[bug#71324] [PATCH] services: containerd: Provision separately from docker service.

[bug#71324] [PATCH] services: containerd: Provision separately from docker service.

[Oleg Pykhalov]

containerd can now operate autonomously, decoupled from docker. While docker
serves as a control interface for containerd, alternative controllers like
nerdctl or kubelet offer viable options for managing containerization
processes.

Oleg Pykhalov (2):
  services: containerd: Provision separately from docker service.
  news: Add entry for ‘docker-service-type’ changes.

 doc/guix.texi           | 39 ++++++++++++++++++++++-
 etc/news.scm            | 17 +++++++++++
 gnu/services/docker.scm | 68 ++++++++++++++++++++++++++++-------------
 gnu/tests/docker.scm    | 46 +++++++++++++++++++++++++++-
 4 files changed, 147 insertions(+), 23 deletions(-)


base-commit: 6f72ad465c1e2df965e8d73b209497b4ef456527
-- 
2.41.0

[bug#71324] [PATCH] services: containerd: Provision separately from docker service.

[Oleg Pykhalov]

containerd can operate independently without relying on Docker for its
configuration.

* gnu/services/docker.scm (docker-configuration): Deprecate containerd field.
(containerd-configuration, containerd-service-type): New variables.
(docker-shepherd-service): Use containerd-configuration.  Delete duplicated
variable binding.  Allow to configure environment variables.
(docker-service-type): Delete extension with containerd-service-type.
* gnu/tests/docker.scm (%docker-os, %oci-os): Add containerd service.
(run-docker-test, run-docker-system-test, run-oci-container-test): Run
containerd service.

Change-Id: Ife0924e50a3e0aa2302d6592dae51ed894600004
---
 doc/guix.texi           | 39 ++++++++++++++++++++++-
 gnu/services/docker.scm | 68 ++++++++++++++++++++++++++++-------------
 gnu/tests/docker.scm    | 46 +++++++++++++++++++++++++++-
 3 files changed, 130 insertions(+), 23 deletions(-)

diff --git a/doc/guix.texi b/doc/guix.texi
index c1ff049f03..d210a04d3a 100644
--- a/doc/guix.texi
+++ b/doc/guix.texi
@@ -40465,6 +40465,43 @@ Miscellaneous Services
 
 The @code{(gnu services docker)} module provides the following services.
 
+@cindex containerd, container runtime
+@defvar containerd-service-type
+
+This service type operates containerd
+@url{https://containerd.io,containerd}, a daemon responsible for
+overseeing the entire container lifecycle on its host system. This
+includes image handling, storage management, container execution,
+supervision, low-level storage operations, network connections, and
+more.
+
+@end defvar
+
+@deftp {Data Type} containerd-configuration
+This is the data type representing the configuration of containerd.
+
+@table @asis
+
+@item @code{containerd} (default: @code{containerd})
+The containerd daemon package to use.
+
+@item @code{debug?} (default @code{#f})
+Enable or disable debug output.
+
+@item @code{environment-variables} (default: @code{'()})
+List of environment variables to set for @command{containerd}.
+
+This must be a list of strings where each string has the form
+@samp{@var{key}=@var{value}} as in this example:
+
+@lisp
+(list "HTTP_PROXY=socks5://127.0.0.1:9150"
+      "HTTPS_PROXY=socks5://127.0.0.1:9150")
+@end lisp
+
+@end table
+@end deftp
+
 @defvar docker-service-type
 
 This is the type of the service that runs @url{https://www.docker.com,Docker},
@@ -40485,7 +40522,7 @@ Miscellaneous Services
 The Docker client package to use.
 
 @item @code{containerd} (default: @var{containerd})
-The Containerd package to use.
+This field is deprecated in favor of @code{containerd-service-type} service.
 
