scopes []string - if x := ctx.Value(tokenScopesKey{}); x != nil { - scopes = append(scopes, x.([]string)...) - } - if scope, ok := params["scope"]; ok { - for _, s := range scopes { - // Note: this comparison is unaware of the scope grammar (https://docs.docker.com/registry/spec/auth/scope/) - // So, "repository:foo/bar:pull,push" != "repository:foo/bar:push,pull", although semantically they are equal. - if s == scope { - // already appended - goto Sort - } - } - scopes = append(scopes, scope) - } -Sort: - sort.Strings(scopes) - return scopes -} diff --git a/pkg/containerd/resolver/scope_test.go b/pkg/containerd/resolver/scope_test.go deleted file mode 100644 index f620dd4e6..000000000 --- a/pkg/containerd/resolver/scope_test.go +++ /dev/null @@ -1,58 +0,0 @@ -/* -Copyright 2018 The Containerd Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// The corresponding file is in containerd/remote/docker/. -// This package can be removed once a more feasible and hollistic resolver -// is finalized in containerd. - -package resolver - -import ( - "testing" - - "github.com/containerd/containerd/reference" - "github.com/stretchr/testify/assert" -) - -func TestRepositoryScope(t *testing.T) { - testCases := []struct { - refspec reference.Spec - push bool - expected string - }{ - { - refspec: reference.Spec{ - Locator: "host/foo/bar", - Object: "ignored", - }, - push: false, - expected: "repository:foo/bar:pull", - }, - { - refspec: reference.Spec{ - Locator: "host:4242/foo/bar", - Object: "ignored", - }, - push: true, - expected: "repository:foo/bar:pull,push", - }, - } - for _, x := range testCases { - actual, err := repositoryScope(x.refspec, x.push) - assert.NoError(t, err) - assert.Equal(t, x.expected, actual) - } -} diff --git a/pkg/containerd/resolver/status.go b/pkg/containerd/resolver/status.go deleted file mode 100644 index 5ffcdaec0..000000000 --- a/pkg/containerd/resolver/status.go +++ /dev/null @@ -1,71 +0,0 @@ -/* -Copyright 2018 The Containerd Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// The corresponding file is in containerd/remote/docker/. -// This package can be removed once a more feasible and hollistic resolver -// is finalized in containerd. - -package resolver - -import ( - "sync" - - "github.com/containerd/containerd/content" - "github.com/containerd/containerd/errdefs" - "github.com/pkg/errors" -) - -// Status of a content operation -type Status struct { - content.Status - - // UploadUUID is used by the Docker registry to reference blob uploads - UploadUUID string -} - -// StatusTracker to track status of operations -type StatusTracker interface { - GetStatus(string) (Status, error) - SetStatus(string, Status) -} - -type memoryStatusTracker struct { - statuses map[string]Status - m sync.Mutex -} - -// NewInMemoryTracker returns a StatusTracker that tracks content status in-memory -func NewInMemoryTracker() StatusTracker { - return &memoryStatusTracker{ - statuses: map[string]Status{}, - } -} - -func (t *memoryStatusTracker) GetStatus(ref string) (Status, error) { - t.m.Lock() - defer t.m.Unlock() - status, ok := t.statuses[ref] - if !ok { - return Status{}, errors.Wrapf(errdefs.ErrNotFound, "status for ref %v", ref) - } - return status, nil -} - -func (t *memoryStatusTracker) SetStatus(ref string, status Status) { - t.m.Lock() - t.statuses[ref] = status - t.m.Unlock() -} diff --git a/pkg/server/helpers.go b/pkg/server/helpers.go index 5bfdb8205..29f2f9ba4 100644 --- a/pkg/server/helpers.go +++ b/pkg/server/helpers.go @@ -444,3 +444,13 @@ func getRuntimeConfigFromContainerInfo(c containers.Container) (criconfig.Runtim r.Root = runtimeOpts.RuntimeRoot return r, nil } + +// toRuntimeAuthConfig converts cri plugin auth config to runtime auth config. +func toRuntimeAuthConfig(a criconfig.AuthConfig) *runtime.AuthConfig { + return &runtime.AuthConfig{ + Username: a.Username, + Password: a.Password, + Auth: a.Auth, + IdentityToken: a.IdentityToken, + } +} diff --git a/pkg/server/image_pull.go b/pkg/server/image_pull.go index 67acddf0f..a25d8285e 100644 --- a/pkg/server/image_pull.go +++ b/pkg/server/image_pull.go @@ -19,18 +19,21 @@ package server import ( "encoding/base64" "net/http" + "net/url" "strings" "github.com/containerd/containerd" "github.com/containerd/containerd/errdefs" containerdimages "github.com/containerd/containerd/images" + "github.com/containerd/containerd/reference" + "github.com/containerd/containerd/remotes" + "github.com/containerd/containerd/remotes/docker" imagespec "github.com/opencontainers/image-spec/specs-go/v1" "github.com/pkg/errors" "github.com/sirupsen/logrus" "golang.org/x/net/context" runtime "k8s.io/kubernetes/pkg/kubelet/apis/cri/runtime/v1alpha2" - containerdresolver "github.com/containerd/cri/pkg/containerd/resolver" imagestore "github.com/containerd/cri/pkg/store/image" "github.com/containerd/cri/pkg/util" ) @@ -87,12 +90,7 @@ func (c *criService) PullImage(ctx context.Context, r *runtime.PullImageRequest) if ref != imageRef { logrus.Debugf("PullImage using normalized image ref: %q", ref) } - resolver := containerdresolver.NewResolver(containerdresolver.Options{ - Credentials: func(string) (string, string, error) { return ParseAuth(r.GetAuth()) }, - Client: http.DefaultClient, - Registry: c.getResolverOptions(), - }) - _, desc, err := resolver.Resolve(ctx, ref) + resolver, desc, err := c.getResolver(ctx, ref, c.credentials(r.GetAuth())) if err != nil { return nil, errors.Wrapf(err, "failed to resolve image %q", ref) } @@ -206,10 +204,59 @@ func (c *criService) createImageReference(ctx context.Context, name string, desc return err } -func (c *criService) getResolverOptions() map[string][]string { - options := make(map[string][]string) - for ns, mirror := range c.config.Mirrors { - options[ns] = append(options[ns], mirror.Endpoints...) +// credentials returns a credential function for docker resolver to use. +func (c *criService) credentials(auth *runtime.AuthConfig) func(string) (string, string, error) { + return func(host string) (string, string, error) { + if auth == nil { + // Get default auth from config. + for h, ac := range c.config.Registry.Auths { + u, err := url.Parse(h) + if err != nil { + return "", "", errors.Wrapf(err, "parse auth host %q", h) + } + if u.Host == host { + auth = toRuntimeAuthConfig(ac) + break + } + } + } + return ParseAuth(auth) + } +} + +// getResolver tries registry mirrors and the default registry, and returns the resolver and descriptor +// from the first working registry. +func (c *criService) getResolver(ctx context.Context, ref string, cred func(string) (string, string, error)) (remotes.Resolver, imagespec.Descriptor, error) { + refspec, err := reference.Parse(ref) + if err != nil { + return nil, imagespec.Descriptor{}, errors.Wrap(err, "parse image reference") + } + // Try mirrors in order first, and then try default host name. + for _, e := range c.config.Registry.Mirrors[refspec.Hostname()].Endpoints { + u, err := url.Parse(e) + if err != nil { + return nil, imagespec.Descriptor{}, errors.Wrapf(err, "parse registry endpoint %q", e) + } + resolver := docker.NewResolver(docker.ResolverOptions{ + Credentials: cred, + Client: http.DefaultClient, + Host: func(string) (string, error) { return u.Host, nil }, + // By default use "https". + PlainHTTP: u.Scheme == "http", + }) + _, desc, err := resolver.Resolve(ctx, ref) + if err == nil { + return resolver, desc, nil + } + // Continue to try next endpoint + } + resolver := docker.NewResolver(docker.ResolverOptions{ + Credentials: cred, + Client: http.DefaultClient, + }) + _, desc, err := resolver.Resolve(ctx, ref) + if err != nil { + return nil, imagespec.Descriptor{}, errors.Wrap(err, "no available registry endpoint") } - return options + return resolver, desc, nil } diff --git a/pkg/server/image_pull_test.go b/pkg/server/image_pull_test.go index 1fa9d7703..83b591cf3 100644 --- a/pkg/server/image_pull_test.go +++ b/pkg/server/image_pull_test.go @@ -22,6 +22,8 @@ import ( "github.com/stretchr/testify/assert" runtime "k8s.io/kubernetes/pkg/kubelet/apis/cri/runtime/v1alpha2" + + criconfig "github.com/containerd/cri/pkg/config" ) func TestParseAuth(t *testing.T) { @@ -72,3 +74,58 @@ func TestParseAuth(t *testing.T) { assert.Equal(t, test.expectedSecret, s) } } + +func TestCredentials(t *testing.T) { + c := newTestCRIService() + c.config.Registry.Auths = map[string]criconfig.AuthConfig{ + "https://test1.io": { + Username: "username1", + Password: "password1", + }, + "http://test2.io": { + Username: "username2", + Password: "password2", + }, + "//test3.io": { + Username: "username3", + Password: "password3", + }, + } + for desc, test := range map[string]struct { + auth *runtime.AuthConfig + host string + expectedUsername string + expectedPassword string + }{ + "auth config from CRI should take precedence": { + auth: &runtime.AuthConfig{ + Username: "username", + Password: "password", + }, + host: "test1.io", + expectedUsername: "username", + expectedPassword: "password", + }, + "should support https host": { + host: "test1.io", + expectedUsername: "username1", + expectedPassword: "password1", + }, + "should support http host": { + host: "test2.io", + expectedUsername: "username2", + expectedPassword: "password2", + }, + "should support hostname only": { + host: "test3.io", + expectedUsername: "username3", + expectedPassword: "password3", + }, + } { + t.Logf("TestCase %q", desc) + username, password, err := c.credentials(test.auth)(test.host) + assert.NoError(t, err) + assert.Equal(t, test.expectedUsername, username) + assert.Equal(t, test.expectedPassword, password) + } +} diff --git a/vendor.conf b/vendor.conf index 521dc47f3..4fca291a6 100644 --- a/vendor.conf +++ b/vendor.conf @@ -3,13 +3,14 @@ github.com/blang/semver v3.1.0 github.com/boltdb/bolt e9cf4fae01b5a8ff89d0ec6b32f0d9c9f79aefdd github.com/BurntSushi/toml a368813c5e648fee92e5f6c30e3944ff9d5e8895 github.com/containerd/cgroups fe281dd265766145e943a034aa41086474ea6130 -github.com/containerd/console 9290d21dc56074581f619579c43d970b4514bc08 -github.com/containerd/containerd 84bebdd91d347c99069d1705b7d4e6d6f746160c +github.com/containerd/console 5d1b48d6114b8c9666f0c8b916f871af97b0a761 +github.com/containerd/containerd b382b6fe0bdbf7604c0a4f5c2089c0b159ad58b2 github.com/containerd/continuity d3c23511c1bf5851696cba83143d9cbcd666869b github.com/containerd/fifo 3d5202aec260678c48179c56f40e6f38a095738c -github.com/containerd/go-cni 5882530828ecf62032409b298a3e8b19e08b6534 +github.com/containerd/go-cni 5882530828ecf62032409b298a3e8b19e08b6534 github.com/containerd/go-runc f271fa2021de855d4d918dbef83c5fe19db1bdd5 -github.com/containerd/typeurl f6943554a7e7e88b3c14aad190bf05932da84788 +github.com/containerd/ttrpc 94dde388801693c54f88a6596f713b51a8b30b2d +github.com/containerd/typeurl a93fcdb778cd272c6e9b3028b2f42d813e785d40 github.com/containernetworking/cni v0.6.0 github.com/containernetworking/plugins v0.7.0 github.com/coreos/go-systemd 48702e0da86bd25e76cfef347e2adeb434a0d0a6 @@ -35,8 +36,8 @@ github.com/json-iterator/go f2b4162afba35581b6d4a50d3b8f34e33c144682 github.com/matttproud/golang_protobuf_extensions v1.0.0 github.com/Microsoft/go-winio v0.4.7 github.com/Microsoft/hcsshim v0.6.11 -github.com/modern-go/reflect2 05fbef0ca5da472bbf96c9322b84a53edc03c9fd github.com/modern-go/concurrent 1.0.3 +github.com/modern-go/reflect2 05fbef0ca5da472bbf96c9322b84a53edc03c9fd github.com/opencontainers/go-digest c9281466c8b2f606084ac71339773efd177436e7 github.com/opencontainers/image-spec v1.0.1 github.com/opencontainers/runc 69663f0bd4b60df09991c08812a60108003fa340 @@ -51,7 +52,6 @@ github.com/prometheus/common 89604d197083d4781071d3c65855d24ecfb0a563 github.com/prometheus/procfs cb4147076ac75738c9a7d279075a253c0cc5acbd github.com/seccomp/libseccomp-golang 32f571b70023028bd57d9288c20efbcb237f3ce0 