ctr: Sync code with containerd v1.7.3 ctr

Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
containerd · Aug 15, 2023 · 51d616f · 51d616f
1 parent a5da0f9
commit 51d616f
Show file tree

Hide file tree

Showing 130 changed files with 24,903 additions and 204 deletions.
diff --git a/cmd/ctr/commands/cni.go b/cmd/ctr/commands/cni.go
@@ -0,0 +1,51 @@
+/*
+   Copyright The containerd Authors.
+
+   Licensed under the Apache License, Version 2.0 (the "License");
+   you may not use this file except in compliance with the License.
+   You may obtain a copy of the License at
+
+       http://www.apache.org/licenses/LICENSE-2.0
+
+   Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License.
+*/
+
+package commands
+
+import (
+	"context"
+	"fmt"
+
+	"github.com/containerd/containerd"
+	"github.com/containerd/containerd/namespaces"
+	"github.com/containerd/typeurl/v2"
+)
+
+func init() {
+	typeurl.Register(&NetworkMetaData{},
+		"github.com/containerd/containerd/cmd/ctr/commands", "NetworkMetaData")
+}
+
+const (
+
+	// CtrCniMetadataExtension is an extension name that identify metadata of container in CreateContainerRequest
+	CtrCniMetadataExtension = "ctr.cni-containerd.metadata"
+)
+
+// ctr pass cni network metadata to containerd if ctr run use option of --cni
+type NetworkMetaData struct {
+	EnableCni bool
+}
+
+func FullID(ctx context.Context, c containerd.Container) string {
+	id := c.ID()
+	ns, ok := namespaces.Namespace(ctx)
+	if !ok {
+		return id
+	}
+	return fmt.Sprintf("%s-%s", ns, id)
+}
diff --git a/cmd/ctr/commands/commands.go b/cmd/ctr/commands/commands.go
@@ -34,40 +34,40 @@ var (
 	SnapshotterFlags = []cli.Flag{
 		cli.StringFlag{
 			Name:   "snapshotter",
-			Usage:  "snapshotter name. Empty value stands for the default value.",
+			Usage:  "Snapshotter name. Empty value stands for the default value.",
 			EnvVar: "CONTAINERD_SNAPSHOTTER",
 		},
 	}
 
-	// SnapshotterLabels are cli flags specifying labels which will be add to the new snapshot for container.
+	// SnapshotterLabels are cli flags specifying labels which will be added to the new snapshot for container.
 	SnapshotterLabels = cli.StringSliceFlag{
 		Name:  "snapshotter-label",
-		Usage: "labels added to the new snapshot for this container.",
+		Usage: "Labels added to the new snapshot for this container.",
 	}
 
 	// LabelFlag is a cli flag specifying labels
 	LabelFlag = cli.StringSliceFlag{
 		Name:  "label",
-		Usage: "labels to attach to the image",
+		Usage: "Labels to attach to the image",
 	}
 
 	// RegistryFlags are cli flags specifying registry options
 	RegistryFlags = []cli.Flag{
 		cli.BoolFlag{
 			Name:  "skip-verify,k",
-			Usage: "skip SSL certificate validation",
+			Usage: "Skip SSL certificate validation",
 		},
 		cli.BoolFlag{
 			Name:  "plain-http",
-			Usage: "allow connections using plain HTTP",
+			Usage: "Allow connections using plain HTTP",
 		},
 		cli.StringFlag{
 			Name:  "user,u",
-			Usage: "user[:password] Registry user and password",
+			Usage: "User[:password] Registry user and password",
 		},
 		cli.StringFlag{
 			Name:  "refresh",
-			Usage: "refresh token for authorization server",
+			Usage: "Refresh token for authorization server",
 		},
 		cli.StringFlag{
 			Name: "hosts-dir",
@@ -76,132 +76,144 @@ var (
 		},
 		cli.StringFlag{
 			Name:  "tlscacert",
-			Usage: "path to TLS root CA",
+			Usage: "Path to TLS root CA",
 		},
 		cli.StringFlag{
 			Name:  "tlscert",
-			Usage: "path to TLS client certificate",
+			Usage: "Path to TLS client certificate",
 		},
 		cli.StringFlag{
 			Name:  "tlskey",
-			Usage: "path to TLS client key",
+			Usage: "Path to TLS client key",
 		},
 		cli.BoolFlag{
 			Name:  "http-dump",
-			Usage: "dump all HTTP request/responses when interacting with container registry",
+			Usage: "Dump all HTTP request/responses when interacting with container registry",
 		},
 		cli.BoolFlag{
 			Name:  "http-trace",
-			Usage: "enable HTTP tracing for registry interactions",
+			Usage: "Enable HTTP tracing for registry interactions",
 		},
 	}
 