 @item @code{proxy} (default @var{docker-libnetwork-cmd-proxy})
 The Docker user-land networking proxy package to use.
diff --git a/gnu/services/docker.scm b/gnu/services/docker.scm
index 7aff8dcc5f..a5375d1ccc 100644
--- a/gnu/services/docker.scm
+++ b/gnu/services/docker.scm
@@ -49,7 +49,9 @@ (define-module (gnu services docker)
   #:use-module (ice-9 format)
   #:use-module (ice-9 match)
 
-  #:export (docker-configuration
+  #:export (containerd-configuration
+            containerd-service-type
+            docker-configuration
             docker-service-type
             singularity-service-type
             oci-image
@@ -95,7 +97,7 @@ (define-configuration docker-configuration
    "Docker client package.")
   (containerd
    (file-like containerd)
-   "containerd package.")
+   "Deprecated.  Do not use.")
   (proxy
    (file-like docker-libnetwork-cmd-proxy)
    "The proxy package to support inter-container and outside-container
@@ -117,6 +119,18 @@ (define-configuration docker-configuration
    "JSON configuration file to pass to dockerd")
   (no-serialization))
 
+(define-configuration containerd-configuration
+  (containerd
+   (file-like containerd)
+   "containerd package.")
+  (debug?
+   (boolean #f)
+   "Enable or disable debug output.")
+  (environment-variables
+   (list '())
+   "Environment variables to set for containerd.")
+  (no-serialization))
+
 (define %docker-accounts
   (list (user-group (name "docker") (system? #t))))
 
@@ -134,24 +148,37 @@ (define (%docker-activation config)
         (mkdir-p #$state-dir))))
 
 (define (containerd-shepherd-service config)
-  (let* ((package (docker-configuration-containerd config))
-         (debug? (docker-configuration-debug? config))
-         (containerd (docker-configuration-containerd config)))
+  (match-record config <containerd-configuration>
+                (containerd debug? environment-variables)
     (shepherd-service
-           (documentation "containerd daemon.")
-           (provision '(containerd))
-           (start #~(make-forkexec-constructor
-                     (list (string-append #$package "/bin/containerd")
-                           #$@(if debug?
-                                  '("--log-level=debug")
-                                  '()))
-                     ;; For finding containerd-shim binary.
-                     #:environment-variables
-                     (list (string-append "PATH=" #$containerd "/bin"))
-                     #:pid-file "/run/containerd/containerd.pid"
-                     #:pid-file-timeout 300
-                     #:log-file "/var/log/containerd.log"))
-           (stop #~(make-kill-destructor)))))
+     (documentation "containerd daemon.")
+     (provision '(containerd))
+     (start #~(make-forkexec-constructor
+               (list (string-append #$containerd "/bin/containerd")
+                     #$@(if debug?
+                            '("--log-level=debug")
+                            '()))
+               ;; For finding containerd-shim binary.
+               #:environment-variables
+               (list #$@environment-variables
+                     (string-append "PATH=" #$containerd "/bin"))
+               #:pid-file "/run/containerd/containerd.pid"
+               #:pid-file-timeout 300
+               #:log-file "/var/log/containerd.log"))
+     (stop #~(make-kill-destructor)))))
+
+(define containerd-service-type
+  (service-type (name 'containerd)
+                (description "Run containerd container runtime.")
+                (extensions
+                 (list
+                  ;; Make sure the 'ctr' command is available.
+                  (service-extension profile-service-type
+                                     (compose list containerd-configuration-containerd))
+                  (service-extension shepherd-root-service-type
+                                     (lambda (config)
+                                       (list (containerd-shepherd-service config))))))
+                (default-value (containerd-configuration))))
 
 (define (docker-shepherd-service config)
   (let* ((docker (docker-configuration-docker config))
@@ -208,8 +235,7 @@ (define docker-service-type
                                      %docker-activation)
                   (service-extension shepherd-root-service-type
                                      (lambda (config)
-                                       (list (containerd-shepherd-service config)
-                                             (docker-shepherd-service config))))
+                                       (list (docker-shepherd-service config))))
                   (service-extension account-service-type
                                      (const %docker-accounts))))
                 (default-value (docker-configuration))))
diff --git a/gnu/tests/docker.scm b/gnu/tests/docker.scm
index d550136b4a..46c886580c 100644
--- a/gnu/tests/docker.scm
+++ b/gnu/tests/docker.scm
@@ -54,6 +54,7 @@ (define %docker-os
    (service dbus-root-service-type)
    (service polkit-service-type)
    (service elogind-service-type)
+   (service containerd-service-type)
    (service docker-service-type)))
 