github.com/sirupsen/logrus v1.0.0 -github.com/stevvooe/ttrpc d4528379866b0ce7e9d71f3eb96f0582fc374577 github.com/stretchr/testify v1.1.4 github.com/syndtr/gocapability db04d3cc01c8b54962a58ec7e491717d06cfcc16 github.com/tchap/go-patricia 5ad6cdb7538b0097d5598c7e57f0a24072adf7dc diff --git a/vendor/github.com/containerd/console/console_linux.go b/vendor/github.com/containerd/console/console_linux.go index efefcb1e6..42274e100 100644 --- a/vendor/github.com/containerd/console/console_linux.go +++ b/vendor/github.com/containerd/console/console_linux.go @@ -262,10 +262,14 @@ func (ec *EpollConsole) Shutdown(close func(int) error) error { // signalRead signals that the console is readable. func (ec *EpollConsole) signalRead() { + ec.readc.L.Lock() ec.readc.Signal() + ec.readc.L.Unlock() } // signalWrite signals that the console is writable. func (ec *EpollConsole) signalWrite() { + ec.writec.L.Lock() ec.writec.Signal() + ec.writec.L.Unlock() } diff --git a/vendor/github.com/containerd/containerd/cio/io.go b/vendor/github.com/containerd/containerd/cio/io.go index 2f9b5f103..10ad36ba8 100644 --- a/vendor/github.com/containerd/containerd/cio/io.go +++ b/vendor/github.com/containerd/containerd/cio/io.go @@ -255,3 +255,14 @@ func (l *logIO) Wait() { func (l *logIO) Close() error { return nil } + +// Load the io for a container but do not attach +// +// Allows io to be loaded on the task for deletion without +// starting copy routines +func Load(set *FIFOSet) (IO, error) { + return &cio{ + config: set.Config, + closers: []io.Closer{set}, + }, nil +} diff --git a/vendor/github.com/containerd/containerd/cmd/containerd/command/main.go b/vendor/github.com/containerd/containerd/cmd/containerd/command/main.go index 0c5d4adae..31a21f6c6 100644 --- a/vendor/github.com/containerd/containerd/cmd/containerd/command/main.go +++ b/vendor/github.com/containerd/containerd/cmd/containerd/command/main.go @@ -88,6 +88,7 @@ func App() *cli.App { app.Commands = []cli.Command{ configCommand, publishCommand, + ociHook, } app.Action = func(context *cli.Context) error { var ( diff --git a/vendor/github.com/containerd/containerd/cmd/containerd/command/oci-hook.go b/vendor/github.com/containerd/containerd/cmd/containerd/command/oci-hook.go new file mode 100644 index 000000000..1ddc2c7c0 --- /dev/null +++ b/vendor/github.com/containerd/containerd/cmd/containerd/command/oci-hook.go @@ -0,0 +1,136 @@ +/* + Copyright The containerd Authors. + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. +*/ + +package command + +import ( + "bytes" + "encoding/json" + "io" + "os" + "path/filepath" + "syscall" + "text/template" + + specs "github.com/opencontainers/runtime-spec/specs-go" + "github.com/urfave/cli" +) + +var ociHook = cli.Command{ + Name: "oci-hook", + Usage: "provides a base for OCI runtime hooks to allow arguments to be injected.", + Action: func(context *cli.Context) error { + state, err := loadHookState(os.Stdin) + if err != nil { + return err + } + var ( + ctx = newTemplateContext(state) + args = []string(context.Args()) + env = os.Environ() + ) + if err := newList(&args).render(ctx); err != nil { + return err + } + if err := newList(&env).render(ctx); err != nil { + return err + } + return syscall.Exec(args[0], args, env) + }, +} + +func loadHookState(r io.Reader) (*specs.State, error) { + var s specs.State + if err := json.NewDecoder(r).Decode(&s); err != nil { + return nil, err + } + return &s, nil +} + +func newTemplateContext(state *specs.State) *templateContext { + t := &templateContext{ + state: state, + } + t.funcs = template.FuncMap{ + "id": t.id, + "bundle": t.bundle, + "rootfs": t.rootfs, + "pid": t.pid, + "annotation": t.annotation, + "status": t.status, + } + return t +} + +type templateContext struct { + state *specs.State + funcs template.FuncMap +} + +func (t *templateContext) id() string { + return t.state.ID +} + +func (t *templateContext) bundle() string { + return t.state.Bundle +} + +func (t *templateContext) rootfs() string { + return filepath.Join(t.state.Bundle, "rootfs") +} + +func (t *templateContext) pid() int { + return t.state.Pid +} + +func (t *templateContext) annotation(k string) string { + return t.state.Annotations[k] +} + +func (t *templateContext) status() string { + return t.state.Status +} + +func render(ctx *templateContext, source string, out io.Writer) error { + t, err := template.New("oci-hook").Funcs(ctx.funcs).Parse(source) + if err != nil { + return err + } + return t.Execute(out, ctx) +} + +func newList(l *[]string) *templateList { + return &templateList{ + l: l, + } +} + +type templateList struct { + l *[]string +} + +func (l *templateList) render(ctx *templateContext) error { + buf := bytes.NewBuffer(nil) + for i, s := range *l.l { + buf.Reset() + if err := render(ctx, s, buf); err != nil { + return err + } + (*l.l)[i] = buf.String() + } + buf.Reset() + return nil +} diff --git a/vendor/github.com/containerd/containerd/cmd/ctr/commands/commands.go b/vendor/github.com/containerd/containerd/cmd/ctr/commands/commands.go index 1a0c3b6b3..1784e6a04 100644 --- a/vendor/github.com/containerd/containerd/cmd/ctr/commands/commands.go +++ b/vendor/github.com/containerd/containerd/cmd/ctr/commands/commands.go @@ -21,6 +21,7 @@ import ( "fmt" "os" "path/filepath" + "runtime" "strings" "github.com/containerd/containerd" @@ -63,6 +64,67 @@ var ( Usage: "refresh token for authorization server", }, } + + // ContainerFlags are cli flags specifying container options + ContainerFlags = []cli.Flag{ + cli.StringFlag{ + Name: "config,c", + Usage: "path to the runtime-specific spec config file", + }, + cli.StringFlag{ + Name: "checkpoint", + Usage: "provide the checkpoint digest to restore the container", + }, + cli.StringFlag{ + Name: "cwd", + Usage: "specify the working directory of the process", + }, + cli.StringSliceFlag{ + Name: "env", + Usage: "specify additional container environment variables (i.e. FOO=bar)", + }, + cli.StringSliceFlag{ + Name: "label", + Usage: "specify additional labels (i.e. foo=bar)", + }, + cli.StringSliceFlag{ + Name: "mount", + Usage: "specify additional container mount (ex: type=bind,src=/tmp,dst=/host,options=rbind:ro)", + }, + cli.BoolFlag{ + Name: "net-host", + Usage: "enable host networking for the container", + }, + cli.BoolFlag{ + Name: "privileged", + Usage: "run privileged container", + }, + cli.BoolFlag{ + Name: "read-only", + Usage: "set the containers filesystem as readonly", + }, + cli.StringFlag{ + Name: "runtime", + Usage: "runtime name (io.containerd.runtime.v1.linux, io.containerd.runtime.v1.windows, io.containerd.runtime.v1.com.vmware.linux)", + Value: fmt.Sprintf("io.containerd.runtime.v1.%s", runtime.GOOS), + }, + cli.BoolFlag{ + Name: "tty,t", + Usage: "allocate a TTY for the container", + }, + cli.StringSliceFlag{ + Name: "with-ns", + Usage: "specify existing Linux namespaces to join at container runtime (format ':')", + }, + cli.StringFlag{ + Name: "pid-file", + Usage: "file path to write the task's pid", + }, + cli.IntFlag{ + Name: "gpus", + Usage: "add gpus to the container", + }, + } ) // ObjectWithLabelArgs returns the first arg and a LabelArgs object diff --git a/vendor/github.com/containerd/containerd/cmd/ctr/commands/commands_unix.go b/vendor/github.com/containerd/containerd/cmd/ctr/commands/commands_unix.go new file mode 100644 index 000000000..a67fa8f6a --- /dev/null +++ b/vendor/github.com/containerd/containerd/cmd/ctr/commands/commands_unix.go @@ -0,0 +1,33 @@ +// +build !windows + +/* + Copyright The containerd Authors. + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. +*/ + +package commands + +import ( + "github.com/urfave/cli" +) + +func init() { + ContainerFlags = append(ContainerFlags, cli.BoolFlag{ + Name: "rootfs", + Usage: "use custom rootfs that is not managed by containerd snapshotter", + }, cli.BoolFlag{ + Name: "no-pivot", + Usage: "disable use of pivot-root (linux only)", + }) +} diff --git a/vendor/github.com/containerd/containerd/cmd/ctr/commands/containers/containers.go b/vendor/github.com/containerd/containerd/cmd/ctr/commands/containers/containers.go index 05d0d7e2f..ec49ff996 100644 --- a/vendor/github.com/containerd/containerd/cmd/ctr/commands/containers/containers.go +++ b/vendor/github.com/containerd/containerd/cmd/ctr/commands/containers/containers.go @@ -25,6 +25,7 @@ import ( "text/tabwriter" "github.com/containerd/containerd" + "github.com/containerd/containerd/cio" "github.com/containerd/containerd/cmd/ctr/commands" "github.com/containerd/containerd/cmd/ctr/commands/run" "github.com/containerd/containerd/log" @@ -49,7 +50,7 @@ var createCommand = cli.Command{ Name: "create", Usage: "create container", ArgsUsage: "[flags] Image|RootFS CONTAINER", - Flags: append(commands.SnapshotterFlags, run.ContainerFlags...), + Flags: append(commands.SnapshotterFlags, commands.ContainerFlags...), Action: func(context *cli.Context) error { var ( id = context.Args().Get(1) @@ -162,7 +163,6 @@ var deleteCommand = cli.Command{ log.G(ctx).WithError(err).Errorf("failed to delete container %q", arg) } } - return exitErr }, } @@ -172,7 +172,7 @@ func deleteContainer(ctx context.Context, client *containerd.Client, id string, if err != nil { return err } - task, err := container.Task(ctx, nil) + task, err := container.Task(ctx, cio.Load) if err != nil { return container.Delete(ctx, opts...) } diff --git a/vendor/github.com/containerd/containerd/cmd/ctr/commands/plugins/plugins.go b/vendor/github.com/containerd/containerd/cmd/ctr/commands/plugins/plugins.go index 93f3ffe7b..df29441c4 100644 --- a/vendor/github.com/containerd/containerd/cmd/ctr/commands/plugins/plugins.go +++ b/vendor/github.com/containerd/containerd/cmd/ctr/commands/plugins/plugins.go @@ -37,6 +37,15 @@ var Command = cli.Command{ Name: "plugins", Aliases: []string{"plugin"}, Usage: "provides information about containerd plugins", + Subcommands: []cli.Command{ + listCommand, + }, +} + +var listCommand = cli.Command{ + Name: "list", + Aliases: []string{"ls"}, + Usage: "lists containerd plugins", Flags: []cli.Flag{ cli.BoolFlag{ Name: "quiet,q", diff --git a/vendor/github.com/containerd/containerd/cmd/ctr/commands/run/run.go b/vendor/github.com/containerd/containerd/cmd/ctr/commands/run/run.go index 1daffd3a7..b63bb4890 100644 --- a/vendor/github.com/containerd/containerd/cmd/ctr/commands/run/run.go +++ b/vendor/github.com/containerd/containerd/cmd/ctr/commands/run/run.go @@ -22,7 +22,6 @@ import ( "encoding/json" "fmt" "io/ioutil" - "runtime" "strings" "github.com/containerd/console" @@ -38,63 +37,6 @@ import ( "github.com/urfave/cli" ) -// ContainerFlags are cli flags specifying container options -var ContainerFlags = []cli.Flag{ - cli.StringFlag{ - Name: "config,c", - Usage: "path to the runtime-specific spec config file", - }, - cli.StringFlag{ - Name: "checkpoint", - Usage: "provide the checkpoint digest to restore the container", - }, - cli.StringFlag{ - Name: "cwd", - Usage: "specify the working directory of the process", - }, - cli.StringSliceFlag{ - Name: "env", - Usage: "specify additional container environment variables (i.e. FOO=bar)", - }, - cli.StringSliceFlag{ - Name: "label", - Usage: "specify additional labels (i.e. foo=bar)", - }, - cli.StringSliceFlag{ - Name: "mount", - Usage: "specify additional container mount (ex: type=bind,src=/tmp,dst=/host,options=rbind:ro)", - }, - cli.BoolFlag{ - Name: "net-host", - Usage: "enable host networking for the container", - }, - cli.BoolFlag{ - Name: "privileged", - Usage: "run privileged container", - }, - cli.BoolFlag{ - Name: "read-only", - Usage: "set the containers filesystem as readonly", - }, - cli.StringFlag{ - Name: "runtime", - Usage: "runtime name (io.containerd.runtime.v1.linux, io.containerd.runtime.v1.windows, io.containerd.runtime.v1.com.vmware.linux)", - Value: fmt.Sprintf("io.containerd.runtime.v1.