Feisky
gravatar

© 2022 feiskyer CC BY-SA 4.0
Built with Hugo ❤️ hyde-hyde.

runc and runV

Apr 28, 2016
docker container
3 min read

runc is a CLI tool for spawning and running containers according to the OCI specification, while runV is a hypervisor-based runtime for OCI. Both of them are recommanded (implementations](https://github.com/opencontainers/runtime-spec/blob/master/implementations.md) of OCI.

Playing with runc

Install runc:

yum install -y libseccomp-devel
mkdir -p $GOPATH/src/github.com/opencontainers
cd $GOPATH/src/github.com/opencontainers
git clone https://github.com/opencontainers/runc
cd runc
make
sudo make install

Run busybox:

$ docker pull busybox
$ mkdir rootfs
$ docker export $(docker create busybox) | tar -C rootfs -xvf -
$ runc spec .
$ runc start test
/ # ps
PID   USER     COMMAND
1 root     sh
9 root     ps

Playing with docker-containerd

docker-containerd is installed togather with docker 1.11.

$ docker-containerd-ctr --address "/var/run/docker/libcontainerd/docker-containerd.sock" containers
ID                                                                 PATH                                                                                             STATUS              PROCESSES
346c1b7bbb04b760032557e1324a4027ec0055ea84dca109134c02e03dc1242c   /var/run/docker/libcontainerd/346c1b7bbb04b760032557e1324a4027ec0055ea84dca109134c02e03dc1242c   running             init
bca15f3420e3218987314e1cbbf440120ff880af44844778293c4130526c85cc   /var/run/docker/libcontainerd/bca15f3420e3218987314e1cbbf440120ff880af44844778293c4130526c85cc   running             init
$ docker-containerd-ctr --address "/var/run/docker/libcontainerd/docker-containerd.sock" containers exec --id=346c1b7bbb04b760032557e1324a4027ec0055ea84dca109134c02e03dc1242c --pid=20 --cwd=/ -a /bin/ps aux
PID   USER     TIME   COMMAND
    1 root       0:00 sh
   51 root       0:00 /bin/ps aux
$ docker-containerd-ctr --address "/var/run/docker/libcontainerd/docker-containerd.sock" state 346c1b7bbb04b760032557e1324a4027ec0055ea84dca109134c02e03dc1242c
{"containers":[{"id":"346c1b7bbb04b760032557e1324a4027ec0055ea84dca109134c02e03dc1242c","bundlePath":"/var/run/docker/libcontainerd/346c1b7bbb04b760032557e1324a4027ec0055ea84dca109134c02e03dc1242c","processes":[{"pid":"init","terminal":true,"user":{"additionalGids":[10]},"args":["sh"],"env":["PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin","HOSTNAME=346c1b7bbb04","TERM=xterm"],"cwd":"/","systemPid":3716,"stdin":"/var/run/docker/libcontainerd/346c1b7bbb04b760032557e1324a4027ec0055ea84dca109134c02e03dc1242c/init-stdin","stdout":"/var/run/docker/libcontainerd/346c1b7bbb04b760032557e1324a4027ec0055ea84dca109134c02e03dc1242c/init-stdout","stderr":"/var/run/docker/libcontainerd/346c1b7bbb04b760032557e1324a4027ec0055ea84dca109134c02e03dc1242c/init-stderr","capabilities":["CAP_CHOWN","CAP_DAC_OVERRIDE","CAP_FSETID","CAP_FOWNER","CAP_MKNOD","CAP_NET_RAW","CAP_SETGID","CAP_SETUID","CAP_SETFCAP","CAP_SETPCAP","CAP_NET_BIND_SERVICE","CAP_SYS_CHROOT","CAP_KILL","CAP_AUDIT_WRITE"]}],"status":"running","pids":[3716],"runtime":"docker-runc"}],"machine":{"cpus":2,"memory":7982}}

Playing with runV

Install runV:

mkdir -p $GOPATH/src/github.com/hyperhq
cd $GOPATH/src/github.com/hyperhq
git clone https://github.com/hyperhq/runv/
cd runv
./autogen.sh
./configure
make
sudo make install

To run container in runV, kernel and initrd are needed since runV is based on hypervisor. They could be compiled from hyperstart.

$ docker pull busybox
$ mkdir rootfs
$ docker export $(docker create busybox) | tar -C rootfs -xvf -
$ runv spec .
$ runv --kernel=/var/lib/hyper/kernel --initrd=/var/lib/hyper/hyper-initrd.img start test

Playing with runv-containerd

Install ctr CLI from containerd

cd $GOPATH/src/github.com/docker
git clone https://github.com/docker/containerd.git
cd containerd
make
make install

Start runv containerd

runv-containerd --kernel=/var/lib/hyper/kernel --initrd=/var/lib/hyper/hyper-initrd.img

Run ctr command now:

ctr --address=unix:///run/runv-containerd/containerd.sock containers

# Creating OCI bundles
mkdir -p busybox/rootfs
docker export $(docker create busybox) | tar -C busybox/rootfs -xvf -
cd busybox
runv spec .

