github.com/lalkh/containerd@v1.4.3/docs/managed-opt.md

github.com/lalkh/containerd@v1.4.3/docs/managed-opt.md (about)

     1  The containerd managed opt directory provides a way for users to install containerd dependencies using the existing distribution infrastructure.
     2  
     3  With runtime v2 and new shim's being built, it is a challenge to
     4  download various shims or runtime dependencies onto a machine.
     5  
     6  The managed `/opt` directory for containerd allows users to create images that provide these dependencies and install them on a system using the containerd client API.
     7  
     8  Configuration:
     9  
    10  *default:* `/opt/containerd`
    11  
    12  *containerd config:*
    13  ```toml
    14  [plugins.opt]
    15  	path = "/opt/mypath"
    16  
    17  ```
    18  
    19  Usage:
    20  
    21  *code:*
    22  
    23  ```go
    24  image, err := client.Pull(ctx, "docker.io/crosbymichael/runc:latest")
    25  client.Install(ctx, image)
    26  ```
    27  
    28  Options:
    29  
    30  ```go
    31  // WithInstallLibs installs libs from the image
    32  func WithInstallLibs(c *InstallConfig) {
    33  }
    34  
    35  // WithInstallReplace will replace existing files
    36  func WithInstallReplace(c *InstallConfig) {
    37  }
    38  ```
    39  
    40  *ctr:*
    41  
    42  ```bash
    43  ctr content fetch docker.io/crosbymichael/runc:latest
    44  ctr install docker.io/crosbymichael/runc:latest
    45  ```
    46  
    47  You can manage versions and see what is running via standard image commands.
    48  
    49  Images:
    50  
    51  These images MUST be small and only contain binaries and libs if required.
    52  
    53  ```Dockerfile
    54  FROM scratch
    55  Add runc /bin/runc
    56  ```
    57  
    58  Containerd will only extract files in `/bin` of the image by default, Opts can be added to replace or install `libs/`.
    59  However, we recommend that these binaries be static to reduce linked dependencies.
    60  
    61  The code adds a service to manage an `/opt/containerd` directory and
    62  provide that path to callers via the introspection service.
    63  
    64  How to Test:
    65  
    66  Delete runc from your system.
    67  
    68  ```bash
    69  > sudo ctr run --rm  docker.io/library/redis:alpine redis
    70  ctr: OCI runtime create failed: unable to retrieve OCI runtime error (open /run/containerd/io.containerd.runtime.v1.linux/default/redis/log.json: no such file or directory): exec: "runc": executable file not found in $PATH: unknown
    71  
    72  > sudo ctr content fetch docker.io/crosbymichael/runc:latest
    73  > sudo ctr  install docker.io/crosbymichael/runc:latest
    74  
    75  > sudo ctr run --rm  docker.io/library/redis:alpine redis
    76  1:C 01 Aug 15:59:52.864 # oO0OoO0OoO0Oo Redis is starting oO0OoO0OoO0Oo
    77  1:C 01 Aug 15:59:52.864 # Redis version=4.0.10, bits=64, commit=00000000, modified=0, pid=1, just started
    78  1:C 01 Aug 15:59:52.864 # Warning: no config file specified, using the default config. In order to specify a config file use redis-server /path/to/redis.conf
    79  1:M 01 Aug 15:59:52.866 # You requested maxclients of 10000 requiring at least 10032 max file descriptors.
    80  1:M 01 Aug 15:59:52.866 # Server can't set maximum open files to 10032 because of OS error: Operation not permitted.
    81  1:M 01 Aug 15:59:52.866 # Current maximum open files is 1024. maxclients has been reduced to 992 to compensate for low ulimit. If you need higher maxclients increase 'ulimit -n'.
    82  1:M 01 Aug 15:59:52.870 * Running mode=standalone, port=6379.
    83  1:M 01 Aug 15:59:52.870 # WARNING: The TCP backlog setting of 511 cannot be enforced because /proc/sys/net/core/somaxconn is set to the lower value of 128.
    84  1:M 01 Aug 15:59:52.870 # Server initialized
    85  1:M 01 Aug 15:59:52.870 # WARNING overcommit_memory is set to 0! Background save may fail under low memory condition. To fix this issue add 'vm.overcommit_memory = 1' to /etc/sysctl.conf and then reboot or run the command 'sysctl vm.overcommit_memory=1' for this to take effect.
    86  1:M 01 Aug 15:59:52.870 # WARNING you have Transparent Huge Pages (THP) support enabled in your kernel. This will create latency and memory usage issues with Redis. To fix this issue run the command 'echo never > /sys/kernel/mm/transparent_hugepage/enabled' as root, and add it to your /etc/rc.local in order to retain the setting after a reboot. Redis must be restarted after THP is disabled.
    87  1:M 01 Aug 15:59:52.870 * Ready to accept connections
    88  ^C1:signal-handler (1533139193) Received SIGINT scheduling shutdown...
    89  1:M 01 Aug 15:59:53.472 # User requested shutdown...
    90  1:M 01 Aug 15:59:53.472 * Saving the final RDB snapshot before exiting.
    91  1:M 01 Aug 15:59:53.484 * DB saved on disk
    92  1:M 01 Aug 15:59:53.484 # Redis is now ready to exit, bye bye...
    93  ```
    94  For Windows:
    95  
    96  ```Dockerfile
    97  FROM mcr.microsoft.com/windows/nanoserver:1809
    98  ADD runhcs.exe /bin/runhcs.exe
    99  ```
   100  
   101  ```powershell
   102  > ctr content fetch docker.io/ameyagawde/runhcs:1809 #An example image, not supported by containerd
   103  > ctr install docker.io/ameyagawde/runhcs:1809
   104  ```
   105  The Windows equivalent for `/opt/containerd` will be `$env:ProgramData\containerd\root\opt`