-
Notifications
You must be signed in to change notification settings - Fork 669
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
oci-image-tool: implement create-runtime-bundle #114
Conversation
0aaa5e3
to
5a38e9f
Compare
On Thu, Jun 02, 2016 at 07:07:44AM -0700, Sergiusz Urbaniak wrote:
For now, you probably want to set the tip ociVersion (0.5.0 at the |
|
||
func (c *config) runtimeSpec(rootfs string) specs.Spec { | ||
var s specs.Spec | ||
s.Version = "v0.5.0" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
You don't want the v
prefix (see this example).
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
ha, good catch, thanks!
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
fixed locally
On Thu, Jun 02, 2016 at 07:07:44AM -0700, Sergiusz Urbaniak wrote:
I'd fill in bind-mount entries and just leave ‘source’ entry null. "mounts": [ Then the runtime can fill in (or remove) the null-source entries |
if ug := strings.Split(c.Config.User, ":"); len(ug) == 2 { | ||
if uid, err := strconv.Atoi(ug[0]); err == nil { | ||
s.Process.User.UID = uint32(uid) | ||
} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
These should probably be throwing “not supported yet” errors if it can't make the conversion until you add code to spin up a container with all the mounts and use getent or similar (see opencontainers/runtime-spec#38). Docker may be doing something like this already, so maybe you can grab their code. And this is hideous, ugly, and dangerous, which is why the runtime spec punted it to config authors.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
ack, I'll return an error in this case, thanks for the suggestion 👍
@wking addressed review comments, PTAL and thanks for the review! |
s.Platform.OS = c.OS | ||
s.Platform.Arch = c.Architecture | ||
|
||
if c.OS == "linux" { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Should this return an error when run on an unsupported OS?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
On Fri, Jun 03, 2016 at 12:03:08PM -0700, Stephen Day wrote:
- if c.OS == "linux" {
Should this return an error when run on an unsupported OS?
I don't think so. Perhaps the user is unpacking an image on one
machine that they intend to copy (via a shared filesystem?) and run on
another. It's probably not going to be a core use-case, but if the
image tool is capable of unpacking the image (regardless of its
target OS), I think it should unpack it.
The runtime, on the other hand, must die for unsupported platforms.
An explicit statement to that effect landed two weeks ago via
opencontainers/runtime-spec#441 1.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
To be compatible, it needs to have a conversion for every single OS and needs to fail if it doesn't support that particular OS, as it may drop relevant data.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
On Fri, Jun 03, 2016 at 02:51:22PM -0700, Stephen Day wrote:
- if c.OS == "linux" {
To be compatible, it needs to have a conversion for every single OS…
I don't think you need that, if you have this:
… and needs to fail if it doesn't support that particular OS, as it
may drop relevant data.
So “die if you are asked to convert a format you can't handle
correctly”, not “die if you are asked to convert a format targetting
another platform”.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
As far as I see it I am "dying if I am asked to convert a format I can't handle correctly", so does this looks good to you?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
On Mon, Jun 06, 2016 at 04:12:27AM -0700, Sergiusz Urbaniak wrote:
- if c.OS == "linux" {
As far as I see it I am "dying if I am asked to convert a format I
can't handle correctly", so does this looks good to you?
Yeah. This sub-thread was just clarifying @stevvooe's concern about a
blanket supported-OS check 1, and we both agree that you don't need
that blanket check 2.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
As far as I see it I am "dying if I am asked to convert a format I can't handle correctly", so does this looks good to you?
Where is this happening? It looks like it checks for linux and then moves on if it doesn't understand the OS.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@stevvooe ok, I think I misunderstood ;-)
I'm merely dying when validation failed (https://github.com/opencontainers/image-spec/pull/114/files#diff-da07f373046a0a24e67b18699dc15a70R142)
I'll change the code to return an err if I get an OS != "linux".
d5cf9d2
to
70a918d
Compare
LGTM overall The ExposedPorts thing is an issue but I don't think we should bike shed over it and instead discuss on #87. |
Fixes opencontainers#99 Signed-off-by: Sergiusz Urbaniak <sur@coreos.com>
…ed config The image-tools framework has attempted this since d3ffc1c (oci-image-tool: implement create-runtime-bundle, 2016-06-02, opencontainers#114), but we didn't specify whether the translation was required or what the output of the translation should be. That means downstream consumers of an unpacked image couldn't be sure if they'd find a config.json or (if they found one) which runtime-spec versions it would be compatible with. With this commit, the config output becomes specified, so consumers can post-process their config.json and/or invoke a runtime-spec 1.0.0-rc2-compatible runtime on it without worrying about the presence or version of the unpacked config.json. I've picked 1.0.0-rc2 as the most recent runtime-spec commit. As the runtime-spec moves forward with more RCs, I expect we'll want to bump this to keep up. Once runtime-spec hits 1.0, we can probably freeze the target, since post 1.0 releases in runtime-spec's 1.x line are unlikely to make translation from the config format easier, and any 1.x-compatible runtime will be able to handle 1.0 configs. Signed-off-by: W. Trevor King <wking@tremily.us>
This is a first shot towards a
oci-image-tool create-runtime-bundle
subcommand.I found that converting towards the runtime bundle we have (obviously) quite some impedance mismatch here and there so I guess I surely missed something.
The most important questions for me are:
ociVersion
to I have to set?Volumes
to bundlemounts
?Generally I have the impression that I can only fill up only a small subset of the bundle fields, hence I ask for advice how to proceed here.