Change the contents of config.json to

{
  "ociVersion": "0.5.0-dev",
  "platform": {
    "os": "linux",
    "arch": "amd64"
  },
  "process": {
    "terminal": true,
    "user": {},
    "args": [
      "sh"
    ],
    "env": [
      "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin",
      "TERM=xterm"
    ],
    "cwd": "/"
  },
  "root": {
    "path": "rootfs",
    "readonly": false
  },
  "hostname": "shell",
  "mounts": [
    {
      "destination": "/proc",
      "type": "proc",
      "source": "proc"
    },
    {
      "destination": "/dev",
      "type": "tmpfs",
      "source": "tmpfs",
      "options": [
        "nosuid",
        "strictatime",
        "mode=755",
        "size=65536k"
      ]
    },
    {
      "destination": "/dev/pts",
      "type": "devpts",
      "source": "devpts",
      "options": [
        "nosuid",
        "noexec",
        "newinstance",
        "ptmxmode=0666",
        "mode=0620",
        "gid=5"
      ]
    },
    {
      "destination": "/dev/shm",
      "type": "tmpfs",
      "source": "shm",
      "options": [
        "nosuid",
        "noexec",
        "nodev",
        "mode=1777",
        "size=65536k"
      ]
    },
    {
      "destination": "/dev/mqueue",
      "type": "mqueue",
      "source": "mqueue",
      "options": [
        "nosuid",
        "noexec",
        "nodev"
      ]
    },
    {
      "destination": "/sys",
      "type": "sysfs",
      "source": "sysfs",
      "options": [
        "nosuid",
        "noexec",
        "nodev",
        "ro"
      ]
    },
    {
      "destination": "/sys/fs/cgroup",
      "type": "cgroup",
      "source": "cgroup",
      "options": [
        "nosuid",
        "noexec",
        "nodev",
        "relatime",
        "ro"
      ]
    }
  ],
  "hooks": {},
  "linux": {
    "resources": {
      "devices": [
				{
          "allow": false,
          "access": "rwm"
        }
			]
    },
    "namespaces": [
      {
        "type": "pid"
      },
      {
        "type": "ipc"
      },
      {
        "type": "uts"
      },
      {
        "type": "mount"
      }
    ],
		"devices": null
  }
}

Start container:

ctr --address=unix:///run/runv-containerd/containerd.sock containers start test /root/busybox

$ ctr --address=unix:///run/runv-containerd/containerd.sock containers
ID                  PATH                STATUS              PROCESSES
test                /root/busybox       running             init

$ ctr --address=unix:///run/runv-containerd/containerd.sock containers exec --id=test --pid=20 --cwd=/ -a  ps aux
PID   USER     TIME   COMMAND
    1 root       0:00 /init
    2 root       0:00 sh
    4 root       0:00 ps aux

ps -ef | grep qemu
qemu-system-x86_64 -machine pc-i440fx-2.0,usb=off -cpu core2duo -kernel /var/lib/hyper/kernel -initrd /var/lib/hyper/hyper-initrd.img -append "console=ttyS0 panic=1 no_timer_check" -realtime mlock=off -no-user-config -nodefaults -no-hpet -rtc base=utc,driftfix=slew -no-reboot -display none -boot strict=on -m 128 -smp 1 -qmp unix:/var/run/hyper/vm-JRPdDUOkqA/qmp.sock,server,nowait -serial unix:/var/run/hyper/vm-JRPdDUOkqA/console.sock,server,nowait -device virtio-serial-pci,id=virtio-serial0,bus=pci.0,addr=0x2 -device virtio-scsi-pci,id=scsi0,bus=pci.0,addr=0x3 -chardev socket,id=charch0,path=/var/run/hyper/vm-JRPdDUOkqA/hyper.sock,server,nowait -device virtserialport,bus=virtio-serial0.0,nr=1,chardev=charch0,id=channel0,name=sh.hyper.channel.0 -chardev socket,id=charch1,path=/var/run/hyper/vm-JRPdDUOkqA/tty.sock,server,nowait -device virtserialport,bus=virtio-serial0.0,nr=2,chardev=charch1,id=channel1,name=sh.hyper.channel.1 -fsdev local,id=virtio9p,path=/var/run/hyper/vm-JRPdDUOkqA/share_dir,security_model=none -device virtio-9p-pci,fsdev=virtio9p,mount_tag=share_dir
Container runtime in Docker v1.11 Reading notes of week 17

Related Articles

comments powered by Disqus