 (define (run-docker-test docker-tarball)
@@ -88,7 +89,21 @@ (define (run-docker-test docker-tarball)
           (test-runner-current (system-test-runner #$output))
           (test-begin "docker")
 
-          (test-assert "service running"
+          (test-assert "containerd service running"
+            (marionette-eval
+             '(begin
+                (use-modules (gnu services herd))
+                (match (start-service 'containerd)
+                  (#f #f)
+                  (('service response-parts ...)
+                   (match (assq-ref response-parts 'running)
+                     ((pid) (number? pid))))))
+             marionette))
+
+          (test-assert "containerd PID file present"
+            (wait-for-file "/run/containerd/containerd.pid" marionette))
+
+          (test-assert "dockerd service running"
             (marionette-eval
              '(begin
                 (use-modules (gnu services herd))
@@ -234,6 +249,20 @@ (define (run-docker-system-test tarball)
           (test-runner-current (system-test-runner #$output))
           (test-begin "docker")
 
+          (test-assert "containerd service running"
+            (marionette-eval
+             '(begin
+                (use-modules (gnu services herd))
+                (match (start-service 'containerd)
+                  (#f #f)
+                  (('service response-parts ...)
+                   (match (assq-ref response-parts 'running)
+                     ((pid) (number? pid))))))
+             marionette))
+
+          (test-assert "containerd PID file present"
+            (wait-for-file "/run/containerd/containerd.pid" marionette))
+
           (test-assert "service running"
             (marionette-eval
              '(begin
@@ -327,6 +356,7 @@ (define %oci-os
    (service dbus-root-service-type)
    (service polkit-service-type)
    (service elogind-service-type)
+   (service containerd-service-type)
    (service docker-service-type)
    (extra-special-file "/shared.txt"
                        (plain-file "shared.txt" "hello"))
@@ -384,6 +414,20 @@ (define (run-oci-container-test)
           (test-runner-current (system-test-runner #$output))
           (test-begin "oci-container")
 
+          (test-assert "containerd service running"
+            (marionette-eval
+             '(begin
+                (use-modules (gnu services herd))
+                (match (start-service 'containerd)
+                  (#f #f)
+                  (('service response-parts ...)
+                   (match (assq-ref response-parts 'running)
+                     ((pid) (number? pid))))))
+             marionette))
+
+          (test-assert "containerd PID file present"
+            (wait-for-file "/run/containerd/containerd.pid" marionette))
+
           (test-assert "dockerd running"
             (marionette-eval
              '(begin
-- 
2.41.0

[bug#71324] [PATCH] news: Add entry for 'docker-service-type' changes.

[Oleg Pykhalov]

* etc/news.scm: Add entry.

Change-Id: I98d562d8b435b697b7c6529c5e788b5e2db9fa2a
---
 etc/news.scm | 17 +++++++++++++++++
 1 file changed, 17 insertions(+)

diff --git a/etc/news.scm b/etc/news.scm
index a511b7ffbc..3c11121161 100644
--- a/etc/news.scm
+++ b/etc/news.scm
@@ -31,6 +31,23 @@
 (channel-news
  (version 0)
 
+ (entry (commit "ba9339f59fec1cd49c8d4e9f26834883f5c1aaed")
+        (title
+         (en "The containerd service is separated from @code{docker-service-type}")
+         (ru "Сервис containerd отделен от @code{docker-service-type}"))
+        (body
+         (en "containerd service has been decoupled from the
+@code{docker-service-type}.  Moving forward, users are required to specify
+containerd settings manually for their configurations.
+
+Run @command{info \"(guix) Miscellaneous Services\"} for more info.")
+         (ru "Сервис containerd был отделен от @code{docker-service-type}.
+Впредь пользователям потребуется указывать параметры containerd вручную для
+своих конфигураций.
+
+Смотрите @command{info \"(guix) Miscellaneous Services\"} для получения более
+детальных сведений.")))
+
  (entry (commit "8d1d98a3aa3448b9d983e4bd64243a938b96e8ab")
         (title
          (en "@command{guix git authenticate} usage simplified")
-- 
2.41.0

[bug#71324] [PATCH] news: Add entry for 'docker-service-type' changes.

