-
Notifications
You must be signed in to change notification settings - Fork 554
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Separate container sandbox lifecycle from that of the processes inside it #299
Comments
I'd suggest the prototype should test with usernamespaces, especially in light of bugs like this one: The init process of the container needs to be able to join a pre-created user namespace. |
@ashahab-altiscale: As long as user namespaces don't require a process to pin it, I don't see any issue here. |
On Tue, Jan 12, 2016 at 03:13:37PM -0800, Vish Kannan wrote:
This seems like a high-level change. Should discussion happen on the
Yeah, if we have a separate create and exec, we can drop hooks and
Not necessarily. ccon-ced (discussed in #226) wraps a runtime that
|
s/Support/Separate in issue title
(emphasis mine)
To be clear, are you suggesting removing hooks entirely from the spec?
It makes me pretty uneasy to have the |
On Tue, Jan 12, 2016 at 03:56:28PM -0800, Jonathan Boulle wrote:
Yeah, -1 to having PID namespace be implicit. If you run starts On naming, see ‘exec’ vs. ‘start’ here in opencontainers/runc#210. |
On Tue, Jan 12, 2016 at 6:52 PM W. Trevor King notifications@github.com
This is because we're sitting in the face-2-face and working through this |
On Tue, Jan 12, 2016 at 04:51:36PM -0800, Vincent Batts wrote:
Yeah, that's fine. But when dumping from the face-to-face into the |
On Tue, Jan 12, 2016 at 03:29:28PM -0800, Vish Kannan wrote:
The issue is the order in which you join or create namespaces, which Make a new user namespace: In a different terminal, trying to create a new PID namespace and join But trying to join the user namespace and then create a new PID I think @ashahab-altiscale is just suggesting we avoid that issue by |
@wking Exactly. The order of namespace creation is important. |
s/Cleanup/Stop/ but aside from that I like the idea of the split. |
re: multiple "starts": based on what I've heard I don't think multiple concurrent "starts" would be allowed. I think I'm hearing that people still want a single main process in the container, which means once you've started it your only choice is to use "exec" to get a 2nd process. Once the main proc ended then you can issue "start" again tho. |
On Fri, Jan 22, 2016 at 07:11:42AM -0800, Doug Davis wrote:
Is the only difference between ‘start’ and ‘exec’ whether you're Or are we just splitting commands for portability (e.g. to allow |
Changing what 'exec' will do based on whether its the first call is a bit non-deterministic. Imagine I do "runc exec" thinking it'll generate a secondary proc and as such I have different management logic for it. If it turns out it ends up being the main proc (because I didn't know the main proc just died) I might end up with very different (incorrect) results than what I expected. |
On Fri, Jan 22, 2016 at 08:21:45AM -0800, Doug Davis wrote:
Yeah, I think we're all on board with that being a bad idea. I'm |
+1 on splitting the init process from secondary process. On Fri, Jan 22, 2016 at 9:52 AM W. Trevor King notifications@github.com
|
What should the full UI be for this change? cd redis-bundle/
# create the container
container create redis
# start the init process defined in the bundle
container start redis
# start additional processes
contianer exec redis -- bash
# kill the container
container kill redis
# delete the container
container delete redis
?? |
Yeah. That's the UI I'm thinking as well. On Fri, Jan 22, 2016 at 12:06 PM Michael Crosby notifications@github.com
|
yes but I'd prefer "container stop redis" since "stop" feels like a better opposite/book-end to "start" than "kill". Yes I know under the covers we send a kill signal, but that's a detail the end user doesn't need to know or care about. |
@vishh great minds think alike ;) |
On Fri, Jan 22, 2016 at 12:09:24PM -0800, Doug Davis wrote:
Unless they're putting in a SIGTERM handler for a graceful exit, and |
I'm distinguishing between |
On Fri, Jan 22, 2016 at 12:06:51PM -0800, Michael Crosby wrote:
Because start/exec will use some currently-configured settings that $ cat exec.json to handle and initial: $ container exec redis And a: $ cat bash.json to handle a subsequent: You can always write separate ‘start’ and ‘exec’ wrappers on top of an If we go with the separate, runtime-level start/exec approach, I think |
On Fri, Jan 22, 2016 at 12:22:17PM -0800, Doug Davis wrote:
If you have the latter (which I prefer), what good is the former? |
What is the state of the system after a kill/stop with SIGTERM? I imagine the init process and it's children will die. What about the namespaces? Which fds will remain mounted vs being cleaned up? Can I start another init process with the same namespace fds(after a stop/kill)? |
On Fri, Jan 22, 2016 at 01:40:54PM -0800, Abin Shahab wrote:
After a SIGTERM they should all exit cleanly. But SIGTERM is
Everything except the PID namespace should have been created by the |
Re-using the sandbox should be possible, except that the sandbox might On Fri, Jan 22, 2016 at 2:13 PM, W. Trevor King notifications@github.com
|
I sure hope so :-) |
AFAIK, there are only two APIs which can be used to create new namespaces:
They either create a new process or called by a process which will be a member of the new namespaces. So how can we create new namespaces without creating new processes? |
See opencontainers/runc#506 we do create a new process during create(), but we hold on to the namespaces (except PID) so that subsequent processes can reuse those other namespaces |
@vishh do you think there are any actionable items left in this issue? We did the create/start/delete split and you have an option to never actually start the container's process but keep adding |
As of now, the runtime lifecycle states that there is a
Start
action which results in creation of a container sandbox and spawning the first process inside the container.It would be better to separate lifecycle of the container sandbox from that of container processes.
To be more precise, I'm proposing introducing the following oci actions:
This split will obviate the need for supporting hooks. Users are free to run hooks outside of the runtime as they please.
The existing Spec needs to be split into a Sandbox configuration and a Process configuration.
The process configuration can be reused for the
Exec
use-case.FYI: This was discussed during the OCI meeting on 1/12/16 and everyone present agreed to this proposal.
We need to prototype this separation in one or more Operating Systems before requiring it in the Spec.
Input from runtime authors on non-linux platforms will be helpful here.
The text was updated successfully, but these errors were encountered: