From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mp1.migadu.com ([2001:41d0:1008:1e59::1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by ms1.migadu.com with LMTPS id AOhgL6tEXmYXcQAAA41jLg (envelope-from ) for ; Tue, 04 Jun 2024 00:33:15 +0200 Received: from aspmx1.migadu.com ([2001:41d0:303:e16b::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by mp1.migadu.com with LMTPS id aFmGK6tEXmYpqwAA62LTzQ (envelope-from ) for ; Tue, 04 Jun 2024 00:33:15 +0200 X-Envelope-To: larch@yhetil.org Authentication-Results: aspmx1.migadu.com; dkim=fail ("headers rsa verify failed") header.d=gmail.com header.s=20230601 header.b=kDreOWtY; spf=pass (aspmx1.migadu.com: domain of "guix-patches-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="guix-patches-bounces+larch=yhetil.org@gnu.org"; dmarc=fail reason="SPF not aligned (relaxed)" header.from=gmail.com (policy=none) ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=yhetil.org; s=key1; t=1717453995; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding:resent-cc: resent-from:resent-sender:resent-message-id:in-reply-to:in-reply-to: references:references:list-id:list-help:list-unsubscribe: list-subscribe:list-post:dkim-signature; bh=CJAgkoGkS8uRtXdA/ypswBErrI6JFoe9Wx54wlZIUbw=; b=fAfAe3zVax7lXRl7A+fWcQ/wjZU9l3Row6OQCOPtk95en43+a9YKmE0Kd8QzI3THNFBuxT xA4x5G8+eidJ5GxtODTQOmb/83z845pNnzUIODZDNit7fj//ZzdSldJAnIHqQQRLkaIswY 2q7Wc5Dqd4vl95vVNIQNCQMl7jiBZ1AebkrAI5TmXET8f8ATKnl2pQ8s0uLDIsbhdZAVJX Zmjd9/rhyGVGToTmDWvFaWx+6onEaSbpTrcHJZfk25C7coTAgfIs0skOIgubU0117zxVm6 c36meOJxHbHYYXbbzK1axKQE8do9AJ1Fqa8DWAy2CEoWnMhksHVHjFsMFQcy8A== ARC-Authentication-Results: i=1; aspmx1.migadu.com; dkim=fail ("headers rsa verify failed") header.d=gmail.com header.s=20230601 header.b=kDreOWtY; spf=pass (aspmx1.migadu.com: domain of "guix-patches-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="guix-patches-bounces+larch=yhetil.org@gnu.org"; dmarc=fail reason="SPF not aligned (relaxed)" header.from=gmail.com (policy=none) ARC-Seal: i=1; s=key1; d=yhetil.org; t=1717453995; a=rsa-sha256; cv=none; b=G1xRQy/n61lMfrhvJlaz7hqvxt6QdpOPWNVrdtO+UfDKytR496hP4CRN2eiAnwxXxtw6up DxEeryPxi3JsYWSF4P41od1COWb/9kYikLjt+g1vvxHtDow4WGGEImXm2NXfU0GliTDosI LznsmJDjlV4HOE5B8kR32GzR/KCJlnvtw8DtOgsk3nOXESf8QFS9kdLArbu++6LNBbSBDW LmJ7VfhfZDgkgcf5jxW12xz6nf0d6W9udl6PFK7aOX9m1bzHSCfNZc5gW31Xo2N1MWcnit 0INZLVvDo1sDeZzmgBuvcSVPJS7VWMXihKxD5KXXWBwR/XoTAHHBoq72S1vwIQ== Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by aspmx1.migadu.com (Postfix) with ESMTPS id 88FC1108F6 for ; Tue, 4 Jun 2024 00:33:15 +0200 (CEST) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1sEGEX-0005rv-Fc; Mon, 03 Jun 2024 18:32:53 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1sEGEW-0005rQ-07 for guix-patches@gnu.org; Mon, 03 Jun 2024 18:32:52 -0400 Received: from debbugs.gnu.org ([2001:470:142:5::43]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1sEGEU-0002iG-Pm; Mon, 03 Jun 2024 18:32:50 -0400 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1sEGEf-0005QN-SI; Mon, 03 Jun 2024 18:33:01 -0400 X-Loop: help-debbugs@gnu.org Subject: [bug#71324] [PATCH 1/2] services: containerd: Provision separately from docker service. Resent-From: Oleg Pykhalov Original-Sender: "Debbugs-submit" Resent-CC: pelzflorian@pelzflorian.de, ludo@gnu.org, matt@excalamus.com, maxim.cournoyer@gmail.com, guix-patches@gnu.org Resent-Date: Mon, 03 Jun 2024 22:33:01 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 71324 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: 71324@debbugs.gnu.org Cc: Oleg Pykhalov , Florian Pelz , Ludovic =?UTF-8?Q?Court=C3=A8s?= , Matthew Trzcinski , Maxim Cournoyer X-Debbugs-Original-Xcc: Florian Pelz , Ludovic =?UTF-8?Q?Court=C3=A8s?