-
Notifications
You must be signed in to change notification settings - Fork 553
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add VM-based runtime configuration details. #405
Conversation
config.md
Outdated
|
||
## RuntimeDriver | ||
|
||
RuntimeDriver is an optional driver name to be passed to VM-based runtimes. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Is the intention of RuntimeDriver
to select between Xen, KVM, Qemu and other hypervisors?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
That was the intention, yes. Since HypervisorPath is already specified, maybe this field is redundant as named. Maybe rather than RuntimeDriver, something like HypervisorPersonality would be more useful. I added RuntimeDriver specifically for the benefit of runv so would be good to get input from them as to whether HypervisorPath is sufficient.
LGTM |
config.md
Outdated
@@ -265,6 +265,19 @@ Annotations are key-value maps. | |||
} | |||
``` | |||
|
|||
## ImagePath | |||
|
|||
ImagePath is an optional absolute path to the root filesystem image used by VM-based runtimes. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Maybe:
imagePath
(string, optional) path to the root filesystem image used by VM-based runtimes.
Why do you currently require an absolute path?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
And docs around the need for this setting vs. root.path
would be nice (cherry-pick from here?). I'm backing off of my earlier suggestion to put all of this information in root.path
, because it would be awkward to combine a POSIX path-to-image with a Windows path-to-root-inside-the-image (if you were launching a Windows VM on from a POSIX system).
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
imagePath needs to be absolute since it will not form part of the bundle, so the runtime needs to know exactly where on the host to find it.
I've updated the PR with further details on imagePath as suggested.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
On Wed, May 11, 2016 at 02:12:16AM -0700, James Hunt wrote:
+ImagePath is an optional absolute path to the root filesystem image used by VM-based runtimes.
imagePath needs to be absolute since it will not form part of the
bundle, so the runtime needs to know exactly where on the host to
find it.
With Linux-namespace containers, the runtime knows exactly where to
find root.path without it having to be absolute (relative paths are
interpreted relative to the directory containining config.json). So I
don't see a reason to require absolute paths. Then folks could put
the image in the bundle if they wanted, or point at an absolute path
if they wanted.
@crosbymichael, @wking - how does this look? |
config.md
Outdated
* **`imagePath`** (string, required) path to file that represents the root filesystem for the virtual machine. | ||
* **`kernel`** (object, required) specifies details of the kernel to boot the virtual machine with. | ||
|
||
Note that `imagePath` refers to a path on the host (outside of the virtual machine). This field is distinct from the **`path`** field in the (#Root-Configuration) section since in the context of a virtual machine-based runtime: |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I may be hyphen-happy, but I'm pretty sure a “machine-based” hyphen should also come with a “virtual-machine” hyphen. Whether “virtual-machine-based” or “virtual-machine based” is better is beyond me ;).
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Also, one sentence per line.
Hi @wking - I've pushed updates to all your comments except [3] - I know we discussed this on the mailing list, but I'm still slightly wary of having " Also, using a real-world example, I believe docker/containerd would be required to know that a containers runtime was set to a vm-based one and therefore not generate a "
This doesn't sound ideal, but maybe @crosbymichael could comment on this. How about instead we add something like " "platform": {
"os": "linux",
"arch": "amd64",
"variant": "vm"
}, Where The only further thought I had was on the kernel parameters: it might be more elegant to encode them as an array, but more practical to specify them in string form. |
On Fri, May 20, 2016 at 07:15:46AM -0700, James Hunt wrote:
Thanks. And just a reminder that I'm not a maintainer, so please take
I'm not clear on how VM-based containers are intended to manage the "platform": { Where runtimes that support VMs require ‘guest’ and look for a ‘vm’ |
On Fri, May 20, 2016 at 11:25:28AM -0700, W. Trevor King wrote:
The other reasonable approach here is to punt platform information to
It seems unlikely that the ‘platform’ section ever covers the full So I'm fine keeping it (and splitting host/guest) or dropping it (and |
@jamesodhunt i don't think we need to change anything around populating the platform to VM. LGTM |
On Fri, May 20, 2016 at 02:16:25PM -0700, Michael Crosby wrote:
How do you see the existing structure being populated for the various |
config-vm.md
Outdated
Note that `imagePath` refers to a path on the host (outside of the virtual machine). | ||
This field is distinct from the **`path`** field in the (#Root-Configuration) section since in the context of a virtual-machine-based runtime: | ||
|
||
* **`ImagePath`** will represent the root filesystem for the virtual machine. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
s/ImagePath/imagePath ?