[pelzflorian (Florian Pelz)]

Thank you for the containerd service, Oleg.

The main patch’s commit message should contain that you changed
doc/guix.texi.

It is not clear to me, in the English news, when you write “Moving
forward, users are required to specify containerd settings manually for
their configurations”, do you really mean that only users *with manual
configurations* are required to specify containerd settings
*separately*?

Could you add this German translation:

Oleg Pykhalov <go.wigust@gmail.com> writes:
> + (entry (commit "ba9339f59fec1cd49c8d4e9f26834883f5c1aaed")
> +        (title
> +         (en "The containerd service is separated from
> @code{docker-service-type}")

(de "containerd wurde ein eigener Dienst losgelöst von @code{docker-service-type}")

> +         (ru "Сервис containerd отделен от @code{docker-service-type}"))
> +        (body
> +         (en "containerd service has been decoupled from the
> +@code{docker-service-type}.  Moving forward, users are required to specify
> +containerd settings manually for their configurations.
> +
> +Run @command{info \"(guix) Miscellaneous Services\"} for more info.")

           (de "Es gibt einen eigenen containerd-Dienst losgelöst von
@code{docker-service-type}.  In Zukunft müssen Nutzer dort manuelle
Einstellungen für containerd vornehmen.

Siehe @command{info \"(guix.de) Verschiedene Dienste\"} für genauere
Informationen.")



> +         (ru "Сервис containerd был отделен от @code{docker-service-type}.
> +Впредь пользователям потребуется указывать параметры containerd вручную для
> +своих конфигураций.
> +
> +Смотрите @command{info \"(guix) Miscellaneous Services\"} для получения более
> +детальных сведений.")))

I presume you should direct Russian readers to
@command{info \"(guix.ru) Разнообразные службы\"}

Regards,
Florian

[bug#71324] [PATCH] news: Add entry for 'docker-service-type' changes.

[Oleg Pykhalov]

[-- Attachment #1: Type: text/plain, Size: 2450 bytes --]

Hello Florian,

Thank you for the review.

"pelzflorian (Florian Pelz)" <pelzflorian@pelzflorian.de> writes:

> The main patch’s commit message should contain that you changed
> doc/guix.texi.

Ouch, missed it, thank you.

> It is not clear to me, in the English news, when you write “Moving
> forward, users are required to specify containerd settings manually for
> their configurations”, do you really mean that only users *with manual
> configurations* are required to specify containerd settings
> *separately*?

Every docker-service-type user will need to add containerd-service-type
to their system configurations, otherwise a message about not any
service provides containerd will be displayed during reconfigure.

> Could you add this German translation:
>
> Oleg Pykhalov <go.wigust@gmail.com> writes:
>> + (entry (commit "ba9339f59fec1cd49c8d4e9f26834883f5c1aaed")
>> +        (title
>> +         (en "The containerd service is separated from
>> @code{docker-service-type}")
>
> (de "containerd wurde ein eigener Dienst losgelöst von
> @code{docker-service-type}")
>
>> +         (ru "Сервис containerd отделен от @code{docker-service-type}"))
>> +        (body
>> +         (en "containerd service has been decoupled from the
>> +@code{docker-service-type}.  Moving forward, users are required to specify
>> +containerd settings manually for their configurations.
>> +
>> +Run @command{info \"(guix) Miscellaneous Services\"} for more info.")
>
>            (de "Es gibt einen eigenen containerd-Dienst losgelöst von
> @code{docker-service-type}.  In Zukunft müssen Nutzer dort manuelle
> Einstellungen für containerd vornehmen.
>
> Siehe @command{info \"(guix.de) Verschiedene Dienste\"} für genauere
> Informationen.")

Sure.

>> +         (ru "Сервис containerd был отделен от @code{docker-service-type}.
>> +Впредь пользователям потребуется указывать параметры containerd вручную для
>> +своих конфигураций.
>> +
>> +Смотрите @command{info \"(guix) Miscellaneous Services\"} для получения более
>> +детальных сведений.")))
>
> I presume you should direct Russian readers to
> @command{info \"(guix.ru) Разнообразные службы\"}

Yes, it will be definitely better, thank you.


