-
Notifications
You must be signed in to change notification settings - Fork 3.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add containerd_binary to shim config #2922
Conversation
5637b69
to
d338409
Compare
Signed-off-by: Andrew Rynhard <andrew@andrewrynhard.com>
d338409
to
141aafa
Compare
Codecov Report
@@ Coverage Diff @@
## master #2922 +/- ##
==========================================
- Coverage 44.19% 41.41% -2.78%
==========================================
Files 101 70 -31
Lines 10808 9457 -1351
==========================================
- Hits 4777 3917 -860
+ Misses 5297 4979 -318
+ Partials 734 561 -173
Continue to review full report at Codecov.
|
Do you mean When using musl and gcompat to run containerd, should set -containerd-binary /usr/bin/contaianerd, since when execute os.Executable() in containerd, it will get value |
@Ace-Tang correct. |
Just wondering, why do you think this is a containerd issue that should be fixed within our codebase and not something wrong with musl and gcompat? |
@crosbymichael I don't neccessarily think it is a containerd issue, but I thought it was reasonable to add this config option considering that the golang standard library warns here that:
and that nearly all the other flags to the shim can be supplied via the config. |
@andrewrynhard thanks. I'm still thinking on this... My initial thought would be not to add this for this specific issue. It's kinda a one off flag for this specific environment. Maybe people that have more context on musl like @justincormack or other maintainers could give some feedback first. |
I think the issue is that we are relying on the Go runtime reporting what we expect it to; that comment from A long shot (and something that would take a cycle or two of Go releases) would be to get |
@estesp go just reports
|
Actually, now I'm curious to back up a bit. LinuxKit seems to use alpine with containerd + runc without any need for glibc compat layers; at least the package list doesn't reference anything that would make me think that; so that means containerd is compiled with musl-libc. Is there a reason containerd is being used with a glibc compat layer in this instance? (Edit: Just for clarity; here is the containerd build step in Alpine, with the compiler and other deps being added, but no glibc from what I can tell: https://github.com/linuxkit/linuxkit/blob/master/tools/alpine/Dockerfile#L56-L65) |
It is indeed compiled: https://github.com/linuxkit/linuxkit/blob/eb7e07542f839961b4611ee10f86f524ec9c39e9/tools/alpine/Dockerfile#L53-L65 I would like to avoid having to build containerd. That would also require building golang to run in the musl env I am working on. Maybe I could run golang using gcompat (will try), but I would still like to leverage the officially built binaries and use gcompat as a compatibility layer. EDIT: I didn't refresh and missed the above edit. |
Do we have glibc binaries compiles and downloadable on the release page of this repo. |
Yes, for all recent releases we have linux/amd64 binaries compiled with glibc, and 1.2.2 has a darwin (macOS) binary as well. The latest Docker release also ships a containerd package on Ubuntu that is glibc-based, and the CRI team publishes all binary releases (glibc-based) on a google storage bucket. |
Lets close this for now. We do offer binaries for libc and we do have a pretty clean build pipeline if you did need to compile containerd yourself, just type Feel free to ask anymore questions because we are happy to help. We know the pains that musl gives us all ;) |
Long term option for musl-libc official binaries: looks like Alpine will have containerd as a community package in the next release, v3.9 (@ncopa can correct me if necessary); but looking at the main mirror in the v3.9 dir I see containerd-1.2.2 and runc-1.0.0-rc6 as APKs. |
When using
musl
andgcompat
to runcontainerd
, the shim command has the value/lib/libc.so
for the-containerd-binary
flag. This is due to the use ofos.Executable
when building the shim command. This PR introduces a new item in the shim config (containerd_binary
) to set the path to containerd explicitly.See https://github.com/AdelieLinux/gcompat/blob/master/loader/loader.c#L75-L81 for details on why it is this way with
gcompat
.