 	// ContainerFlags are cli flags specifying container options
 	ContainerFlags = []cli.Flag{
 		cli.StringFlag{
 			Name:  "config,c",
-			Usage: "path to the runtime-specific spec config file",
+			Usage: "Path to the runtime-specific spec config file",
 		},
 		cli.StringFlag{
 			Name:  "cwd",
-			Usage: "specify the working directory of the process",
+			Usage: "Specify the working directory of the process",
 		},
 		cli.StringSliceFlag{
 			Name:  "env",
-			Usage: "specify additional container environment variables (e.g. FOO=bar)",
+			Usage: "Specify additional container environment variables (e.g. FOO=bar)",
 		},
 		cli.StringFlag{
 			Name:  "env-file",
-			Usage: "specify additional container environment variables in a file(e.g. FOO=bar, one per line)",
+			Usage: "Specify additional container environment variables in a file(e.g. FOO=bar, one per line)",
 		},
 		cli.StringSliceFlag{
 			Name:  "label",
-			Usage: "specify additional labels (e.g. foo=bar)",
+			Usage: "Specify additional labels (e.g. foo=bar)",
 		},
 		cli.StringSliceFlag{
 			Name:  "annotation",
-			Usage: "specify additional OCI annotations (e.g. foo=bar)",
+			Usage: "Specify additional OCI annotations (e.g. foo=bar)",
 		},
 		cli.StringSliceFlag{
 			Name:  "mount",
-			Usage: "specify additional container mount (e.g. type=bind,src=/tmp,dst=/host,options=rbind:ro)",
+			Usage: "Specify additional container mount (e.g. type=bind,src=/tmp,dst=/host,options=rbind:ro)",
 		},
 		cli.BoolFlag{
 			Name:  "net-host",
-			Usage: "enable host networking for the container",
+			Usage: "Enable host networking for the container",
 		},
 		cli.BoolFlag{
 			Name:  "privileged",
-			Usage: "run privileged container",
+			Usage: "Run privileged container",
 		},
 		cli.BoolFlag{
 			Name:  "read-only",
-			Usage: "set the containers filesystem as readonly",
+			Usage: "Set the containers filesystem as readonly",
 		},
 		cli.StringFlag{
 			Name:  "runtime",
-			Usage: "runtime name",
+			Usage: "Runtime name or absolute path to runtime binary",
 			Value: defaults.DefaultRuntime,
 		},
 		cli.StringFlag{
 			Name:  "runtime-config-path",
-			Usage: "optional runtime config path",
+			Usage: "Optional runtime config path",
 		},
 		cli.BoolFlag{
 			Name:  "tty,t",
-			Usage: "allocate a TTY for the container",
+			Usage: "Allocate a TTY for the container",
 		},
 		cli.StringSliceFlag{
 			Name:  "with-ns",
-			Usage: "specify existing Linux namespaces to join at container runtime (format '<nstype>:<path>')",
+			Usage: "Specify existing Linux namespaces to join at container runtime (format '<nstype>:<path>')",
 		},
 		cli.StringFlag{
 			Name:  "pid-file",
-			Usage: "file path to write the task's pid",
+			Usage: "File path to write the task's pid",
 		},
 		cli.IntSliceFlag{
 			Name:  "gpus",
-			Usage: "add gpus to the container",
+			Usage: "Add gpus to the container",
 		},
 		cli.BoolFlag{
 			Name:  "allow-new-privs",
-			Usage: "turn off OCI spec's NoNewPrivileges feature flag",
+			Usage: "Turn off OCI spec's NoNewPrivileges feature flag",
 		},
 		cli.Uint64Flag{
 			Name:  "memory-limit",
-			Usage: "memory limit (in bytes) for the container",
-		},
-		cli.StringSliceFlag{
-			Name:  "device",
-			Usage: "file path to a device to add to the container; or a path to a directory tree of devices to add to the container",