Regards,
Oleg.

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 861 bytes --]

[bug#71324] [PATCH] news: Add entry for 'docker-service-type' changes.

[pelzflorian (Florian Pelz)]

Hello Oleg,

Oleg Pykhalov <go.wigust@gmail.com> writes:
> Every docker-service-type user will need to add containerd-service-type
> to their system configurations, otherwise a message about not any
> service provides containerd will be displayed during reconfigure.

I understand, but only now, that *every* user must make changes.  Could
you add this sentence to the news *and* to doc/guix.texi?

Regards,
Florian

[bug#71324] [PATCH 1/2] services: containerd: Provision separately from docker service.

[Oleg Pykhalov]

containerd can operate independently without relying on Docker for its
configuration.

* gnu/services/docker.scm (docker-configuration): Deprecate containerd field.
(containerd-configuration, containerd-service-type): New variables.
(docker-shepherd-service): Use containerd-configuration.  Delete duplicated
variable binding.  Allow to configure environment variables.
(docker-service-type): Delete extension with containerd-service-type.
* gnu/tests/docker.scm (%docker-os, %oci-os): Add containerd service.
(run-docker-test, run-docker-system-test, run-oci-container-test): Run
containerd service.
* doc/guix.texi (Miscellaneous Services): Document containerd-service-type.

Change-Id: Ife0924e50a3e0aa2302d6592dae51ed894600004
---
 doc/guix.texi           | 44 +++++++++++++++++++++++++-
 gnu/services/docker.scm | 68 ++++++++++++++++++++++++++++-------------
 gnu/tests/docker.scm    | 46 +++++++++++++++++++++++++++-
 3 files changed, 135 insertions(+), 23 deletions(-)

diff --git a/doc/guix.texi b/doc/guix.texi
index 1224104038..d2ba6784de 100644
--- a/doc/guix.texi
+++ b/doc/guix.texi
@@ -40484,12 +40484,54 @@ Miscellaneous Services
 
 The @code{(gnu services docker)} module provides the following services.
 
+@cindex containerd, container runtime
+@defvar containerd-service-type
+
+This service type operates containerd
+@url{https://containerd.io,containerd}, a daemon responsible for
+overseeing the entire container lifecycle on its host system. This
+includes image handling, storage management, container execution,
+supervision, low-level storage operations, network connections, and
+more.
+
+@end defvar
+
+@deftp {Data Type} containerd-configuration
+This is the data type representing the configuration of containerd.
+
+@table @asis
+
+@item @code{containerd} (default: @code{containerd})
+The containerd daemon package to use.
+
+@item @code{debug?} (default @code{#f})
+Enable or disable debug output.
+
+@item @code{environment-variables} (default: @code{'()})
+List of environment variables to set for @command{containerd}.
+
+This must be a list of strings where each string has the form
+@samp{@var{key}=@var{value}} as in this example:
+
+@lisp
+(list "HTTP_PROXY=socks5://127.0.0.1:9150"
+      "HTTPS_PROXY=socks5://127.0.0.1:9150")
+@end lisp
+
+@end table
+@end deftp
+
 @defvar docker-service-type
 
 This is the type of the service that runs @url{https://www.docker.com,Docker},
 a daemon that can execute application bundles (sometimes referred to as
 ``containers'') in isolated environments.
 
+The @code{containerd-service-type} service need to be added to a system
+configuration, otherwise a message about not any service provides
+@code{containerd} will be displayed during @code{guix system
+reconfigure}.
+
 @end defvar
 
 @deftp {Data Type} docker-configuration
@@ -40504,7 +40546,7 @@ Miscellaneous Services
 The Docker client package to use.
 
 @item @code{containerd} (default: @var{containerd})
-The Containerd package to use.
+This field is deprecated in favor of @code{containerd-service-type} service.
 