= , Matthew Trzcinski , Maxim Cournoyer Received: via spool by 71324-submit@debbugs.gnu.org id=B71324.171745396820809 (code B ref 71324); Mon, 03 Jun 2024 22:33:01 +0000 Received: (at 71324) by debbugs.gnu.org; 3 Jun 2024 22:32:48 +0000 Received: from localhost ([127.0.0.1]:55924 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1sEGER-0005PV-9z for submit@debbugs.gnu.org; Mon, 03 Jun 2024 18:32:48 -0400 Received: from mail-lf1-f49.google.com ([209.85.167.49]:38223) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1sEGEM-0005P6-Tf for 71324@debbugs.gnu.org; Mon, 03 Jun 2024 18:32:46 -0400 Received: by mail-lf1-f49.google.com with SMTP id 2adb3069b0e04-52b96eafeeaso152800e87.1 for <71324@debbugs.gnu.org>; Mon, 03 Jun 2024 15:32:29 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1717453883; x=1718058683; darn=debbugs.gnu.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=CJAgkoGkS8uRtXdA/ypswBErrI6JFoe9Wx54wlZIUbw=; b=kDreOWtY+XmASb+DSGJUr56mRUylyMHi68Mmt2AVkgtKoB14qR1Q4MAlFzLCRUQHLq WbTImbN2QNYn0/iqHzYQTYXB6+Yq9NbWc/gCwJFVuCFQvNKhNjHipCwiGMsfC/kWPdtC UZCZ5ZbcU8FaV/bf8YbHIkJznip8ZSQUfHD+Hpt7JDwkWY/2zUBbw2itKi4Id+8Op6Wk q1W440KhpV4b+WgnRVK1/ona94iR17MRIZLPyDbzP4j8KRoZtdC55dXx6Xm7j51N9PMu 2iug4V86d5kaRwTatf56ywLq0TGuohXAQX0DreGSF+KOJjz/QZ/5JWu80dgRaneHil5g fSEw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1717453883; x=1718058683; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=CJAgkoGkS8uRtXdA/ypswBErrI6JFoe9Wx54wlZIUbw=; b=tnaNL/4MAYBSTq/uUFxrvdnWyIjcM3ADfhrQ5tkXRHdOowvj13wXsn3i/Enia60Awq shJSum3ZpbTHw0i6AltazDpQB0LGksoEBhosbg+l8AjhbUvWMBYZ2Zg5CVwyXRzzgE+s 8MGSrbirJvvpVzVBxBSK2fILFekpCZGF8wZcOv5iXorbktGQJ/ENgOmbiPZ5jFRDEZsP onm9zmapWWb5kIBw3O+T8HysHOTbad7yZppAO8ai4cOotTcz0RfAZwoVWQbFGHivxi1l Gkxvxmtc/WXRuT1nvpUy6GarD+HYa9uKincdrLv9NBiLWKOqkfw/XcucRbHNjhaDCFIl C1qg== X-Gm-Message-State: AOJu0YyZTQGmttJaUiC6PN/S+B6BAl/N97NKWTtrgiefwUdfjTXtF2Df teduBhOqkWuKztFODvUVEeIfVwKdodOj5JFY4EqUxQZsWGliu+8S0jk3uQ== X-Google-Smtp-Source: AGHT+IGACJmpEiqynQWg9ixzHJaL2JHtPFCEJnV+jRWmnXA+I3h2qAL1r6iHIBA32TS/SOSjFRmTkw== X-Received: by 2002:a05:6512:1389:b0:528:3de4:12c6 with SMTP id 2adb3069b0e04-52ba43d4cd3mr389912e87.4.1717453883101; Mon, 03 Jun 2024 15:31:23 -0700 (PDT) Received: from guixsd.wugi.info ([93.100.15.190]) by smtp.gmail.com with ESMTPSA id 2adb3069b0e04-52b84d3f9ecsm1342328e87.98.2024.06.03.15.31.22 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 03 Jun 2024 15:31:22 -0700 (PDT) From: Oleg Pykhalov Date: Tue, 4 Jun 2024 01:30:48 +0300 Message-ID: <22d45fa8e5f64e42b509141c3579a0c1626a5fcf.1717453849.git.go.wigust@gmail.com> X-Mailer: git-send-email 2.41.0 In-Reply-To: <87r0de3vkh.fsf@pelzflorian.de> References: <87r0de3vkh.fsf@pelzflorian.de> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-BeenThere: guix-patches@gnu.org List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-patches-bounces+larch=yhetil.org@gnu.org Sender: guix-patches-bounces+larch=yhetil.org@gnu.org X-Migadu-Flow: FLOW_IN X-Migadu-Country: US X-Migadu-Spam-Score: 4.66 X-Spam-Score: 4.66 X-Migadu-Queue-Id: 88FC1108F6 X-Migadu-Scanner: mx13.migadu.com X-TUID: vBzyD43NmIm8 containerd can operate independently without relying on Docker for its configuration. * gnu/services/docker.scm (docker-configuration): Deprecate containerd field. (containerd-configuration, containerd-service-type): New variables. (docker-shepherd-service): Use containerd-configuration. Delete duplicated variable binding. Allow to configure environment variables. (docker-service-type): Delete extension with containerd-service-type. * gnu/tests/docker.scm (%docker-os, %oci-os): Add containerd service. (run-docker-test, run-docker-system-test, run-oci-container-test): Run containerd service. * doc/guix.texi (Miscellaneous Services): Document containerd-service-type. Change-Id: Ife0924e50a3e0aa2302d6592dae51ed894600004 --- doc/guix.texi | 44 +++++++++++++++++++++++++- gnu/services/docker.scm | 68 ++++++++++++++++++++++++++++------------- gnu/tests/docker.scm | 46 +++++++++++++++++++++++++++- 3 files changed, 135 insertions(+), 23 deletions(-) diff --git a/doc/guix.texi b/doc/guix.texi index 1224104038..d2ba6784de 100644 --- a/doc/guix.texi +++ b/doc/guix.texi @@ -40484,12 +40484,54 @@ Miscellaneous Services The @code{(gnu services