I am sorry, I don't understand why this configuration data must live in the runtime specification and isn't just part of the flags or configuration given to the runtime. These three parameters don't seem fundamental to me. In |
@opencontainers/runtime-spec-maintainers Can we starting reviewing this again? What's the major block here? |
"This branch has conflicts that must be resolved", should rebase and commit again. |
3c841e3
to
f379bc7
Compare
After reading through this thread, the only blocker I see is to see some commonality for VMs, and we had a weekly meeting to discuss on March, according to the minutes: http://ircbot.wl.linuxfoundation.org/meetings/opencontainers/2017/opencontainers.2017-03-15-21.02.log.html , @RobDolinMS have pinged some Windows folks to take a look, how's that going? @RobDolinMS Also ping @opencontainers/runtime-spec-maintainers how's other maintainers think on this? I'd like to push this as it makes sense and is very useful for container ecosystem, it's been too long without any progress. |
@hqhq with CC 3.0 use a libcontainer based agent on the VM where we're basically able to apply most of the OCI runtime resource constraints to the container inside the VM. |
@sameo Thanks for your response, after more thoughts, I have a question about this PR. If we add an entry to OCI config, what should happen if we try to validate or run a non-vm-based runtime (such like runc) with a config file which has a vm entry in it? Should we say the config file is invalid? As we have definition in
Or vise-versa, what if we validate or run a vm-based runtime with a config without a vm entry? Since this entry is optional, runtime should run a container without an optional property, right? I kind of understand @philips 's concern on this, spec should contain properties those are directly related to the container processes configuration. But I also think the container word in Also ping @liangchenye for runtime-tools 's perspective on this PR. |
The runtime-tools will have four tests:
Just as @hqhq refers, it is inconsistent with current spec (case 1).
Another problem is it is not possible to determine if a runtime is vm-based (case 4). |
Also, we might need to change image spec to add a 'vm' config. |
The VM section is optional so non VM based runtimes should simply ignore it. The same way I assume runc today is capable of creating and running a container based on a config.json even if that file contains both a And VM based runtimes must support configs without a VM section today and will have to do so in the future, as it's an optional section.
Yes, I fully agree. A VM is one addtional, optional isolation layer for containers. And it defines how the process could run. // HyperV contains information for running a container with Hyper-V isolation.
HyperV *WindowsHyperV `json:"hyperv,omitempty"` So it seems hardware virtualization is already an accepted isolation mechanism for containers. |
I would disagree with that. The container image is orthogonal to the VM it's going to run into, there should not be any link between a container image and a VM definition. |
Pretty much, yes. So I think case 4 should be positive, i.e. runv/clearcontainers should continue supporting config files without a VM section. The same way they support it today. |
It means runc/cc has and will use its default VM section, right?
Images follows this flow:
|
Address the issue mentioned in: opencontainers#405 (comment) We already doing this in runc as we can run a container with a config which has `windows` entry. And this is the right way to handle it. Signed-off-by: Qiang Huang <h.huangqiang@huawei.com>
Address the issue mentioned in: opencontainers#405 (comment) We already doing this in runc as we can run a container with a config which has `windows` entry. And this is the right way to handle it. Signed-off-by: Qiang Huang <h.huangqiang@huawei.com>
We don't append a VM section in the OCI config file, but we use configuration files for setting default kernel and guest image paths.
Not sure you need to do this. From e.g. kubernetes, you could add specific annotations to your pod to specify a kernel and image path you want to use for this specific pod. The scheduler/orchestrator does not really need to know that the runtime is VM based, it will at some point add a VM section to the OCI config file based on the pod/workload metadata it received.
Yes, although I would replace scheduler with "one of the scheduler's component".
Yes. |
Add configuration details for virtual-machine-based runtimes. Signed-off-by: James O. D. Hunt <james.o.hunt@intel.com>
All paths specified in the configuration for virtual-machine-based runtimes are host-side. Signed-off-by: James O. D. Hunt <james.o.hunt@intel.com>
Signed-off-by: James O. D. Hunt <james.o.hunt@intel.com>
Signed-off-by: James O. D. Hunt <james.o.hunt@intel.com>
f379bc7
to
fe42b99
Compare
Has the plan for this changed since the announcement of https://katacontainers.io/ ? Personally I think Kata should inform the spec work. |
#949 was merged. |
First pass, based on discussions on the mailing list:
Signed-off-by: James Hunt james.o.hunt@intel.com