%s", runtime.GOOS), - }, - cli.BoolFlag{ - Name: "tty,t", - Usage: "allocate a TTY for the container", - }, - cli.StringSliceFlag{ - Name: "with-ns", - Usage: "specify existing Linux namespaces to join at container runtime (format ':')", - }, - cli.StringFlag{ - Name: "pid-file", - Usage: "file path to write the task's pid", - }, -} - func loadSpec(path string, s *specs.Spec) error { raw, err := ioutil.ReadFile(path) if err != nil { @@ -177,7 +119,7 @@ var Command = cli.Command{ Name: "fifo-dir", Usage: "directory used for storing IO FIFOs", }, - }, append(commands.SnapshotterFlags, ContainerFlags...)...), + }, append(commands.SnapshotterFlags, commands.ContainerFlags...)...), Action: func(context *cli.Context) error { var ( err error diff --git a/vendor/github.com/containerd/containerd/cmd/ctr/commands/run/run_unix.go b/vendor/github.com/containerd/containerd/cmd/ctr/commands/run/run_unix.go index 0a3a5db68..e2f730722 100644 --- a/vendor/github.com/containerd/containerd/cmd/ctr/commands/run/run_unix.go +++ b/vendor/github.com/containerd/containerd/cmd/ctr/commands/run/run_unix.go @@ -24,22 +24,13 @@ import ( "github.com/containerd/containerd" "github.com/containerd/containerd/cmd/ctr/commands" + "github.com/containerd/containerd/contrib/nvidia" "github.com/containerd/containerd/oci" specs "github.com/opencontainers/runtime-spec/specs-go" "github.com/pkg/errors" "github.com/urfave/cli" ) -func init() { - ContainerFlags = append(ContainerFlags, cli.BoolFlag{ - Name: "rootfs", - Usage: "use custom rootfs that is not managed by containerd snapshotter", - }, cli.BoolFlag{ - Name: "no-pivot", - Usage: "disable use of pivot-root (linux only)", - }) -} - // NewContainer creates a new container func NewContainer(ctx gocontext.Context, client *containerd.Client, context *cli.Context) (containerd.Container, error) { var ( @@ -123,6 +114,9 @@ func NewContainer(ctx gocontext.Context, client *containerd.Client, context *cli Path: parts[1], })) } + if context.IsSet("gpus") { + opts = append(opts, nvidia.WithGPUs(nvidia.WithDevices(context.Int("gpus")), nvidia.WithAllCapabilities)) + } if context.IsSet("config") { var s specs.Spec if err := loadSpec(context.String("config"), &s); err != nil { diff --git a/vendor/github.com/containerd/containerd/cmd/ctr/commands/shim/shim.go b/vendor/github.com/containerd/containerd/cmd/ctr/commands/shim/shim.go index e9e261bc3..793dc3c9e 100644 --- a/vendor/github.com/containerd/containerd/cmd/ctr/commands/shim/shim.go +++ b/vendor/github.com/containerd/containerd/cmd/ctr/commands/shim/shim.go @@ -26,13 +26,13 @@ import ( "github.com/containerd/console" "github.com/containerd/containerd/cmd/ctr/commands" - shim "github.com/containerd/containerd/runtime/linux/shim/v1" + shim "github.com/containerd/containerd/runtime/shim/v1" + "github.com/containerd/ttrpc" "github.com/containerd/typeurl" ptypes "github.com/gogo/protobuf/types" "github.com/opencontainers/runtime-spec/specs-go" "github.com/pkg/errors" "github.com/sirupsen/logrus" - "github.com/stevvooe/ttrpc" "github.com/urfave/cli" ) diff --git a/vendor/github.com/containerd/containerd/cmd/ctr/commands/tasks/delete.go b/vendor/github.com/containerd/containerd/cmd/ctr/commands/tasks/delete.go index 5543d5541..735369c15 100644 --- a/vendor/github.com/containerd/containerd/cmd/ctr/commands/tasks/delete.go +++ b/vendor/github.com/containerd/containerd/cmd/ctr/commands/tasks/delete.go @@ -18,6 +18,7 @@ package tasks import ( "github.com/containerd/containerd" + "github.com/containerd/containerd/cio" "github.com/containerd/containerd/cmd/ctr/commands" "github.com/urfave/cli" ) @@ -42,8 +43,7 @@ var deleteCommand = cli.Command{ if err != nil { return err } - - task, err := container.Task(ctx, nil) + task, err := container.Task(ctx, cio.Load) if err != nil { return err } diff --git a/vendor/github.com/containerd/containerd/container.go b/vendor/github.com/containerd/containerd/container.go index 001b16c74..23f6d4db6 100644 --- a/vendor/github.com/containerd/containerd/container.go +++ b/vendor/github.com/containerd/containerd/container.go @@ -307,6 +307,12 @@ func (c *container) get(ctx context.Context) (containers.Container, error) { // get the existing fifo paths from the task information stored by the daemon func attachExistingIO(response *tasks.GetResponse, ioAttach cio.Attach) (cio.IO, error) { + fifoSet := loadFifos(response) + return ioAttach(fifoSet) +} + +// loadFifos loads the containers fifos +func loadFifos(response *tasks.GetResponse) *cio.FIFOSet { path := getFifoDir([]string{ response.Process.Stdin, response.Process.Stdout, @@ -315,13 +321,12 @@ func attachExistingIO(response *tasks.GetResponse, ioAttach cio.Attach) (cio.IO, closer := func() error { return os.RemoveAll(path) } - fifoSet := cio.NewFIFOSet(cio.Config{ + return cio.NewFIFOSet(cio.Config{ Stdin: response.Process.Stdin, Stdout: response.Process.Stdout, Stderr: response.Process.Stderr, Terminal: response.Process.Terminal, }, closer) - return ioAttach(fifoSet) } // getFifoDir looks for any non-empty path for a stdio fifo diff --git a/vendor/github.com/containerd/containerd/contrib/nvidia/nvidia.go b/vendor/github.com/containerd/containerd/contrib/nvidia/nvidia.go new file mode 100644 index 000000000..296d85b64 --- /dev/null +++ b/vendor/github.com/containerd/containerd/contrib/nvidia/nvidia.go @@ -0,0 +1,185 @@ +/* + Copyright The containerd Authors. + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. +*/ + +package nvidia + +import ( + "context" + "fmt" + "os" + "os/exec" + "strconv" + "strings" + + "github.com/containerd/containerd/containers" + "github.com/containerd/containerd/oci" + specs "github.com/opencontainers/runtime-spec/specs-go" +) + +const nvidiaCLI = "nvidia-container-cli" + +// Capability specifies capabilities for the gpu inside the container +// Detailed explaination of options can be found: +// https://github.com/nvidia/nvidia-container-runtime#supported-driver-capabilities +type Capability int + +const ( + // Compute capability + Compute Capability = iota + 1 + // Compat32 capability + Compat32 + // Graphics capability + Graphics + // Utility capability + Utility + // Video capability + Video + // Display capability + Display +) + +// WithGPUs adds NVIDIA gpu support to a container +func WithGPUs(opts ...Opts) oci.SpecOpts { + return func(_ context.Context, _ oci.Client, _ *containers.Container, s *specs.Spec) error { + c := &config{} + for _, o := range opts { + if err := o(c); err != nil { + return err + } + } + path, err := exec.LookPath("containerd") + if err != nil { + return err + } + nvidiaPath, err := exec.LookPath(nvidiaCLI) + if err != nil { + return err + } + if s.Hooks == nil { + s.Hooks = &specs.Hooks{} + } + s.Hooks.Prestart = append(s.Hooks.Prestart, specs.Hook{ + Path: path, + Args: append([]string{ + "containerd", + "oci-hook", + "--", + nvidiaPath, + }, c.args()...), + Env: os.Environ(), + }) + return nil + } +} + +type config struct { + Devices []int + DeviceUUID string + Capabilities []Capability + LoadKmods bool + LDCache string + LDConfig string + Requirements []string +} + +func (c *config) args() []string { + var args []string + + if c.LoadKmods { + args = append(args, "--load-kmods") + } + if c.LDCache != "" { + args = append(args, fmt.Sprintf("--ldcache=%s", c.LDCache)) + } + args = append(args, + "configure", + ) + if len(c.Devices) > 0 { + args = append(args, fmt.Sprintf("--device=%s", strings.Join(toStrings(c.Devices), ","))) + } + if c.DeviceUUID != "" { + args = append(args, fmt.Sprintf("--device=%s", c.DeviceUUID)) + } + for _, c := range c.Capabilities { + args = append(args, fmt.Sprintf("--%s", capFlags[c])) + } + if c.LDConfig != "" { + args = append(args, fmt.Sprintf("--ldconfig=%s", c.LDConfig)) + } + for _, r := range c.Requirements { + args = append(args, fmt.Sprintf("--require=%s", r)) + } + args = append(args, "--pid={{pid}}", "{{rootfs}}") + return args +} + +var capFlags = map[Capability]string{ + Compute: "compute", + Compat32: "compat32", + Graphics: "graphics", + Utility: "utility", + Video: "video", + Display: "display", +} + +func toStrings(ints []int) []string { + var s []string + for _, i := range ints { + s = append(s, strconv.Itoa(i)) + } + return s +} + +// Opts are options for configuring gpu support +type Opts func(*config) error + +// WithDevices adds the provided device indexes to the container +func WithDevices(ids ...int) Opts { + return func(c *config) error { + c.Devices = ids + return nil + } +} + +// WithDeviceUUID adds the specific device UUID to the container +func WithDeviceUUID(guid string) Opts { + return func(c *config) error { + c.DeviceUUID = guid + return nil + } +} + +// WithAllDevices adds all gpus to the container +func WithAllDevices(c *config) error { + c.DeviceUUID = "all" + return nil +} + +// WithAllCapabilities adds all capabilities to the container for the gpus +func WithAllCapabilities(c *config) error { + for k := range capFlags { + c.Capabilities = append(c.Capabilities, k) + } + return nil +} + +// WithRequiredCUDAVersion sets the required cuda version +func WithRequiredCUDAVersion(major, minor int) Opts { + return func(c *config) error { + c.Requirements = append(c.Requirements, fmt.Sprintf("cuda>=%d.%d", major, minor)) + return nil + } +} diff --git a/vendor/github.com/containerd/containerd/images/image.go b/vendor/github.com/containerd/containerd/images/image.go index 35eda26bd..a96597c26 100644 --- a/vendor/github.com/containerd/containerd/images/image.go +++ b/vendor/github.com/containerd/containerd/images/image.go @@ -129,11 +129,14 @@ func (image *Image) Size(ctx context.Context, provider content.Provider, platfor // this direction because this abstraction is not needed.` func Manifest(ctx context.Context, provider content.Provider, image ocispec.Descriptor, platform string) (ocispec.Manifest, error) { var ( - matcher platforms.Matcher - m *ocispec.Manifest + matcher platforms.Matcher + m *ocispec.Manifest + p ocispec.Platform + wasIndex bool ) if platform != "" { - p, err := platforms.Parse(platform) + var err error + p, err = platforms.Parse(platform) if err != nil { return ocispec.Manifest{}, err } @@ -201,6 +204,8 @@ func Manifest(ctx context.Context, provider content.Provider, image ocispec.Desc } } + wasIndex = true + return descs, nil } @@ -210,7 +215,11 @@ func Manifest(ctx context.Context, provider content.Provider, image ocispec.Desc } if m == nil { - return ocispec.Manifest{}, errors.Wrapf(errdefs.ErrNotFound, "manifest %v", image.Digest) + err := errors.Wrapf(errdefs.ErrNotFound, "manifest %v", image.Digest) + if wasIndex { + err = errors.Wrapf(errdefs.ErrNotFound, "no match for current platform %s in manifest %v", platforms.Format(p), image.Digest) + } + return ocispec.Manifest{}, err } return *m, nil diff --git a/vendor/github.com/containerd/containerd/oci/spec_unix.go b/vendor/github.com/containerd/containerd/oci/spec_unix.go index f791c357f..f8d8524dd 100644 --- a/vendor/github.com/containerd/containerd/oci/spec_unix.go +++ b/vendor/github.com/containerd/containerd/oci/spec_unix.go @@ -153,7 +153,9 @@ func createDefaultSpec(ctx context.Context, id string) (*Spec, error) { }, Linux: &specs.Linux{ MaskedPaths: []string{ + "/proc/acpi", "/proc/kcore", + "/proc/keys", "/proc/latency_stats", "/proc/timer_list", "/proc/timer_stats", diff --git a/vendor/github.com/containerd/containerd/platforms/database.go b/vendor/github.com/containerd/containerd/platforms/database.go index df9cc2392..8e85448ed 100644 --- a/vendor/github.com/containerd/containerd/platforms/database.go +++ b/vendor/github.com/containerd/containerd/platforms/database.go @@ -89,18 +89,21 @@ func normalizeArch(arch, variant string) (string, string) { case "x86_64", "x86-64": arch = "amd64" variant = "" - case "aarch64": + case "aarch64", "arm64": arch = "arm64" - variant = "" // v8 is implied + switch variant { + case "8", "v8": + variant = "" + } case "armhf": arch = "arm" - variant = "" + variant = "v7" case "armel": arch = "arm" variant = "v6" case "arm": switch variant { - case "v7", "7": + case "", "7": variant = "v7" case "5", "6", "8": variant = "v" + variant diff --git a/vendor/github.com/containerd/containerd/platforms/platforms.go b/vendor/github.com/containerd/containerd/platforms/platforms.go index 1f91ed288..29b7ad6b5 100644 --- a/vendor/github.com/containerd/containerd/platforms/platforms.go +++ b/vendor/github.com/containerd/containerd/platforms/platforms.go @@ -135,7 +135,7 @@ type Matcher interface { // Applications should opt to use `Match` over directly parsing specifiers. func NewMatcher(platform specs.Platform) Matcher { return &matcher{ - Platform: platform, + Platform: Normalize(platform), } } @@ -197,6 +197,9 @@ func Parse(specifier string) (specs.Platform, error) { } p.Architecture, p.Variant = normalizeArch(parts[0], "") + if p.Architecture == "arm" && p.Variant == "v7" { + p.Variant = "" + } if isKnownArch(p.Architecture) { p.OS = runtime.GOOS return p, nil @@ -208,12 +211,18 @@ func Parse(specifier string) (specs.Platform, error) { // about whether or not we know of the platform. p.OS = normalizeOS(parts[0]) p.Architecture, p.Variant = normalizeArch(parts[1], "") + if p.Architecture == "arm" && p.Variant == "v7" { + p.Variant = "" + } return p, nil case 3: // we have a fully specified variant, this is rare p.OS = normalizeOS(parts[0]) p.Architecture, p.Variant = normalizeArch(parts[1], parts[2]) + if p.Architecture == "arm64" && p.Variant == "" { + p.Variant = "v8" + } return p, nil } diff --git a/vendor/github.com/containerd/containerd/remotes/docker/pusher.go b/vendor/github.com/containerd/containerd/remotes/docker/pusher.go index e2caf7028..c3c0923f0 100644 --- a/vendor/github.com/containerd/containerd/remotes/docker/pusher.go +++ b/vendor/github.com/containerd/containerd/remotes/docker/pusher.go @@ -155,9 +155,18 @@ func (p dockerPusher) Push(ctx context.Context, desc ocispec.Descriptor) (conten location := resp.Header.Get("Location") // Support paths without host in location if strings.HasPrefix(location, "/") { - u := p.base - u.Path = location - location = u.String() + // Support location string containing path and query + qmIndex := strings.Index(location, "?") + if qmIndex > 0 { + u := p.base + u.Path = location[:qmIndex] + u.RawQuery = location[qmIndex+1:] + location = u.String() + } else { + u := p.base + u.Path = location + location = u.String() + } } req, err = http.NewRequest(http.MethodPut, location, nil) diff --git a/vendor/github.com/containerd/containerd/remotes/docker/resolver.go b/vendor/github.com/containerd/containerd/remotes/docker/resolver.go index eca02d532..f0a677c83 100644 --- a/vendor/github.com/containerd/containerd/remotes/docker/resolver.go +++ b/vendor/github.com/containerd/containerd/remotes/docker/resolver.go @@ -53,6 +53,7 @@ var ( type dockerResolver struct { credentials func(string) (string, string, error) + host func(string) (string, error) plainHTTP bool client *http.Client tracker StatusTracker @@ -65,6 +66,9 @@ type ResolverOptions struct { // is interpretted as a long lived token. Credentials func(string) (string, string, error) + // Host provides the hostname given a namespace. + Host func(string) (string, error) + // PlainHTTP specifies to use plain http and not https PlainHTTP bool @@ -77,14 +81,27 @@ type ResolverOptions struct { Tracker StatusTracker } +// DefaultHost is the default host function. +func DefaultHost(ns string) (string, error) { + if ns == "docker.io" { + return "registry-1.docker.io", nil + } + return ns, nil +} + // NewResolver returns a new resolver to a Docker registry func NewResolver(options ResolverOptions) remotes.Resolver { tracker := options.Tracker if tracker == nil { tracker = NewInMemoryTracker() } + host := options.Host + if host == nil { + host = DefaultHost + } return &dockerResolver{ credentials: options.Credentials, + host: host, plainHTTP: options.PlainHTTP, client: options.Client, tracker: tracker, @@ -270,18 +287,19 @@ func (r *dockerResolver) base(refspec reference.Spec) (*dockerBase, error) { ) host := refspec.Hostname() - base.Scheme = "https" - - if host == "docker.io" { - base.Host = "registry-1.docker.io" - } else { - base.Host = host - - if r.plainHTTP || strings.HasPrefix(host, "localhost:") { - base.Scheme = "http" + base.Host = host + if r.host != nil { + base.Host, err = r.host(host) + if err != nil { + return nil, err } } + base.Scheme = "https" + if r.plainHTTP || strings.HasPrefix(base.Host, "localhost:") { + base.Scheme = "http" + } + if r.credentials != nil { username, secret, err = r.credentials(base.Host) if err != nil { diff --git a/vendor/github.com/containerd/containerd/remotes/docker/schema1/converter.go b/vendor/github.com/containerd/containerd/remotes/docker/schema1/converter.go index c6261c5df..cf1137fc3 100644 --- a/vendor/github.com/containerd/containerd/remotes/docker/schema1/converter.go +++ b/vendor/github.com/containerd/containerd/remotes/docker/schema1/converter.go @@ -257,15 +257,15 @@ func (c *Converter) fetchBlob(ctx context.Context, desc ocispec.Descriptor) erro var ( ref = remotes.MakeRefKey(ctx, desc) calc = newBlobStateCalculator() - size = desc.Size ) // size may be unknown, set to zero for content ingest - if size == -1 { - size = 0 + ingestDesc := desc + if ingestDesc.Size == -1 { + ingestDesc.Size = 0 } - cw, err := content.OpenWriter(ctx, c.contentStore, content.WithRef(ref), content.WithDescriptor(desc)) + cw, err := content.OpenWriter(ctx, c.contentStore, content.WithRef(ref), content.WithDescriptor(ingestDesc)) if err != nil { if !errdefs.IsAlreadyExists(err) { return err @@ -317,7 +317,7 @@ func (c *Converter) fetchBlob(ctx context.Context, desc ocispec.Descriptor) erro eg.Go(func() error { defer pw.Close() - return content.Copy(ctx, cw, io.TeeReader(rc, pw), size, desc.Digest) + return content.Copy(ctx, cw, io.TeeReader(rc, pw), ingestDesc.Size, ingestDesc.Digest) }) if err := eg.Wait(); err != nil { diff --git a/vendor/github.com/containerd/containerd/runtime/linux/bundle.go b/vendor/github.com/containerd/containerd/runtime/linux/bundle.go index 8aef5a97a..990309280 100644 --- a/vendor/github.com/containerd/containerd/runtime/linux/bundle.go +++ b/vendor/github.com/containerd/containerd/runtime/linux/bundle.go @@ -26,8 +26,8 @@ import ( "github.com/containerd/containerd/events/exchange" "github.com/containerd/containerd/runtime/linux/runctypes" - "github.com/containerd/containerd/runtime/linux/shim" - "github.com/containerd/containerd/runtime/linux/shim/client" + "github.com/containerd/containerd/runtime/shim" + "github.com/containerd/containerd/runtime/shim/client" "github.com/pkg/errors" ) diff --git a/vendor/github.com/containerd/containerd/runtime/linux/proc/deleted_state.go b/vendor/github.com/containerd/containerd/runtime/linux/proc/deleted_state.go index 87a3fd0c0..ab89c3ecb 100644 --- a/vendor/github.com/containerd/containerd/runtime/linux/proc/deleted_state.go +++ b/vendor/github.com/containerd/containerd/runtime/linux/proc/deleted_state.go @@ -22,6 +22,7 @@ import ( "context" "github.com/containerd/console" + "github.com/containerd/containerd/runtime/proc" google_protobuf "github.com/gogo/protobuf/types" "github.com/pkg/errors" ) @@ -65,6 +66,6 @@ func (s *deletedState) SetExited(status int) { // no op } -func (s *deletedState) Exec(ctx context.Context, path string, r *ExecConfig) (Process, error) { +func (s *deletedState) Exec(ctx context.Context, path string, r *ExecConfig) (proc.Process, error) { return nil, errors.Errorf("cannot exec in a deleted state") } diff --git a/vendor/github.com/containerd/containerd/runtime/linux/proc/exec.go b/vendor/github.com/containerd/containerd/runtime/linux/proc/exec.go index 5fa667ae6..337db1b74 100644 --- a/vendor/github.com/containerd/containerd/runtime/linux/proc/exec.go +++ b/vendor/github.com/containerd/containerd/runtime/linux/proc/exec.go @@ -31,6 +31,7 @@ import ( "golang.org/x/sys/unix" "github.com/containerd/console" + "github.com/containerd/containerd/runtime/proc" "github.com/containerd/fifo" runc "github.com/containerd/go-runc" specs "github.com/opencontainers/runtime-spec/specs-go" @@ -40,7 +41,7 @@ import ( type execProcess struct { wg sync.WaitGroup - State + proc.State mu sync.Mutex id string @@ -51,7 +52,7 @@ type execProcess struct { pid int closers []io.Closer stdin io.Closer - stdio Stdio + stdio proc.Stdio path string spec specs.Process @@ -127,7 +128,7 @@ func (e *execProcess) Stdin() io.Closer { return e.stdin } -func (e *execProcess) Stdio() Stdio { +func (e *execProcess) Stdio() proc.Stdio { return e.stdio } diff --git a/vendor/github.com/containerd/containerd/runtime/linux/proc/init.go b/vendor/github.com/containerd/containerd/runtime/linux/proc/init.go index ed7f9066d..c538b7937 100644 --- a/vendor/github.com/containerd/containerd/runtime/linux/proc/init.go +++ b/vendor/github.com/containerd/containerd/runtime/linux/proc/init.go @@ -34,6 +34,7 @@ import ( "github.com/containerd/containerd/log" "github.com/containerd/containerd/mount" "github.com/containerd/containerd/runtime/linux/runctypes" + "github.com/containerd/containerd/runtime/proc" "github.com/containerd/fifo" runc "github.com/containerd/go-runc" "github.com/containerd/typeurl" @@ -63,7 +64,7 @@ type Init struct { id string bundle string console console.Console - platform Platform + platform proc.Platform io runc.IO runtime *runc.Runc status int @@ -71,7 +72,7 @@ type Init struct { pid int closers []io.Closer stdin io.Closer - stdio Stdio + stdio proc.Stdio rootfs string IoUID int IoGID int @@ -94,7 +95,7 @@ func NewRunc(root, path, namespace, runtime, criu string, systemd bool) *runc.Ru } // New returns a new init process -func New(context context.Context, path, workDir, runtimeRoot, namespace, criu string, systemdCgroup bool, platform Platform, r *CreateConfig) (*Init, error) { +func New(context context.Context, path, workDir, runtimeRoot, namespace, criu string, systemdCgroup bool, platform proc.Platform, r *CreateConfig) (*Init, error) { var success bool var options runctypes.CreateOptions @@ -134,7 +135,7 @@ func New(context context.Context, path, workDir, runtimeRoot, namespace, criu st bundle: r.Bundle, runtime: runtime, platform: platform, - stdio: Stdio{ + stdio: proc.Stdio{ Stdin: r.Stdin, Stdout: r.Stdout, Stderr: r.Stderr, @@ -363,7 +364,7 @@ func (p *Init) Runtime() *runc.Runc { } // exec returns a new exec'd process -func (p *Init) exec(context context.Context, path string, r *ExecConfig) (Process, error) { +func (p *Init) exec(context context.Context, path string, r *ExecConfig) (proc.Process, error) { // process exec request var spec specs.Process if err := json.Unmarshal(r.Spec.Value, &spec); err != nil { @@ -376,7 +377,7 @@ func (p *Init) exec(context context.Context, path string, r *ExecConfig) (Proces path: path, parent: p, spec: spec, - stdio: Stdio{ + stdio: proc.Stdio{ Stdin: r.Stdin, Stdout: r.Stdout, Stderr: r.Stderr, @@ -430,7 +431,7 @@ func (p *Init) update(context context.Context, r *google_protobuf.Any) error { } // Stdio of the process -func (p *Init) Stdio() Stdio { +func (p *Init) Stdio() proc.Stdio { return p.stdio } diff --git a/vendor/github.com/containerd/containerd/runtime/linux/proc/init_state.go b/vendor/github.com/containerd/containerd/runtime/linux/proc/init_state.go index 0cbdc7ac1..55c0f0559 100644 --- a/vendor/github.com/containerd/containerd/runtime/linux/proc/init_state.go +++ b/vendor/github.com/containerd/containerd/runtime/linux/proc/init_state.go @@ -25,6 +25,7 @@ import ( "github.com/containerd/console" "github.com/containerd/containerd/errdefs" + "github.com/containerd/containerd/runtime/proc" "github.com/containerd/fifo" runc "github.com/containerd/go-runc" google_protobuf "github.com/gogo/protobuf/types" @@ -32,13 +33,13 @@ import ( ) type initState interface { - State + proc.State Pause(context.Context) error Resume(context.Context) error Update(context.Context, *google_protobuf.Any) error Checkpoint(context.Context, *CheckpointConfig) error - Exec(context.Context, string, *ExecConfig) (Process, error) + Exec(context.Context, string, *ExecConfig) (proc.Process, error) } type createdState struct { @@ -130,7 +131,7 @@ func (s *createdState) SetExited(status int) { } } -func (s *createdState) Exec(ctx context.Context, path string, r *ExecConfig) (Process, error) { +func (s *createdState) Exec(ctx context.Context, path string, r *ExecConfig) (proc.Process, error) { s.p.mu.Lock() defer s.p.mu.Unlock() return s.p.exec(ctx, path, r) @@ -272,7 +273,7 @@ func (s *createdCheckpointState) SetExited(status int) { } } -func (s *createdCheckpointState) Exec(ctx context.Context, path string, r *ExecConfig) (Process, error) { +func (s *createdCheckpointState) Exec(ctx context.Context, path string, r *ExecConfig) (proc.Process, error) { s.p.mu.Lock() defer s.p.mu.Unlock() @@ -364,7 +365,7 @@ func (s *runningState) SetExited(status int) { } } -func (s *runningState) Exec(ctx context.Context, path string, r *ExecConfig) (Process, error) { +func (s *runningState) Exec(ctx context.Context, path string, r *ExecConfig) (proc.Process, error) { s.p.mu.Lock() defer s.p.mu.Unlock() return s.p.exec(ctx, path, r) @@ -456,7 +457,7 @@ func (s *pausedState) SetExited(status int) { } } -func (s *pausedState) Exec(ctx context.Context, path string, r *ExecConfig) (Process, error) { +func (s *pausedState) Exec(ctx context.Context, path string, r *ExecConfig) (proc.Process, error) { s.p.mu.Lock() defer s.p.mu.Unlock() @@ -536,7 +537,7 @@ func (s *stoppedState) SetExited(status int) { // no op } -func (s *stoppedState) Exec(ctx context.Context, path string, r *ExecConfig) (Process, error) { +func (s *stoppedState) Exec(ctx context.Context, path string, r *ExecConfig) (proc.Process, error) { s.p.mu.Lock() defer s.p.mu.Unlock() diff --git a/vendor/github.com/containerd/containerd/runtime/linux/proc/process.go b/vendor/github.com/containerd/containerd/runtime/linux/proc/process.go index 135f9962b..53252ec60 100644 --- a/vendor/github.com/containerd/containerd/runtime/linux/proc/process.go +++ b/vendor/github.com/containerd/containerd/runtime/linux/proc/process.go @@ -19,66 +19,12 @@ package proc import ( - "context" - "io" - "sync" - "time" - - "github.com/containerd/console" "github.com/pkg/errors" ) // RuncRoot is the path to the root runc state directory const RuncRoot = "/run/containerd/runc" -// Stdio of a process -type Stdio struct { - Stdin string - Stdout string - Stderr string - Terminal bool -} - -// IsNull returns true if the stdio is not defined -func (s Stdio) IsNull() bool { - return s.Stdin == "" && s.Stdout == "" && s.Stderr == "" -} - -// Process on a linux system -type Process interface { - State - // ID returns the id for the process - ID() string - // Pid returns the pid for the process - Pid() int - // ExitStatus returns the exit status - ExitStatus() int - // ExitedAt is the time the process exited - ExitedAt() time.Time - // Stdin returns the process STDIN - Stdin() io.Closer - // Stdio returns io information for the container - Stdio() Stdio - // Status returns the process status - Status(context.Context) (string, error) - // Wait blocks until the process has exited - Wait() -} - -// State of a process -type State interface { - // Resize resizes the process console - Resize(ws console.WinSize) error - // Start execution of the process - Start(context.Context) error - // Delete deletes the process and its resourcess - Delete(context.Context) error - // Kill kills the process - Kill(context.Context, uint32, bool) error - // SetExited sets the exit status for the process - SetExited(status int) -} - func stateName(v interface{}) string { switch v.(type) { case *runningState, *execRunningState: @@ -94,12 +40,3 @@ func stateName(v interface{}) string { } panic(errors.Errorf("invalid state %v", v)) } - -// Platform handles platform-specific behavior that may differs across -// platform implementations -type Platform interface { - CopyConsole(ctx context.Context, console console.Console, stdin, stdout, stderr string, - wg, cwg *sync.WaitGroup) (console.Console, error) - ShutdownConsole(ctx context.Context, console console.Console) error - Close() error -} diff --git a/vendor/github.com/containerd/containerd/runtime/linux/process.go b/vendor/github.com/containerd/containerd/runtime/linux/process.go index bb81dbccf..02cccd206 100644 --- a/vendor/github.com/containerd/containerd/runtime/linux/process.go +++ b/vendor/github.com/containerd/containerd/runtime/linux/process.go @@ -25,9 +25,9 @@ import ( "github.com/containerd/containerd/api/types/task" "github.com/containerd/containerd/errdefs" "github.com/containerd/containerd/runtime" - shim "github.com/containerd/containerd/runtime/linux/shim/v1" + shim "github.com/containerd/containerd/runtime/shim/v1" + "github.com/containerd/ttrpc" "github.com/pkg/errors" - "github.com/stevvooe/ttrpc" ) // Process implements a linux process diff --git a/vendor/github.com/containerd/containerd/runtime/linux/runtime.go b/vendor/github.com/containerd/containerd/runtime/linux/runtime.go index 5bbd173c6..5dcbca56e 100644 --- a/vendor/github.com/containerd/containerd/runtime/linux/runtime.go +++ b/vendor/github.com/containerd/containerd/runtime/linux/runtime.go @@ -42,7 +42,7 @@ import ( "github.com/containerd/containerd/runtime" "github.com/containerd/containerd/runtime/linux/proc" "github.com/containerd/containerd/runtime/linux/runctypes" - shim "github.com/containerd/containerd/runtime/linux/shim/v1" + shim "github.com/containerd/containerd/runtime/shim/v1" runc "github.com/containerd/go-runc" "github.com/containerd/typeurl" ptypes "github.com/gogo/protobuf/types" diff --git a/vendor/github.com/containerd/containerd/runtime/linux/task.go b/vendor/github.com/containerd/containerd/runtime/linux/task.go index bb5d8c0de..43c93eaba 100644 --- a/vendor/github.com/containerd/containerd/runtime/linux/task.go +++ b/vendor/github.com/containerd/containerd/runtime/linux/task.go @@ -29,12 +29,12 @@ import ( "github.com/containerd/containerd/events/exchange" "github.com/containerd/containerd/identifiers" "github.com/containerd/containerd/runtime" - "github.com/containerd/containerd/runtime/linux/shim/client" - shim "github.com/containerd/containerd/runtime/linux/shim/v1" + "github.com/containerd/containerd/runtime/shim/client" + shim "github.com/containerd/containerd/runtime/shim/v1" runc "github.com/containerd/go-runc" + "github.com/containerd/ttrpc" "github.com/gogo/protobuf/types" "github.com/pkg/errors" - "github.com/stevvooe/ttrpc" ) // Task on a linux based system diff --git a/vendor/github.com/containerd/containerd/runtime/proc/proc.go b/vendor/github.com/containerd/containerd/runtime/proc/proc.go new file mode 100644 index 000000000..02bc9bda8 --- /dev/null +++ b/vendor/github.com/containerd/containerd/runtime/proc/proc.go @@ -0,0 +1,83 @@ +/* + Copyright The containerd Authors. + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. +*/ + +package proc + +import ( + "context" + "io" + "sync" + "time" + + "github.com/containerd/console" +) + +// Stdio of a process +type Stdio struct { + Stdin string + Stdout string + Stderr string + Terminal bool +} + +// IsNull returns true if the stdio is not defined +func (s Stdio) IsNull() bool { + return s.Stdin == "" && s.Stdout == "" && s.Stderr == "" +} + +// Process on a system +type Process interface { + State + // ID returns the id for the process + ID() string + // Pid returns the pid for the process + Pid() int + // ExitStatus returns the exit status + ExitStatus() int + // ExitedAt is the time the process exited + ExitedAt() time.Time + // Stdin returns the process STDIN + Stdin() io.Closer + // Stdio returns io information for the container + Stdio() Stdio + // Status returns the process status + Status(context.Context) (string, error) + // Wait blocks until the process has exited + Wait() +} + +// State of a process +type State interface { + // Resize resizes the process console + Resize(ws console.WinSize) error + // Start execution of the process + Start(context.Context) error + // Delete deletes the process and its resourcess + Delete(context.Context) error + // Kill kills the process + Kill(context.Context, uint32, bool) error + // SetExited sets the exit status for the process + SetExited(status int) +} + +// Platform handles platform-specific behavior that may differs across +// platform implementations +type Platform interface { + CopyConsole(ctx context.Context, console console.Console, stdin, stdout, stderr string, + wg, cwg *sync.WaitGroup) (console.Console, error) + ShutdownConsole(ctx context.Context, console console.Console) error + Close() error +} diff --git a/vendor/github.com/containerd/containerd/runtime/linux/shim/client/client.go b/vendor/github.com/containerd/containerd/runtime/shim/client/client.go similarity index 97% rename from vendor/github.com/containerd/containerd/runtime/linux/shim/client/client.go rename to vendor/github.com/containerd/containerd/runtime/shim/client/client.go index c69cca362..009ccc939 100644 --- a/vendor/github.com/containerd/containerd/runtime/linux/shim/client/client.go +++ b/vendor/github.com/containerd/containerd/runtime/shim/client/client.go @@ -31,14 +31,14 @@ import ( "golang.org/x/sys/unix" + "github.com/containerd/ttrpc" "github.com/pkg/errors" "github.com/sirupsen/logrus" - "github.com/stevvooe/ttrpc" "github.com/containerd/containerd/events" "github.com/containerd/containerd/log" - "github.com/containerd/containerd/runtime/linux/shim" - shimapi "github.com/containerd/containerd/runtime/linux/shim/v1" + "github.com/containerd/containerd/runtime/shim" + shimapi "github.com/containerd/containerd/runtime/shim/v1" "github.com/containerd/containerd/sys" ptypes "github.com/gogo/protobuf/types" ) @@ -136,6 +136,7 @@ func newCommand(binary, daemonAddress string, debug bool, config shim.Config, so // will be mounted by the shim cmd.SysProcAttr = getSysProcAttr() cmd.ExtraFiles = append(cmd.ExtraFiles, socket) + cmd.Env = append(os.Environ(), "GOMAXPROCS=2") if debug { cmd.Stdout = os.Stdout cmd.Stderr = os.Stderr diff --git a/vendor/github.com/containerd/containerd/runtime/linux/shim/client/client_linux.go b/vendor/github.com/containerd/containerd/runtime/shim/client/client_linux.go similarity index 100% rename from vendor/github.com/containerd/containerd/runtime/linux/shim/client/client_linux.go rename to vendor/github.com/containerd/containerd/runtime/shim/client/client_linux.go diff --git a/vendor/github.com/containerd/containerd/runtime/linux/shim/client/client_unix.go b/vendor/github.com/containerd/containerd/runtime/shim/client/client_unix.go similarity index 100% rename from vendor/github.com/containerd/containerd/runtime/linux/shim/client/client_unix.go rename to vendor/github.com/containerd/containerd/runtime/shim/client/client_unix.go diff --git a/vendor/github.com/containerd/containerd/runtime/linux/shim/local.go b/vendor/github.com/containerd/containerd/runtime/shim/local.go similarity index 98% rename from vendor/github.com/containerd/containerd/runtime/linux/shim/local.go rename to vendor/github.com/containerd/containerd/runtime/shim/local.go index 7f2a6d0ef..8206b869c 100644 --- a/vendor/github.com/containerd/containerd/runtime/linux/shim/local.go +++ b/vendor/github.com/containerd/containerd/runtime/shim/local.go @@ -23,7 +23,7 @@ import ( "path/filepath" "github.com/containerd/containerd/mount" - shimapi "github.com/containerd/containerd/runtime/linux/shim/v1" + shimapi "github.com/containerd/containerd/runtime/shim/v1" ptypes "github.com/gogo/protobuf/types" ) diff --git a/vendor/github.com/containerd/containerd/runtime/linux/shim/reaper.go b/vendor/github.com/containerd/containerd/runtime/shim/reaper.go similarity index 100% rename from vendor/github.com/containerd/containerd/runtime/linux/shim/reaper.go rename to vendor/github.com/containerd/containerd/runtime/shim/reaper.go diff --git a/vendor/github.com/containerd/containerd/runtime/linux/shim/service.go b/vendor/github.com/containerd/containerd/runtime/shim/service.go similarity index 98% rename from vendor/github.com/containerd/containerd/runtime/linux/shim/service.go rename to vendor/github.com/containerd/containerd/runtime/shim/service.go index 7e2e5365c..379e5cf5b 100644 --- a/vendor/github.com/containerd/containerd/runtime/linux/shim/service.go +++ b/vendor/github.com/containerd/containerd/runtime/shim/service.go @@ -34,7 +34,8 @@ import ( "github.com/containerd/containerd/runtime" "github.com/containerd/containerd/runtime/linux/proc" "github.com/containerd/containerd/runtime/linux/runctypes" - shimapi "github.com/containerd/containerd/runtime/linux/shim/v1" + rproc "github.com/containerd/containerd/runtime/proc" + shimapi "github.com/containerd/containerd/runtime/shim/v1" runc "github.com/containerd/go-runc" "github.com/containerd/typeurl" ptypes "github.com/gogo/protobuf/types" @@ -78,7 +79,7 @@ func NewService(config Config, publisher events.Publisher) (*Service, error) { s := &Service{ config: config, context: ctx, - processes: make(map[string]proc.Process), + processes: make(map[string]rproc.Process), events: make(chan interface{}, 128), ec: Default.Subscribe(), } @@ -96,9 +97,9 @@ type Service struct { config Config context context.Context - processes map[string]proc.Process + processes map[string]rproc.Process events chan interface{} - platform proc.Platform + platform rproc.Platform ec chan runc.Exit // Filled by Create() diff --git a/vendor/github.com/containerd/containerd/runtime/linux/shim/service_linux.go b/vendor/github.com/containerd/containerd/runtime/shim/service_linux.go similarity index 100% rename from vendor/github.com/containerd/containerd/runtime/linux/shim/service_linux.go rename to vendor/github.com/containerd/containerd/runtime/shim/service_linux.go diff --git a/vendor/github.com/containerd/containerd/runtime/linux/shim/service_unix.go b/vendor/github.com/containerd/containerd/runtime/shim/service_unix.go similarity index 100% rename from vendor/github.com/containerd/containerd/runtime/linux/shim/service_unix.go rename to vendor/github.com/containerd/containerd/runtime/shim/service_unix.go diff --git a/vendor/github.com/containerd/containerd/runtime/linux/shim/v1/doc.go b/vendor/github.com/containerd/containerd/runtime/shim/v1/doc.go similarity index 100% rename from vendor/github.com/containerd/containerd/runtime/linux/shim/v1/doc.go rename to vendor/github.com/containerd/containerd/runtime/shim/v1/doc.go diff --git a/vendor/github.com/containerd/containerd/runtime/linux/shim/v1/shim.pb.go b/vendor/github.com/containerd/containerd/runtime/shim/v1/shim.pb.go similarity index 93% rename from vendor/github.com/containerd/containerd/runtime/linux/shim/v1/shim.pb.go rename to vendor/github.com/containerd/containerd/runtime/shim/v1/shim.pb.go index fb492e257..e4dae343d 100644 --- a/vendor/github.com/containerd/containerd/runtime/linux/shim/v1/shim.pb.go +++ b/vendor/github.com/containerd/containerd/runtime/shim/v1/shim.pb.go @@ -1,11 +1,11 @@ // Code generated by protoc-gen-gogo. DO NOT EDIT. -// source: github.com/containerd/containerd/runtime/linux/shim/v1/shim.proto +// source: github.com/containerd/containerd/runtime/shim/v1/shim.proto /* Package shim is a generated protocol buffer package. It is generated from these files: - github.com/containerd/containerd/runtime/linux/shim/v1/shim.proto + github.com/containerd/containerd/runtime/shim/v1/shim.proto It has these top-level messages: CreateTaskRequest @@ -50,7 +50,7 @@ import strings "strings" import reflect "reflect" import context "context" -import ttrpc "github.com/stevvooe/ttrpc" +import ttrpc "github.com/containerd/ttrpc" import io "io" @@ -4352,80 +4352,80 @@ var ( ) func init() { - proto.RegisterFile("github.com/containerd/containerd/runtime/linux/shim/v1/shim.proto", fileDescriptorShim) + proto.RegisterFile("github.com/containerd/containerd/runtime/shim/v1/shim.proto", fileDescriptorShim) } var fileDescriptorShim = []byte{ // 1135 bytes of a gzipped FileDescriptorProto - 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0x9c, 0x57, 0x4f, 0x4f, 0xdc, 0x46, - 0x14, 0xc7, 0x66, 0xff, 0xbe, 0xcd, 0x52, 0x98, 0x12, 0xea, 0x6c, 0xa4, 0x65, 0x65, 0xa9, 0x11, - 0x55, 0x15, 0xbb, 0x2c, 0x55, 0xd2, 0x36, 0x52, 0x24, 0x20, 0x51, 0x85, 0xda, 0x28, 0xc8, 0x40, - 0x13, 0xb5, 0xaa, 0x90, 0x59, 0x0f, 0xbb, 0x23, 0x76, 0x6d, 0xc7, 0x33, 0xa6, 0xd0, 0x53, 0x4f, - 0x3d, 0xf7, 0xe3, 0xf4, 0x23, 0x70, 0xc8, 0xa1, 0xc7, 0x9e, 0xd2, 0x86, 0x7b, 0xbf, 0x43, 0x35, - 0x7f, 0x16, 0x7b, 0x77, 0x71, 0x6c, 0xb8, 0xb0, 0x7e, 0x33, 0xbf, 0x37, 0xf3, 0xe6, 0xfd, 0x7e, - 0xf3, 0xde, 0x00, 0x9b, 0x7d, 0xc2, 0x06, 0xf1, 0x91, 0xd5, 0x0b, 0x46, 0x76, 0x2f, 0xf0, 0x99, - 0x4b, 0x7c, 0x1c, 0x79, 0xe9, 0xcf, 0x28, 0xf6, 0x19, 0x19, 0x61, 0x7b, 0x48, 0xfc, 0xf8, 0xcc, - 0xa6, 0x03, 0x32, 0xb2, 0x4f, 0xd7, 0xc5, 0xaf, 0x15, 0x46, 0x01, 0x0b, 0x50, 0x27, 0x01, 0x5b, - 0x0a, 0x6c, 0x09, 0xb0, 0x25, 0x40, 0xa7, 0xeb, 0xad, 0x7b, 0xfd, 0x20, 0xe8, 0x0f, 0xb1, 0x2d, - 0xf0, 0x47, 0xf1, 0xb1, 0xed, 0xfa, 0xe7, 0xd2, 0xb9, 0x75, 0x7f, 0x7a, 0x0a, 0x8f, 0x42, 0x36, - 0x9e, 0x5c, 0xee, 0x07, 0xfd, 0x40, 0x7c, 0xda, 0xfc, 0x4b, 0x8d, 0xae, 0x4e, 0xbb, 0xf0, 0x1d, - 0x29, 0x73, 0x47, 0xa1, 0x02, 0x3c, 0xca, 0x3d, 0x93, 0x1b, 0x12, 0x9b, 0x9d, 0x87, 0x98, 0xda, - 0xa3, 0x20, 0xf6, 0x99, 0xf2, 0xfb, 0xe6, 0x06, 0x7e, 0xcc, 0xa5, 0x27, 0xe2, 0x8f, 0xf4, 0x35, - 0xff, 0xd3, 0x61, 0x69, 0x3b, 0xc2, 0x2e, 0xc3, 0xfb, 0x2e, 0x3d, 0x71, 0xf0, 0x9b, 0x18, 0x53, - 0x86, 0x56, 0x40, 0x27, 0x9e, 0xa1, 0x75, 0xb4, 0xb5, 0xfa, 0x56, 0xe5, 0xf2, 0xdd, 0xaa, 0xbe, - 0xf3, 0xcc, 0xd1, 0x89, 0x87, 0x56, 0xa0, 0x72, 0x14, 0xfb, 0xde, 0x10, 0x1b, 0x3a, 0x9f, 0x73, - 0x94, 0x85, 0x0c, 0xa8, 0xaa, 0x0c, 0x1a, 0xf3, 0x62, 0x62, 0x6c, 0x22, 0x1b, 0x2a, 0x51, 0x10, - 0xb0, 0x63, 0x6a, 0x94, 0x3a, 0xf3, 0x6b, 0x8d, 0xee, 0x27, 0x56, 0x2a, 0xeb, 0x22, 0x24, 0xeb, - 0x05, 0x3f, 0x8a, 0xa3, 0x60, 0xa8, 0x05, 0x35, 0x86, 0xa3, 0x11, 0xf1, 0xdd, 0xa1, 0x51, 0xee, - 0x68, 0x6b, 0x35, 0xe7, 0xca, 0x46, 0xcb, 0x50, 0xa6, 0xcc, 0x23, 0xbe, 0x51, 0x11, 0x9b, 0x48, - 0x83, 0x07, 0x45, 0x99, 0x17, 0xc4, 0xcc, 0xa8, 0xca, 0xa0, 0xa4, 0xa5, 0xc6, 0x71, 0x14, 0x19, - 0xb5, 0xab, 0x71, 0x1c, 0x45, 0xa8, 0x0d, 0xd0, 0x1b, 0xe0, 0xde, 0x49, 0x18, 0x10, 0x9f, 0x19, - 0x75, 0x31, 0x97, 0x1a, 0x41, 0x9f, 0xc3, 0x52, 0xe8, 0x46, 0xd8, 0x67, 0x87, 0x29, 0x18, 0x08, - 0xd8, 0xa2, 0x9c, 0xd8, 0x4e, 0xc0, 0x16, 0x54, 0x83, 0x90, 0x91, 0xc0, 0xa7, 0x46, 0xa3, 0xa3, - 0xad, 0x35, 0xba, 0xcb, 0x96, 0xa4, 0xd9, 0x1a, 0xd3, 0x6c, 0x6d, 0xfa, 0xe7, 0xce, 0x18, 0x64, - 0x3e, 0x00, 0x94, 0x4e, 0x37, 0x0d, 0x03, 0x9f, 0x62, 0xb4, 0x08, 0xf3, 0xa1, 0x4a, 0x78, 0xd3, - 0xe1, 0x9f, 0xe6, 0xef, 0x1a, 0x2c, 0x3c, 0xc3, 0x43, 0xcc, 0x70, 0x36, 0x08, 0xad, 0x42, 0x03, - 0x9f, 0x11, 0x76, 0x48, 0x99, 0xcb, 0x62, 0x2a, 0x38, 0x69, 0x3a, 0xc0, 0x87, 0xf6, 0xc4, 0x08, - 0xda, 0x84, 0x3a, 0xb7, 0xb0, 0x77, 0xe8, 0x32, 0xc1, 0x4c, 0xa3, 0xdb, 0x9a, 0x89, 0x6f, 0x7f, - 0x2c, 0xc3, 0xad, 0xda, 0xc5, 0xbb, 0xd5, 0xb9, 0x3f, 0xfe, 0x59, 0xd5, 0x9c, 0x9a, 0x74, 0xdb, - 0x64, 0xa6, 0x05, 0xcb, 0x32, 0x8e, 0xdd, 0x28, 0xe8, 0x61, 0x4a, 0x73, 0x24, 0x62, 0xfe, 0xa9, - 0x01, 0x7a, 0x7e, 0x86, 0x7b, 0xc5, 0xe0, 0x13, 0x74, 0xeb, 0x59, 0x74, 0xcf, 0x5f, 0x4f, 0x77, - 0x29, 0x83, 0xee, 0xf2, 0x04, 0xdd, 0x6b, 0x50, 0xa2, 0x21, 0xee, 0x09, 0xcd, 0x64, 0xd1, 0x23, - 0x10, 0xe6, 0x5d, 0xf8, 0x78, 0x22, 0x72, 0x99, 0x77, 0xf3, 0x35, 0x2c, 0x3a, 0x98, 0x92, 0x5f, - 0xf1, 0x2e, 0x3b, 0xcf, 0x3b, 0xce, 0x32, 0x94, 0x7f, 0x21, 0x1e, 0x1b, 0x28, 0x2e, 0xa4, 0xc1, - 0x43, 0x1b, 0x60, 0xd2, 0x1f, 0x48, 0x0e, 0x9a, 0x8e, 0xb2, 0xcc, 0x07, 0x70, 0x87, 0x13, 0x85, - 0xf3, 0x72, 0xfa, 0x56, 0x87, 0xa6, 0x02, 0x2a, 0x2d, 0xdc, 0xf4, 0x82, 0x2a, 0xed, 0xcc, 0x27, - 0xda, 0xd9, 0xe0, 0xe9, 0x12, 0xb2, 0xe1, 0x69, 0x5c, 0xe8, 0xde, 0x4f, 0x5f, 0xcc, 0xd3, 0x75, - 0x75, 0x37, 0xa5, 0x8e, 0x1c, 0x05, 0x4d, 0x18, 0x29, 0x5f, 0xcf, 0x48, 0x25, 0x83, 0x91, 0xea, - 0x04, 0x23, 0x69, 0xce, 0x6b, 0x53, 0x9c, 0x4f, 0x49, 0xba, 0xfe, 0x61, 0x49, 0xc3, 0xad, 0x24, - 0xfd, 0x12, 0x1a, 0xdf, 0x91, 0xe1, 0xb0, 0x40, 0xb1, 0xa3, 0xa4, 0x3f, 0x16, 0x66, 0xd3, 0x51, - 0x16, 0xcf, 0xa5, 0x3b, 0x1c, 0x8a, 0x5c, 0xd6, 0x1c, 0xfe, 0x69, 0x3e, 0x85, 0x85, 0xed, 0x61, - 0x40, 0xf1, 0xce, 0xcb, 0x02, 0xfa, 0x90, 0x09, 0x94, 0x5a, 0x97, 0x86, 0xf9, 0x19, 0x7c, 0xf4, - 0x3d, 0xa1, 0x6c, 0x97, 0x78, 0xb9, 0xd7, 0xcb, 0x81, 0xc5, 0x04, 0xaa, 0xc4, 0xf0, 0x14, 0xea, - 0xa1, 0xd4, 0x2c, 0xa6, 0x86, 0x26, 0xca, 0x6c, 0xe7, 0x5a, 0x36, 0x95, 0xb2, 0x77, 0xfc, 0xe3, - 0xc0, 0x49, 0x5c, 0xcc, 0x9f, 0xe0, 0x6e, 0x52, 0xd1, 0xd2, 0x6d, 0x00, 0x41, 0x29, 0x74, 0xd9, - 0x40, 0x86, 0xe1, 0x88, 0xef, 0x74, 0xc1, 0xd3, 0x8b, 0x14, 0xbc, 0x87, 0xb0, 0xb8, 0x37, 0x20, - 0x23, 0xb1, 0xe7, 0x38, 0xe0, 0x7b, 0x50, 0xe3, 0x2d, 0xf6, 0x30, 0x29, 0x67, 0x55, 0x6e, 0xef, - 0x12, 0xcf, 0xfc, 0x16, 0x96, 0x0e, 0x42, 0x6f, 0xaa, 0x1d, 0x75, 0xa1, 0x1e, 0x61, 0x1a, 0xc4, - 0x51, 0x4f, 0x1c, 0x30, 0x7b, 0xd7, 0x04, 0xa6, 0xee, 0x56, 0xc4, 0xf2, 0x12, 0xfa, 0xb5, 0xb8, - 0x5a, 0x1c, 0x97, 0x73, 0xb5, 0xd4, 0x15, 0xd2, 0x93, 0x1a, 0xfd, 0x29, 0x34, 0x5e, 0xb9, 0x24, - 0x77, 0x87, 0x08, 0xee, 0x48, 0x98, 0xda, 0x60, 0x4a, 0xe2, 0xda, 0x87, 0x25, 0xae, 0xdf, 0x46, - 0xe2, 0xdd, 0xb7, 0x0d, 0x28, 0xf1, 0xb4, 0xa3, 0x01, 0x94, 0x45, 0xe5, 0x40, 0x96, 0x95, 0xf7, - 0xdc, 0xb1, 0xd2, 0xb5, 0xa8, 0x65, 0x17, 0xc6, 0xab, 0x63, 0x51, 0xa8, 0xc8, 0xce, 0x86, 0x36, - 0xf2, 0x5d, 0x67, 0x9e, 0x1c, 0xad, 0x2f, 0x6f, 0xe6, 0xa4, 0x36, 0x95, 0xc7, 0x8b, 0x58, 0xc1, - 0xe3, 0x5d, 0xc9, 0xa1, 0xe0, 0xf1, 0x52, 0xb2, 0x70, 0xa0, 0x22, 0xfb, 0x20, 0x5a, 0x99, 0xe1, - 0xe2, 0x39, 0x7f, 0xfb, 0xb5, 0xbe, 0xc8, 0x5f, 0x72, 0xaa, 0xa3, 0x9f, 0x43, 0x73, 0xa2, 0xb7, - 0xa2, 0x47, 0x45, 0x97, 0x98, 0xec, 0xae, 0xb7, 0xd8, 0xfa, 0x0d, 0xd4, 0xc6, 0x75, 0x04, 0xad, - 0xe7, 0x7b, 0x4f, 0x95, 0xa7, 0x56, 0xf7, 0x26, 0x2e, 0x6a, 0xcb, 0xc7, 0x50, 0xde, 0x75, 0x63, - 0x9a, 0x9d, 0xc0, 0x8c, 0x71, 0xf4, 0x15, 0x54, 0x1c, 0x4c, 0xe3, 0xd1, 0xcd, 0x3d, 0x7f, 0x06, - 0x48, 0xbd, 0xd5, 0x1e, 0x17, 0x90, 0xd8, 0x75, 0x75, 0x30, 0x73, 0xf9, 0x17, 0x50, 0xe2, 0x8d, - 0x04, 0x3d, 0xcc, 0x5f, 0x38, 0xd5, 0x70, 0x32, 0x97, 0xdb, 0x87, 0x12, 0x7f, 0x7f, 0xa0, 0x02, - 0x57, 0x61, 0xf6, 0x85, 0x95, 0xb9, 0xea, 0x2b, 0xa8, 0x5f, 0x3d, 0x5f, 0x50, 0x01, 0xde, 0xa6, - 0xdf, 0x3a, 0x99, 0x0b, 0xef, 0x41, 0x55, 0x75, 0x3d, 0x54, 0x40, 0x7f, 0x93, 0x0d, 0x32, 0x73, - 0xd1, 0x1f, 0xa0, 0x36, 0x6e, 0x17, 0x99, 0x6c, 0x17, 0x38, 0xc4, 0x4c, 0xcb, 0x39, 0x80, 0x8a, - 0xec, 0x2b, 0x45, 0xaa, 0xd3, 0x4c, 0x07, 0xca, 0x0c, 0x17, 0x43, 0x89, 0xd7, 0xf6, 0x22, 0x0a, - 0x48, 0xb5, 0x8a, 0x96, 0x55, 0x14, 0x2e, 0xa3, 0xdf, 0x3a, 0xb8, 0x78, 0xdf, 0x9e, 0xfb, 0xfb, - 0x7d, 0x7b, 0xee, 0xb7, 0xcb, 0xb6, 0x76, 0x71, 0xd9, 0xd6, 0xfe, 0xba, 0x6c, 0x6b, 0xff, 0x5e, - 0xb6, 0xb5, 0x1f, 0x9f, 0xdc, 0xee, 0xff, 0xe0, 0x27, 0xfc, 0xf7, 0xb5, 0x7e, 0x54, 0x11, 0xe7, - 0xd9, 0xf8, 0x3f, 0x00, 0x00, 0xff, 0xff, 0xfb, 0xc9, 0x30, 0x0d, 0x4f, 0x0f, 0x00, 0x00, + 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0x9c, 0x57, 0x4d, 0x6f, 0xdb, 0x46, + 0x13, 0x36, 0x69, 0x7d, 0x8e, 0x22, 0xbf, 0xf6, 0xbe, 0x8e, 0xcb, 0x28, 0x80, 0x2c, 0x10, 0x68, + 0xe0, 0xa2, 0x08, 0x55, 0xcb, 0x6d, 0xd2, 0x36, 0x40, 0x00, 0xdb, 0x09, 0x0a, 0xa3, 0x0d, 0x6c, + 0xd0, 0x4e, 0x13, 0xb4, 0x28, 0x0c, 0x5a, 0x5c, 0x4b, 0x0b, 0x4b, 0x24, 0xc3, 0x5d, 0xba, 0x76, + 0x4f, 0x3d, 0xf5, 0xdc, 0x9f, 0xd3, 0x9f, 0xe0, 0x43, 0x0e, 0x3d, 0xf6, 0x94, 0x36, 0xba, 0xf7, + 0x3f, 0x14, 0xfb, 0x21, 0x93, 0x92, 0xcc, 0x90, 0xf2, 0xc5, 0xe2, 0xec, 0x3e, 0xb3, 0x3b, 0x3b, + 0xcf, 0xb3, 0x33, 0x6b, 0x78, 0xd2, 0x23, 0xac, 0x1f, 0x9d, 0x58, 0x5d, 0x7f, 0xd8, 0xee, 0xfa, + 0x1e, 0x73, 0x88, 0x87, 0x43, 0x37, 0xf9, 0x19, 0x46, 0x1e, 0x23, 0x43, 0xdc, 0xa6, 0x7d, 0x32, + 0x6c, 0x9f, 0x6f, 0x8a, 0x5f, 0x2b, 0x08, 0x7d, 0xe6, 0xa3, 0x56, 0x0c, 0xb3, 0x14, 0xcc, 0x1a, + 0x10, 0x2f, 0xba, 0xb0, 0x04, 0xe8, 0x7c, 0xb3, 0x71, 0xaf, 0xe7, 0xfb, 0xbd, 0x01, 0x6e, 0x0b, + 0xfc, 0x49, 0x74, 0xda, 0x76, 0xbc, 0x4b, 0xe9, 0xdc, 0xb8, 0x3f, 0x3d, 0x85, 0x87, 0x01, 0x1b, + 0x4f, 0xae, 0xf6, 0xfc, 0x9e, 0x2f, 0x3e, 0xdb, 0xfc, 0x4b, 0x8d, 0xae, 0x4f, 0xbb, 0xf0, 0x1d, + 0x29, 0x73, 0x86, 0x81, 0x02, 0x3c, 0xca, 0x3c, 0x8d, 0x13, 0x90, 0x36, 0xbb, 0x0c, 0x30, 0x6d, + 0x0f, 0xfd, 0xc8, 0x63, 0xca, 0xef, 0xeb, 0x39, 0xfc, 0x98, 0x43, 0xcf, 0xc4, 0x1f, 0xe9, 0x6b, + 0xfe, 0xab, 0xc3, 0xca, 0x6e, 0x88, 0x1d, 0x86, 0x8f, 0x1c, 0x7a, 0x66, 0xe3, 0x37, 0x11, 0xa6, + 0x0c, 0xad, 0x81, 0x4e, 0x5c, 0x43, 0x6b, 0x69, 0x1b, 0xd5, 0x9d, 0xd2, 0xe8, 0xdd, 0xba, 0xbe, + 0xf7, 0xcc, 0xd6, 0x89, 0x8b, 0xd6, 0xa0, 0x74, 0x12, 0x79, 0xee, 0x00, 0x1b, 0x3a, 0x9f, 0xb3, + 0x95, 0x85, 0x0c, 0x28, 0xab, 0x0c, 0x1a, 0x8b, 0x62, 0x62, 0x6c, 0xa2, 0x36, 0x94, 0x42, 0xdf, + 0x67, 0xa7, 0xd4, 0x28, 0xb4, 0x16, 0x37, 0x6a, 0x9d, 0x8f, 0xac, 0x44, 0xd6, 0x45, 0x48, 0xd6, + 0x0b, 0x7e, 0x14, 0x5b, 0xc1, 0x50, 0x03, 0x2a, 0x0c, 0x87, 0x43, 0xe2, 0x39, 0x03, 0xa3, 0xd8, + 0xd2, 0x36, 0x2a, 0xf6, 0xb5, 0x8d, 0x56, 0xa1, 0x48, 0x99, 0x4b, 0x3c, 0xa3, 0x24, 0x36, 0x91, + 0x06, 0x0f, 0x8a, 0x32, 0xd7, 0x8f, 0x98, 0x51, 0x96, 0x41, 0x49, 0x4b, 0x8d, 0xe3, 0x30, 0x34, + 0x2a, 0xd7, 0xe3, 0x38, 0x0c, 0x51, 0x13, 0xa0, 0xdb, 0xc7, 0xdd, 0xb3, 0xc0, 0x27, 0x1e, 0x33, + 0xaa, 0x62, 0x2e, 0x31, 0x82, 0x3e, 0x85, 0x95, 0xc0, 0x09, 0xb1, 0xc7, 0x8e, 0x13, 0x30, 0x10, + 0xb0, 0x65, 0x39, 0xb1, 0x1b, 0x83, 0x2d, 0x28, 0xfb, 0x01, 0x23, 0xbe, 0x47, 0x8d, 0x5a, 0x4b, + 0xdb, 0xa8, 0x75, 0x56, 0x2d, 0x49, 0xb3, 0x35, 0xa6, 0xd9, 0xda, 0xf6, 0x2e, 0xed, 0x31, 0xc8, + 0x7c, 0x00, 0x28, 0x99, 0x6e, 0x1a, 0xf8, 0x1e, 0xc5, 0x68, 0x19, 0x16, 0x03, 0x95, 0xf0, 0xba, + 0xcd, 0x3f, 0xcd, 0xdf, 0x34, 0x58, 0x7a, 0x86, 0x07, 0x98, 0xe1, 0x74, 0x10, 0x5a, 0x87, 0x1a, + 0xbe, 0x20, 0xec, 0x98, 0x32, 0x87, 0x45, 0x54, 0x70, 0x52, 0xb7, 0x81, 0x0f, 0x1d, 0x8a, 0x11, + 0xb4, 0x0d, 0x55, 0x6e, 0x61, 0xf7, 0xd8, 0x61, 0x82, 0x99, 0x5a, 0xa7, 0x31, 0x13, 0xdf, 0xd1, + 0x58, 0x86, 0x3b, 0x95, 0xab, 0x77, 0xeb, 0x0b, 0xbf, 0xff, 0xbd, 0xae, 0xd9, 0x15, 0xe9, 0xb6, + 0xcd, 0x4c, 0x0b, 0x56, 0x65, 0x1c, 0x07, 0xa1, 0xdf, 0xc5, 0x94, 0x66, 0x48, 0xc4, 0xfc, 0x43, + 0x03, 0xf4, 0xfc, 0x02, 0x77, 0xf3, 0xc1, 0x27, 0xe8, 0xd6, 0xd3, 0xe8, 0x5e, 0xbc, 0x99, 0xee, + 0x42, 0x0a, 0xdd, 0xc5, 0x09, 0xba, 0x37, 0xa0, 0x40, 0x03, 0xdc, 0x15, 0x9a, 0x49, 0xa3, 0x47, + 0x20, 0xcc, 0xbb, 0xf0, 0xff, 0x89, 0xc8, 0x65, 0xde, 0xcd, 0xd7, 0xb0, 0x6c, 0x63, 0x4a, 0x7e, + 0xc1, 0x07, 0xec, 0x32, 0xeb, 0x38, 0xab, 0x50, 0xfc, 0x99, 0xb8, 0xac, 0xaf, 0xb8, 0x90, 0x06, + 0x0f, 0xad, 0x8f, 0x49, 0xaf, 0x2f, 0x39, 0xa8, 0xdb, 0xca, 0x32, 0x1f, 0xc0, 0x1d, 0x4e, 0x14, + 0xce, 0xca, 0xe9, 0x5b, 0x1d, 0xea, 0x0a, 0xa8, 0xb4, 0x30, 0xef, 0x05, 0x55, 0xda, 0x59, 0x8c, + 0xb5, 0xb3, 0xc5, 0xd3, 0x25, 0x64, 0xc3, 0xd3, 0xb8, 0xd4, 0xb9, 0x9f, 0xbc, 0x98, 0xe7, 0x9b, + 0xea, 0x6e, 0x4a, 0x1d, 0xd9, 0x0a, 0x1a, 0x33, 0x52, 0xbc, 0x99, 0x91, 0x52, 0x0a, 0x23, 0xe5, + 0x09, 0x46, 0x92, 0x9c, 0x57, 0xa6, 0x38, 0x9f, 0x92, 0x74, 0xf5, 0xc3, 0x92, 0x86, 0x5b, 0x49, + 0x7a, 0x1f, 0x6a, 0xdf, 0x92, 0xc1, 0x20, 0x47, 0xb1, 0xa3, 0xa4, 0x37, 0x16, 0x66, 0xdd, 0x56, + 0x16, 0xcf, 0xa5, 0x33, 0x18, 0x88, 0x5c, 0x56, 0x6c, 0xfe, 0x69, 0x3e, 0x85, 0xa5, 0xdd, 0x81, + 0x4f, 0xf1, 0xde, 0x7e, 0x0e, 0x7d, 0xc8, 0x04, 0x4a, 0xad, 0x4b, 0xc3, 0xfc, 0x04, 0xfe, 0xf7, + 0x1d, 0xa1, 0xec, 0x80, 0xb8, 0x99, 0xd7, 0xcb, 0x86, 0xe5, 0x18, 0xaa, 0xc4, 0xf0, 0x14, 0xaa, + 0x81, 0xd4, 0x2c, 0xa6, 0x86, 0x26, 0xca, 0x6c, 0xeb, 0x46, 0x36, 0x95, 0xb2, 0xf7, 0xbc, 0x53, + 0xdf, 0x8e, 0x5d, 0xcc, 0x1f, 0xe1, 0x6e, 0x5c, 0xd1, 0x92, 0x6d, 0x00, 0x41, 0x21, 0x70, 0x58, + 0x5f, 0x86, 0x61, 0x8b, 0xef, 0x64, 0xc1, 0xd3, 0xf3, 0x14, 0xbc, 0x87, 0xb0, 0x7c, 0xd8, 0x27, + 0x43, 0xb1, 0xe7, 0x38, 0xe0, 0x7b, 0x50, 0xe1, 0x2d, 0xf6, 0x38, 0x2e, 0x67, 0x65, 0x6e, 0x1f, + 0x10, 0xd7, 0xfc, 0x06, 0x56, 0x5e, 0x06, 0xee, 0x54, 0x3b, 0xea, 0x40, 0x35, 0xc4, 0xd4, 0x8f, + 0xc2, 0xae, 0x38, 0x60, 0xfa, 0xae, 0x31, 0x4c, 0xdd, 0xad, 0x90, 0x65, 0x25, 0xf4, 0x2b, 0x71, + 0xb5, 0x38, 0x2e, 0xe3, 0x6a, 0xa9, 0x2b, 0xa4, 0xc7, 0x35, 0xfa, 0x63, 0xa8, 0xbd, 0x72, 0x48, + 0xe6, 0x0e, 0x21, 0xdc, 0x91, 0x30, 0xb5, 0xc1, 0x94, 0xc4, 0xb5, 0x0f, 0x4b, 0x5c, 0xbf, 0x8d, + 0xc4, 0x3b, 0x6f, 0x6b, 0x50, 0xe0, 0x69, 0x47, 0x7d, 0x28, 0x8a, 0xca, 0x81, 0x2c, 0x2b, 0xeb, + 0xb9, 0x63, 0x25, 0x6b, 0x51, 0xa3, 0x9d, 0x1b, 0xaf, 0x8e, 0x45, 0xa1, 0x24, 0x3b, 0x1b, 0xda, + 0xca, 0x76, 0x9d, 0x79, 0x72, 0x34, 0x3e, 0x9f, 0xcf, 0x49, 0x6d, 0x2a, 0x8f, 0x17, 0xb2, 0x9c, + 0xc7, 0xbb, 0x96, 0x43, 0xce, 0xe3, 0x25, 0x64, 0x61, 0x43, 0x49, 0xf6, 0x41, 0xb4, 0x36, 0xc3, + 0xc5, 0x73, 0xfe, 0xf6, 0x6b, 0x7c, 0x96, 0xbd, 0xe4, 0x54, 0x47, 0xbf, 0x84, 0xfa, 0x44, 0x6f, + 0x45, 0x8f, 0xf2, 0x2e, 0x31, 0xd9, 0x5d, 0x6f, 0xb1, 0xf5, 0x1b, 0xa8, 0x8c, 0xeb, 0x08, 0xda, + 0xcc, 0xf6, 0x9e, 0x2a, 0x4f, 0x8d, 0xce, 0x3c, 0x2e, 0x6a, 0xcb, 0xc7, 0x50, 0x3c, 0x70, 0x22, + 0x9a, 0x9e, 0xc0, 0x94, 0x71, 0xf4, 0x25, 0x94, 0x6c, 0x4c, 0xa3, 0xe1, 0xfc, 0x9e, 0x3f, 0x01, + 0x24, 0xde, 0x6a, 0x8f, 0x73, 0x48, 0xec, 0xa6, 0x3a, 0x98, 0xba, 0xfc, 0x0b, 0x28, 0xf0, 0x46, + 0x82, 0x1e, 0x66, 0x2f, 0x9c, 0x68, 0x38, 0xa9, 0xcb, 0x1d, 0x41, 0x81, 0xbf, 0x3f, 0x50, 0x8e, + 0xab, 0x30, 0xfb, 0xc2, 0x4a, 0x5d, 0xf5, 0x15, 0x54, 0xaf, 0x9f, 0x2f, 0x28, 0x07, 0x6f, 0xd3, + 0x6f, 0x9d, 0xd4, 0x85, 0x0f, 0xa1, 0xac, 0xba, 0x1e, 0xca, 0xa1, 0xbf, 0xc9, 0x06, 0x99, 0xba, + 0xe8, 0xf7, 0x50, 0x19, 0xb7, 0x8b, 0x54, 0xb6, 0x73, 0x1c, 0x62, 0xa6, 0xe5, 0xbc, 0x84, 0x92, + 0xec, 0x2b, 0x79, 0xaa, 0xd3, 0x4c, 0x07, 0x4a, 0x0d, 0x17, 0x43, 0x81, 0xd7, 0xf6, 0x3c, 0x0a, + 0x48, 0xb4, 0x8a, 0x86, 0x95, 0x17, 0x2e, 0xa3, 0xdf, 0xd9, 0xbf, 0x7a, 0xdf, 0x5c, 0xf8, 0xeb, + 0x7d, 0x73, 0xe1, 0xd7, 0x51, 0x53, 0xbb, 0x1a, 0x35, 0xb5, 0x3f, 0x47, 0x4d, 0xed, 0x9f, 0x51, + 0x53, 0xfb, 0xe1, 0x8b, 0x79, 0xff, 0x03, 0x7e, 0xc2, 0x7f, 0x5f, 0xeb, 0x27, 0x25, 0x71, 0x92, + 0xad, 0xff, 0x02, 0x00, 0x00, 0xff, 0xff, 0x5b, 0x88, 0x3a, 0x56, 0x43, 0x0f, 0x00, 0x00, } diff --git a/vendor/github.com/containerd/containerd/runtime/linux/shim/v1/shim.proto b/vendor/github.com/containerd/containerd/runtime/shim/v1/shim.proto similarity index 97% rename from vendor/github.com/containerd/containerd/runtime/linux/shim/v1/shim.proto rename to vendor/github.com/containerd/containerd/runtime/shim/v1/shim.proto index fb748f71e..8248b2aa0 100644 --- a/vendor/github.com/containerd/containerd/runtime/linux/shim/v1/shim.proto +++ b/vendor/github.com/containerd/containerd/runtime/shim/v1/shim.proto @@ -9,7 +9,7 @@ import "google/protobuf/timestamp.proto"; import "github.com/containerd/containerd/api/types/mount.proto"; import "github.com/containerd/containerd/api/types/task/task.proto"; -option go_package = "github.com/containerd/containerd/runtime/linux/shim/v1;shim"; +option go_package = "github.com/containerd/containerd/runtime/shim/v1;shim"; // Shim service is launched for each container and is responsible for owning the IO // for the container and its additional processes. The shim is also the parent of diff --git a/vendor/github.com/containerd/containerd/vendor.conf b/vendor/github.com/containerd/containerd/vendor.conf index fcb6532bc..b9e98a85e 100644 --- a/vendor/github.com/containerd/containerd/vendor.conf +++ b/vendor/github.com/containerd/containerd/vendor.conf @@ -1,7 +1,7 @@ github.com/containerd/go-runc f271fa2021de855d4d918dbef83c5fe19db1bdd5 -github.com/containerd/console cb7008ab3d8359b78c5f464cb7cf160107ad5925 +github.com/containerd/console 5d1b48d6114b8c9666f0c8b916f871af97b0a761 github.com/containerd/cgroups fe281dd265766145e943a034aa41086474ea6130 -github.com/containerd/typeurl f6943554a7e7e88b3c14aad190bf05932da84788 +github.com/containerd/typeurl a93fcdb778cd272c6e9b3028b2f42d813e785d40 github.com/containerd/fifo 3d5202aec260678c48179c56f40e6f38a095738c github.com/containerd/btrfs 2e1aa0ddf94f91fa282b6ed87c23bf0d64911244 github.com/containerd/continuity d3c23511c1bf5851696cba83143d9cbcd666869b @@ -22,7 +22,6 @@ github.com/golang/protobuf v1.1.0 github.com/opencontainers/runtime-spec v1.0.1 github.com/opencontainers/runc 69663f0bd4b60df09991c08812a60108003fa340 github.com/sirupsen/logrus v1.0.0 -github.com/pmezard/go-difflib v1.0.0 github.com/urfave/cli 7bc6a0acffa589f415f88aca16cc1de5ffd66f9c golang.org/x/net b3756b4b77d7b13260a0a2ec658753cf48922eac google.golang.org/grpc v1.12.0 @@ -38,14 +37,14 @@ github.com/Microsoft/hcsshim v0.6.11 github.com/boltdb/bolt e9cf4fae01b5a8ff89d0ec6b32f0d9c9f79aefdd google.golang.org/genproto d80a6e20e776b0b17a324d0ba1ab50a39c8e8944 golang.org/x/text 19e51611da83d6be54ddafce4a4af510cb3e9ea4 -github.com/stevvooe/ttrpc d4528379866b0ce7e9d71f3eb96f0582fc374577 +github.com/containerd/ttrpc 94dde388801693c54f88a6596f713b51a8b30b2d github.com/syndtr/gocapability db04d3cc01c8b54962a58ec7e491717d06cfcc16 -github.com/gotestyourself/gotestyourself 44dbf532bbf5767611f6f2a61bded572e337010a +gotest.tools v2.1.0 github.com/google/go-cmp v0.1.0 -# #2135: cri is temporarily forked because of circular dependency. will be fixed immediately in a follow-up PR. -github.com/containerd/cri 6e975823be192ad19f2ce7afcf6c57b88a991c30 https://github.com/AkihiroSuda/cri-containerd.git -github.com/containerd/go-cni f2d7272f12d045b16ed924f50e91f9f9cecc55a7 +# cri dependencies +github.com/containerd/cri v1.11.0 +github.com/containerd/go-cni 5882530828ecf62032409b298a3e8b19e08b6534 github.com/blang/semver v3.1.0 github.com/containernetworking/cni v0.6.0 github.com/containernetworking/plugins v0.7.0 @@ -59,22 +58,26 @@ github.com/golang/glog 44145f04b68cf362d9c4df2182967c2275eaefed github.com/google/gofuzz 44d81051d367757e1c7c6a5a86423ece9afcf63c github.com/hashicorp/errwrap 7554cd9344cec97297fa6649b055a8c98c2a1e55 github.com/hashicorp/go-multierror ed905158d87462226a13fe39ddf685ea65f1c11f -github.com/json-iterator/go 1.0.4 -github.com/opencontainers/runtime-tools 6073aff4ac61897f75895123f7e24135204a404d +github.com/json-iterator/go f2b4162afba35581b6d4a50d3b8f34e33c144682 +github.com/modern-go/reflect2 05fbef0ca5da472bbf96c9322b84a53edc03c9fd +github.com/modern-go/concurrent 1.0.3 +github.com/opencontainers/runtime-tools v0.6.0 github.com/opencontainers/selinux 4a2974bf1ee960774ffd517717f1f45325af0206 github.com/seccomp/libseccomp-golang 32f571b70023028bd57d9288c20efbcb237f3ce0 -github.com/spf13/pflag v1.0.0 github.com/tchap/go-patricia 5ad6cdb7538b0097d5598c7e57f0a24072adf7dc +github.com/xeipuuv/gojsonpointer 4e3ac2762d5f479393488629ee9370b50873b3a6 +github.com/xeipuuv/gojsonreference bd5ef7bd5415a7ac448318e64f11a24cd21e594b +github.com/xeipuuv/gojsonschema 1d523034197ff1f222f6429836dd36a2457a1874 golang.org/x/crypto 49796115aa4b964c318aad4f3084fdb41e9aa067 golang.org/x/time f51c12702a4d776e4c1fa9b0fabab841babae631 gopkg.in/inf.v0 3887ee99ecf07df5b447e9b00d9c0b2adaa9f3e4 gopkg.in/yaml.v2 53feefa2559fb8dfa8d81baad31be332c97d6c77 -k8s.io/api 7e796de92438aede7cb5d6bcf6c10f4fa65db560 -k8s.io/apimachinery fcb9a12f7875d01f8390b28faedc37dcf2e713b9 -k8s.io/apiserver 4a8377c547bbff4576a35b5b5bf4026d9b5aa763 -k8s.io/client-go b9a0cf870f239c4a4ecfd3feb075a50e7cbe1473 -k8s.io/kubernetes v1.10.0 -k8s.io/utils 258e2a2fa64568210fbd6267cf1d8fd87c3cb86e +k8s.io/api 9e5ffd1f1320950b238cfce291b926411f0af722 +k8s.io/apimachinery ed135c5b96450fd24e5e981c708114fbbd950697 +k8s.io/apiserver a90e3a95c2e91b944bfca8225c4e0d12e42a9eb5 +k8s.io/client-go 03bfb9bdcfe5482795b999f39ca3ed9ad42ce5bb +k8s.io/kubernetes v1.11.0 +k8s.io/utils 733eca437aa39379e4bcc25e726439dfca40fcff # zfs dependencies github.com/containerd/zfs 9a0b8b8b5982014b729cd34eb7cd7a11062aa6ec diff --git a/vendor/github.com/stevvooe/ttrpc/LICENSE b/vendor/github.com/containerd/ttrpc/LICENSE similarity index 100% rename from vendor/github.com/stevvooe/ttrpc/LICENSE rename to vendor/github.com/containerd/ttrpc/LICENSE diff --git a/vendor/github.com/stevvooe/ttrpc/README.md b/vendor/github.com/containerd/ttrpc/README.md similarity index 90% rename from vendor/github.com/stevvooe/ttrpc/README.md rename to vendor/github.com/containerd/ttrpc/README.md index b246e578b..d1eed6b12 100644 --- a/vendor/github.com/stevvooe/ttrpc/README.md +++ b/vendor/github.com/containerd/ttrpc/README.md @@ -1,6 +1,6 @@ # ttrpc -[![Build Status](https://travis-ci.org/stevvooe/ttrpc.svg?branch=master)](https://travis-ci.org/stevvooe/ttrpc) +[![Build Status](https://travis-ci.org/containerd/ttrpc.svg?branch=master)](https://travis-ci.org/containerd/ttrpc) GRPC for low-memory environments. @@ -25,7 +25,7 @@ Create a gogo vanity binary (see [`cmd/protoc-gen-gogottrpc/main.go`](cmd/protoc-gen-gogottrpc/main.go) for an example with the ttrpc plugin enabled. -It's recommended to use [`protobuild`](https://github.com/stevvooe/protobuild) +It's recommended to use [`protobuild`](https://github.com//stevvooe/protobuild) to build the protobufs for this project, but this will work with protoc directly, if required. diff --git a/vendor/github.com/stevvooe/ttrpc/channel.go b/vendor/github.com/containerd/ttrpc/channel.go similarity index 85% rename from vendor/github.com/stevvooe/ttrpc/channel.go rename to vendor/github.com/containerd/ttrpc/channel.go index 9493d6862..22f5496b4 100644 --- a/vendor/github.com/stevvooe/ttrpc/channel.go +++ b/vendor/github.com/containerd/ttrpc/channel.go @@ -1,3 +1,19 @@ +/* + Copyright The containerd Authors. + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. +*/ + package ttrpc import ( diff --git a/vendor/github.com/stevvooe/ttrpc/client.go b/vendor/github.com/containerd/ttrpc/client.go similarity index 87% rename from vendor/github.com/stevvooe/ttrpc/client.go rename to vendor/github.com/containerd/ttrpc/client.go index f04718167..ede2e6b74 100644 --- a/vendor/github.com/stevvooe/ttrpc/client.go +++ b/vendor/github.com/containerd/ttrpc/client.go @@ -1,3 +1,19 @@ +/* + Copyright The containerd Authors. + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. +*/ + package ttrpc import ( @@ -9,9 +25,9 @@ import ( "sync" "syscall" - "github.com/containerd/containerd/log" "github.com/gogo/protobuf/proto" "github.com/pkg/errors" + "github.com/sirupsen/logrus" "google.golang.org/grpc/status" ) @@ -180,7 +196,7 @@ func (c *Client) run() { case msg := <-incoming: call, ok := waiters[msg.StreamID] if !ok { - log.L.Errorf("ttrpc: received message for unknown channel %v", msg.StreamID) + logrus.Errorf("ttrpc: received message for unknown channel %v", msg.StreamID) continue } diff --git a/vendor/github.com/containerd/ttrpc/codec.go b/vendor/github.com/containerd/ttrpc/codec.go new file mode 100644 index 000000000..b4aac2fac --- /dev/null +++ b/vendor/github.com/containerd/ttrpc/codec.go @@ -0,0 +1,42 @@ +/* + Copyright The containerd Authors. + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. +*/ + +package ttrpc + +import ( + "github.com/gogo/protobuf/proto" + "github.com/pkg/errors" +) + +type codec struct{} + +func (c codec) Marshal(msg interface{}) ([]byte, error) { + switch v := msg.(type) { + case proto.Message: + return proto.Marshal(v) + default: + return nil, errors.Errorf("ttrpc: cannot marshal unknown type: %T", msg) + } +} + +func (c codec) Unmarshal(p []byte, msg interface{}) error { + switch v := msg.(type) { + case proto.Message: + return proto.Unmarshal(p, v) + default: + return errors.Errorf("ttrpc: cannot unmarshal into unknown type: %T", msg) + } +} diff --git a/vendor/github.com/containerd/ttrpc/config.go b/vendor/github.com/containerd/ttrpc/config.go new file mode 100644 index 000000000..019b7a09d --- /dev/null +++ b/vendor/github.com/containerd/ttrpc/config.go @@ -0,0 +1,39 @@ +/* + Copyright The containerd Authors. + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. +*/ + +package ttrpc + +import "github.com/pkg/errors" + +type serverConfig struct { + handshaker Handshaker +} + +type ServerOpt func(*serverConfig) error + +// WithServerHandshaker can be passed to NewServer to ensure that the +// handshaker is called before every connection attempt. +// +// Only one handshaker is allowed per server. +func WithServerHandshaker(handshaker Handshaker) ServerOpt { + return func(c *serverConfig) error { + if c.handshaker != nil { + return errors.New("only one handshaker allowed per server") + } + c.handshaker = handshaker + return nil + } +} diff --git a/vendor/github.com/stevvooe/ttrpc/handshake.go b/vendor/github.com/containerd/ttrpc/handshake.go similarity index 65% rename from vendor/github.com/stevvooe/ttrpc/handshake.go rename to vendor/github.com/containerd/ttrpc/handshake.go index a08ae8ee4..a424b67a4 100644 --- a/vendor/github.com/stevvooe/ttrpc/handshake.go +++ b/vendor/github.com/containerd/ttrpc/handshake.go @@ -1,3 +1,19 @@ +/* + Copyright The containerd Authors. + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. +*/ + package ttrpc import ( diff --git a/vendor/github.com/stevvooe/ttrpc/server.go b/vendor/github.com/containerd/ttrpc/server.go similarity index 88% rename from vendor/github.com/stevvooe/ttrpc/server.go rename to vendor/github.com/containerd/ttrpc/server.go index fd29b719e..1a518b1b4 100644 --- a/vendor/github.com/stevvooe/ttrpc/server.go +++ b/vendor/github.com/containerd/ttrpc/server.go @@ -1,3 +1,19 @@ +/* + Copyright The containerd Authors. + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. +*/ + package ttrpc import ( @@ -9,8 +25,8 @@ import ( "sync/atomic" "time" - "github.com/containerd/containerd/log" "github.com/pkg/errors" + "github.com/sirupsen/logrus" "google.golang.org/grpc/codes" "google.golang.org/grpc/status" ) @@ -51,12 +67,11 @@ func (s *Server) Register(name string, methods map[string]Method) { s.services.register(name, methods) } -func (s *Server) Serve(l net.Listener) error { +func (s *Server) Serve(ctx context.Context, l net.Listener) error { s.addListener(l) defer s.closeListener(l) var ( - ctx = context.Background() backoff time.Duration handshaker = s.config.handshaker ) @@ -88,7 +103,7 @@ func (s *Server) Serve(l net.Listener) error { } sleep := time.Duration(rand.Int63n(int64(backoff))) - log.L.WithError(err).Errorf("ttrpc: failed accept; backoff %v", sleep) + logrus.WithError(err).Errorf("ttrpc: failed accept; backoff %v", sleep) time.Sleep(sleep) continue } @@ -100,7 +115,7 @@ func (s *Server) Serve(l net.Listener) error { approved, handshake, err := handshaker.Handshake(ctx, conn) if err != nil { - log.L.WithError(err).Errorf("ttrpc: refusing connection after handshake") + logrus.WithError(err).Errorf("ttrpc: refusing connection after handshake") conn.Close() continue } @@ -416,12 +431,12 @@ func (c *serverConn) run(sctx context.Context) { case response := <-responses: p, err := c.server.codec.Marshal(response.resp) if err != nil { - log.L.WithError(err).Error("failed marshaling response") + logrus.WithError(err).Error("failed marshaling response") return } if err := ch.send(ctx, response.id, messageTypeResponse, p); err != nil { - log.L.WithError(err).Error("failed sending message on channel") + logrus.WithError(err).Error("failed sending message on channel") return } @@ -432,7 +447,7 @@ func (c *serverConn) run(sctx context.Context) { // requests due to a terminal error. recvErr = nil // connection is now "closing" if err != nil && err != io.EOF { - log.L.WithError(err).Error("error receiving message") + logrus.WithError(err).Error("error receiving message") } case <-shutdown: return diff --git a/vendor/github.com/stevvooe/ttrpc/services.go b/vendor/github.com/containerd/ttrpc/services.go similarity index 84% rename from vendor/github.com/stevvooe/ttrpc/services.go rename to vendor/github.com/containerd/ttrpc/services.go index b9a749e3d..e90963825 100644 --- a/vendor/github.com/stevvooe/ttrpc/services.go +++ b/vendor/github.com/containerd/ttrpc/services.go @@ -1,3 +1,19 @@ +/* + Copyright The containerd Authors. + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. +*/ + package ttrpc import ( diff --git a/vendor/github.com/stevvooe/ttrpc/types.go b/vendor/github.com/containerd/ttrpc/types.go similarity index 56% rename from vendor/github.com/stevvooe/ttrpc/types.go rename to vendor/github.com/containerd/ttrpc/types.go index a522b0cf2..1f7969e5c 100644 --- a/vendor/github.com/stevvooe/ttrpc/types.go +++ b/vendor/github.com/containerd/ttrpc/types.go @@ -1,3 +1,19 @@ +/* + Copyright The containerd Authors. + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. +*/ + package ttrpc import ( diff --git a/vendor/github.com/stevvooe/ttrpc/unixcreds_linux.go b/vendor/github.com/containerd/ttrpc/unixcreds_linux.go similarity index 82% rename from vendor/github.com/stevvooe/ttrpc/unixcreds_linux.go rename to vendor/github.com/containerd/ttrpc/unixcreds_linux.go index 812d927dc..a471bd365 100644 --- a/vendor/github.com/stevvooe/ttrpc/unixcreds_linux.go +++ b/vendor/github.com/containerd/ttrpc/unixcreds_linux.go @@ -1,3 +1,19 @@ +/* + Copyright The containerd Authors. + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. +*/ + package ttrpc import ( diff --git a/vendor/github.com/containerd/typeurl/types.go b/vendor/github.com/containerd/typeurl/types.go index 10a78228b..153c488d0 100644 --- a/vendor/github.com/containerd/typeurl/types.go +++ b/vendor/github.com/containerd/typeurl/types.go @@ -1,3 +1,19 @@ +/* + Copyright The containerd Authors. + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. +*/ + package typeurl import ( diff --git a/vendor/github.com/stevvooe/ttrpc/codec.go b/vendor/github.com/stevvooe/ttrpc/codec.go deleted file mode 100644 index 7956a7222..000000000 --- a/vendor/github.com/stevvooe/ttrpc/codec.go +++ /dev/null @@ -1,26 +0,0 @@ -package ttrpc - -import ( - "github.com/gogo/protobuf/proto" - "github.com/pkg/errors" -) - -type codec struct{} - -func (c codec) Marshal(msg interface{}) ([]byte, error) { - switch v := msg.(type) { - case proto.Message: - return proto.Marshal(v) - default: - return nil, errors.Errorf("ttrpc: cannot marshal unknown type: %T", msg) - } -} - -func (c codec) Unmarshal(p []byte, msg interface{}) error { - switch v := msg.(type) { - case proto.Message: - return proto.Unmarshal(p, v) - default: - return errors.Errorf("ttrpc: cannot unmarshal into unknown type: %T", msg) - } -} diff --git a/vendor/github.com/stevvooe/ttrpc/config.go b/vendor/github.com/stevvooe/ttrpc/config.go deleted file mode 100644 index 23bc603a3..000000000 --- a/vendor/github.com/stevvooe/ttrpc/config.go +++ /dev/null @@ -1,23 +0,0 @@ -package ttrpc - -import "github.com/pkg/errors" - -type serverConfig struct { - handshaker Handshaker -} - -type ServerOpt func(*serverConfig) error - -// WithServerHandshaker can be passed to NewServer to ensure that the -// handshaker is called before every connection attempt. -// -// Only one handshaker is allowed per server. -func WithServerHandshaker(handshaker Handshaker) ServerOpt { - return func(c *serverConfig) error { - if c.handshaker != nil { - return errors.New("only one handshaker allowed per server") - } - c.handshaker = handshaker - return nil - } -}