docker)} module provides the following services. +@cindex containerd, container runtime +@defvar containerd-service-type + +This service type operates containerd +@url{https://containerd.io,containerd}, a daemon responsible for +overseeing the entire container lifecycle on its host system. This +includes image handling, storage management, container execution, +supervision, low-level storage operations, network connections, and +more. + +@end defvar + +@deftp {Data Type} containerd-configuration +This is the data type representing the configuration of containerd. + +@table @asis + +@item @code{containerd} (default: @code{containerd}) +The containerd daemon package to use. + +@item @code{debug?} (default @code{#f}) +Enable or disable debug output. + +@item @code{environment-variables} (default: @code{'()}) +List of environment variables to set for @command{containerd}. + +This must be a list of strings where each string has the form +@samp{@var{key}=@var{value}} as in this example: + +@lisp +(list "HTTP_PROXY=socks5://127.0.0.1:9150" + "HTTPS_PROXY=socks5://127.0.0.1:9150") +@end lisp + +@end table +@end deftp + @defvar docker-service-type This is the type of the service that runs @url{https://www.docker.com,Docker}, a daemon that can execute application bundles (sometimes referred to as ``containers'') in isolated environments. +The @code{containerd-service-type} service need to be added to a system +configuration, otherwise a message about not any service provides +@code{containerd} will be displayed during @code{guix system +reconfigure}. + @end defvar @deftp {Data Type} docker-configuration @@ -40504,7 +40546,7 @@ Miscellaneous Services The Docker client package to use. @item @code{containerd} (default: @var{containerd}) -The Containerd package to use. +This field is deprecated in favor of @code{containerd-service-type} service. @item @code{proxy} (default @var{docker-libnetwork-cmd-proxy}) The Docker user-land networking proxy package to use. diff --git a/gnu/services/docker.scm b/gnu/services/docker.scm index 7aff8dcc5f..a5375d1ccc 100644 --- a/gnu/services/docker.scm +++ b/gnu/services/docker.scm @@ -49,7 +49,9 @@ (define-module (gnu services docker) #:use-module (ice-9 format) #:use-module (ice-9 match) - #:export (docker-configuration + #:export (containerd-configuration + containerd-service-type + docker-configuration docker-service-type singularity-service-type oci-image @@ -95,7 +97,7 @@ (define-configuration docker-configuration "Docker client package.") (containerd (file-like containerd) - "containerd package.") + "Deprecated. Do not use.") (proxy (file-like docker-libnetwork-cmd-proxy) "The proxy package to support inter-container and outside-container @@ -117,6 +119,18 @@ (define-configuration docker-configuration "JSON configuration file to pass to dockerd") (no-serialization)) +(define-configuration containerd-configuration + (containerd + (file-like containerd) + "containerd package.") + (debug? + (boolean #f) + "Enable or disable debug output.") + (environment-variables + (list '()) + "Environment variables to set for containerd.") + (no-serialization)) + (define %docker-accounts (list (user-group (name "docker") (system? #t)))) @@ -134,24 +148,37 @@ (define (%docker-activation config) (mkdir-p #$state-dir)))) (define (containerd-shepherd-service config) - (let* ((package (docker-configuration-containerd config)) - (debug? (docker-configuration-debug? config)) - (containerd (docker-configuration-containerd config))) + (match-record config + (containerd debug? environment-variables) (shepherd-service - (documentation "containerd daemon.") - (provision '(containerd)) - (start #~(make-forkexec-constructor - (list (string-append #$package "/bin/containerd") - #$@(if debug? - '("--log-level=debug") - '())) - ;; For finding containerd-shim binary. - #:environment-variables - (list (string-append "PATH=" #$containerd "/bin")) - #:pid-file "/run/containerd/containerd.pid" - #:pid-file-timeout 300 - #:log-file "/var/log/containerd.log")) - (stop #~(make-kill-destructor))))) + (documentation "containerd daemon.") + (provision '(containerd)) + (start #~(make-forkexec-constructor + (list (string-append #$containerd "/bin/containerd") + #$@(if debug? + '("--log-level=debug") + '())) + ;; For finding containerd-shim binary. + #:environment-variables + (list #$@environment-variables + (string-append "PATH=" #$containerd "/bin")) + #:pid-file "/run/containerd/containerd.pid" + #:pid-file-timeout 300 + #:log-file "/var/log/containerd.log")) + (stop #~(make-kill-destructor))))) + +(define containerd-service-type + (service-type (name 'containerd) + (description "Run containerd container runtime.") + (extensions + (list + ;; Make sure the 'ctr' command is available. + (service-extension profile-service-type + (compose list containerd-configuration-containerd)) + (service-extension shepherd-root-service-type + (lambda (config) + (list (containerd-shepherd-service config)))))) + (default-value (containerd-configuration)))) (define (docker-shepherd-service config) (let* ((docker (docker-configuration-docker config)) @@ -208,8 +235,7 @@ (define docker-service-type %docker-activation) (service-extension shepherd-root-service-type (lambda (config) - (list (containerd-shepherd-service config) - (docker-shepherd-service config)))) + (list (docker-shepherd-service config)))) (service-extension account-service-type (const %docker-accounts)))) (default-value (docker-configuration)))) diff --git a/gnu/tests/docker.scm b/gnu/tests/docker.scm index d550136b4a..46c886580c 100644 --- a/gnu/tests/docker.scm +++ b/gnu/tests/docker.scm @@ -54,6 +54,7 @@ (define %docker-os (service dbus-root-service-type) (service polkit-service-type) (service elogind-service-type) + (service containerd-service-type) (service docker-service-type))) (define (run-docker-test docker-tarball) @@ -88,7 +89,21 @@ (define (run-docker-test docker-tarball) (test-runner-current (system-test-runner #$output)) (test-begin "docker") - (test-assert "service running" + (test-assert "containerd service running" + (marionette-eval + '(begin + (use-modules (gnu services herd)) + (match (start-service 'containerd) + (#f #f) + (('service response-parts ...) + (match (assq-ref response-parts 'running) + ((pid) (number? pid)))))) + marionette)) + + (test-assert "containerd PID file present" + (wait-for-file "/run/containerd/containerd.pid" marionette)) + + (test-assert "dockerd service running" (marionette-eval '(begin (use-modules (gnu services herd)) @@ -234,6 +249,20 @@ (define (run-docker-system-test tarball) (test-runner-current (system-test-runner #$output)) (test-begin "docker") + (test-assert "containerd service running" + (marionette-eval + '(begin + (use-modules (gnu services herd)) + (match (start-service 'containerd) + (#f #f) + (('service response-parts ...) + (match (assq-ref response-parts 'running) + ((pid) (number? pid)))))) + marionette)) + + (test-assert "containerd PID file present" + (wait-for-file "/run/containerd/containerd.pid" marionette)) + (test-assert "service running" (marionette-eval '(begin @@ -327,6 +356,7 @@ (define %oci-os (service dbus-root-service-type) (service polkit-service-type) (service elogind-service-type) + (service containerd-service-type) (service docker-service-type) (extra-special-file "/shared.txt" (plain-file "shared.txt" "hello")) @@ -384,6 +414,20 @@ (define (run-oci-container-test) (test-runner-current (system-test-runner #$output)) (test-begin "oci-container") + (test-assert "containerd service running" + (marionette-eval + '(begin + (use-modules (gnu services herd)) + (match (start-service 'containerd) + (#f #f) + (('service response-parts ...) + (match (assq-ref response-parts 'running) + ((pid) (number? pid)))))) + marionette)) + + (test-assert "containerd PID file present" + (wait-for-file "/run/containerd/containerd.pid" marionette)) + (test-assert "dockerd running" (marionette-eval '(begin base-commit: bc06affabcf68bbe93e9afee13bef8cc8c6336a2 -- 2.41.0