+			Usage: "Memory limit (in bytes) for the container",
 		},
 		cli.StringSliceFlag{
 			Name:  "cap-add",
-			Usage: "add Linux capabilities (Set capabilities with 'CAP_' prefix)",
+			Usage: "Add Linux capabilities (Set capabilities with 'CAP_' prefix)",
 		},
 		cli.StringSliceFlag{
 			Name:  "cap-drop",
-			Usage: "drop Linux capabilities (Set capabilities with 'CAP_' prefix)",
+			Usage: "Drop Linux capabilities (Set capabilities with 'CAP_' prefix)",
 		},
 		cli.BoolFlag{
 			Name:  "seccomp",
-			Usage: "enable the default seccomp profile",
+			Usage: "Enable the default seccomp profile",
 		},
 		cli.StringFlag{
 			Name:  "seccomp-profile",
-			Usage: "file path to custom seccomp profile. seccomp must be set to true, before using seccomp-profile",
+			Usage: "File path to custom seccomp profile. seccomp must be set to true, before using seccomp-profile",
 		},
 		cli.StringFlag{
 			Name:  "apparmor-default-profile",
-			Usage: "enable AppArmor with the default profile with the specified name, e.g. \"cri-containerd.apparmor.d\"",
+			Usage: "Enable AppArmor with the default profile with the specified name, e.g. \"cri-containerd.apparmor.d\"",
 		},
 		cli.StringFlag{
 			Name:  "apparmor-profile",
-			Usage: "enable AppArmor with an existing custom profile",
+			Usage: "Enable AppArmor with an existing custom profile",
+		},
+		cli.StringFlag{
+			Name:  "blockio-config-file",
+			Usage: "File path to blockio class definitions. By default class definitions are not loaded.",
+		},
+		cli.StringFlag{
+			Name:  "blockio-class",
+			Usage: "Name of the blockio class to associate the container with",
 		},
 		cli.StringFlag{
 			Name:  "rdt-class",
-			Usage: "name of the RDT class to associate the container with. Specifies a Class of Service (CLOS) for cache and memory bandwidth management.",
+			Usage: "Name of the RDT class to associate the container with. Specifies a Class of Service (CLOS) for cache and memory bandwidth management.",
+		},
+		cli.StringFlag{
+			Name:  "hostname",
+			Usage: "Set the container's host name",
+		},
+		cli.StringFlag{
+			Name:  "user,u",
+			Usage: "Username or user id, group optional (format: <name|uid>[:<group|gid>])",
 		},
 	}
 	// ImageDecryptionFlags are cli flags needed when decrypting an image
@@ -236,13 +248,10 @@ func ObjectWithLabelArgs(clicontext *cli.Context) (string, map[string]string) {
 func LabelArgs(labelStrings []string) map[string]string {
 	labels := make(map[string]string, len(labelStrings))
 	for _, label := range labelStrings {
-		parts := strings.SplitN(label, "=", 2)
-		key := parts[0]
-		value := "true"
-		if len(parts) > 1 {
-			value = parts[1]
+		key, value, ok := strings.Cut(label, "=")
+		if !ok {
+			value = "true"
 		}
-
 		labels[key] = value
 	}
 
@@ -253,11 +262,11 @@ func LabelArgs(labelStrings []string) map[string]string {
 func AnnotationArgs(annoStrings []string) (map[string]string, error) {
 	annotations := make(map[string]string, len(annoStrings))
 	for _, anno := range annoStrings {
-		parts := strings.SplitN(anno, "=", 2)
-		if len(parts) != 2 {
+		key, value, ok := strings.Cut(anno, "=")
+		if !ok {
 			return nil, fmt.Errorf("invalid key=value format annotation: %v", anno)
 		}
-		annotations[parts[0]] = parts[1]
+		annotations[key] = value
 	}
 	return annotations, nil
 }