 @item @code{proxy} (default @var{docker-libnetwork-cmd-proxy})
 The Docker user-land networking proxy package to use.
diff --git a/gnu/services/docker.scm b/gnu/services/docker.scm
index 7aff8dcc5f..a5375d1ccc 100644
--- a/gnu/services/docker.scm
+++ b/gnu/services/docker.scm
@@ -49,7 +49,9 @@ (define-module (gnu services docker)
   #:use-module (ice-9 format)
   #:use-module (ice-9 match)
 
-  #:export (docker-configuration
+  #:export (containerd-configuration
+            containerd-service-type
+            docker-configuration
             docker-service-type
             singularity-service-type
             oci-image
@@ -95,7 +97,7 @@ (define-configuration docker-configuration
    "Docker client package.")
   (containerd
    (file-like containerd)
-   "containerd package.")
+   "Deprecated.  Do not use.")
   (proxy
    (file-like docker-libnetwork-cmd-proxy)
    "The proxy package to support inter-container and outside-container
@@ -117,6 +119,18 @@ (define-configuration docker-configuration
    "JSON configuration file to pass to dockerd")
   (no-serialization))
 
+(define-configuration containerd-configuration
+  (containerd
+   (file-like containerd)
+   "containerd package.")
+  (debug?
+   (boolean #f)
+   "Enable or disable debug output.")
+  (environment-variables
+   (list '())
+   "Environment variables to set for containerd.")
+  (no-serialization))
+
 (define %docker-accounts
   (list (user-group (name "docker") (system? #t))))
 
@@ -134,24 +148,37 @@ (define (%docker-activation config)
         (mkdir-p #$state-dir))))
 
 (define (containerd-shepherd-service config)
-  (let* ((package (docker-configuration-containerd config))
-         (debug? (docker-configuration-debug? config))
-         (containerd (docker-configuration-containerd config)))
+  (match-record config <containerd-configuration>
+                (containerd debug? environment-variables)
     (shepherd-service
-           (documentation "containerd daemon.")
-           (provision '(containerd))
-           (start #~(make-forkexec-constructor
-                     (list (string-append #$package "/bin/containerd")
-                           #$@(if debug?
-                                  '("--log-level=debug")
-                                  '()))
-                     ;; For finding containerd-shim binary.
-                     #:environment-variables
-                     (list (string-append "PATH=" #$containerd "/bin"))
-                     #:pid-file "/run/containerd/containerd.pid"
-                     #:pid-file-timeout 300
-                     #:log-file "/var/log/containerd.log"))
-           (stop #~(make-kill-destructor)))))
+     (documentation "containerd daemon.")
+     (provision '(containerd))
+     (start #~(make-forkexec-constructor
+               (list (string-append #$containerd "/bin/containerd")
+                     #$@(if debug?
+                            '("--log-level=debug")
+                            '()))
+               ;; For finding containerd-shim binary.
+               #:environment-variables
+               (list #$@environment-variables
+                     (string-append "PATH=" #$containerd "/bin"))
+               #:pid-file "/run/containerd/containerd.pid"
+               #:pid-file-timeout 300
+               #:log-file "/var/log/containerd.log"))
+     (stop #~(make-kill-destructor)))))
+
+(define containerd-service-type
+  (service-type (name 'containerd)
+                (description "Run containerd container runtime.")
+                (extensions
+                 (list
+                  ;; Make sure the 'ctr' command is available.
+                  (service-extension profile-service-type
+                                     (compose list containerd-configuration-containerd))
+                  (service-extension shepherd-root-service-type
+                                     (lambda (config)
+                                       (list (containerd-shepherd-service config))))))
+                (default-value (containerd-configuration))))
 
 (define (docker-shepherd-service config)
   (let* ((docker (docker-configuration-docker config))
@@ -208,8 +235,7 @@ (define docker-service-type
                                      %docker-activation)
                   (service-extension shepherd-root-service-type
                                      (lambda (config)
-                                       (list (containerd-shepherd-service config)
-                                             (docker-shepherd-service config))))
+                                       (list (docker-shepherd-service config))))
                   (service-extension account-service-type
                                      (const %docker-accounts))))
                 (default-value (docker-configuration))))
diff --git a/gnu/tests/docker.scm b/gnu/tests/docker.scm
index d550136b4a..46c886580c 100644
--- a/gnu/tests/docker.scm
+++ b/gnu/tests/docker.scm
@@ -54,6 +54,7 @@ (define %docker-os
    (service dbus-root-service-type)
    (service polkit-service-type)
    (service elogind-service-type)
+   (service containerd-service-type)
    (service docker-service-type)))
 
 (define (run-docker-test docker-tarball)
@@ -88,7 +89,21 @@ (define (run-docker-test docker-tarball)
           (test-runner-current (system-test-runner #$output))
           (test-begin "docker")
 
-          (test-assert "service running"
+          (test-assert "containerd service running"
+            (marionette-eval
+             '(begin
+                (use-modules (gnu services herd))
+                (match (start-service 'containerd)
+                  (#f #f)
+                  (('service response-parts ...)
+                   (match (assq-ref response-parts 'running)
+                     ((pid) (number? pid))))))
+             marionette))
+
+          (test-assert "containerd PID file present"
+            (wait-for-file "/run/containerd/containerd.pid" marionette))
+
+          (test-assert "dockerd service running"
             (marionette-eval
              '(begin
                 (use-modules (gnu services herd))
@@ -234,6 +249,20 @@ (define (run-docker-system-test tarball)
           (test-runner-current (system-test-runner #$output))
           (test-begin "docker")
 
+          (test-assert "containerd service running"
+            (marionette-eval
+             '(begin
+                (use-modules (gnu services herd))
+                (match (start-service 'containerd)
+                  (#f #f)
+                  (('service response-parts ...)
+                   (match (assq-ref response-parts 'running)
+                     ((pid) (number? pid))))))
+             marionette))
+
+          (test-assert "containerd PID file present"
+            (wait-for-file "/run/containerd/containerd.pid" marionette))
+
           (test-assert "service running"
             (marionette-eval
              '(begin
@@ -327,6 +356,7 @@ (define %oci-os
    (service dbus-root-service-type)
    (service polkit-service-type)
    (service elogind-service-type)
+   (service containerd-service-type)
    (service docker-service-type)
    (extra-special-file "/shared.txt"
                        (plain-file "shared.txt" "hello"))
@@ -384,6 +414,20 @@ (define (run-oci-container-test)
           (test-runner-current (system-test-runner #$output))
           (test-begin "oci-container")
 
+          (test-assert "containerd service running"
+            (marionette-eval
+             '(begin
+                (use-modules (gnu services herd))
+                (match (start-service 'containerd)
+                  (#f #f)
+                  (('service response-parts ...)
+                   (match (assq-ref response-parts 'running)
+                     ((pid) (number? pid))))))
+             marionette))
+
+          (test-assert "containerd PID file present"
+            (wait-for-file "/run/containerd/containerd.pid" marionette))
+
           (test-assert "dockerd running"
             (marionette-eval
              '(begin

base-commit: bc06affabcf68bbe93e9afee13bef8cc8c6336a2
-- 
2.41.0

[bug#71324] [PATCH 2/2] news: Add entry for 'docker-service-type' changes.

[Oleg Pykhalov]

* etc/news.scm: Add entry.

Change-Id: I98d562d8b435b697b7c6529c5e788b5e2db9fa2a
---
 etc/news.scm | 29 +++++++++++++++++++++++++++++
 1 file changed, 29 insertions(+)

diff --git a/etc/news.scm b/etc/news.scm
index a511b7ffbc..29bf8a1909 100644
--- a/etc/news.scm
+++ b/etc/news.scm
@@ -31,6 +31,35 @@
 (channel-news
  (version 0)
 
+ (entry (commit "22d45fa8e5f64e42b509141c3579a0c1626a5fcf")
+        (title
+         (en "The containerd service is separated from @code{docker-service-type}")
+         (ru "Сервис containerd отделен от @code{docker-service-type}"))
+        (body
+         (en "containerd service has been decoupled from the
+@code{docker-service-type}.  Moving forward, users are required to specify
+containerd settings manually for their configurations.  The
+@code{containerd-service-type} service need to be added to a system
+configuration, otherwise a message about not any service provides
+@code{containerd} will be displayed during @code{guix system reconfigure}.
+
+Run @command{info \"(guix) Miscellaneous Services\"} for more info.")
+         (ru "Сервис containerd был отделен от @code{docker-service-type}.
+Впредь пользователям потребуется указывать параметры containerd вручную для
+своих конфигураций.  Сервис @code{containerd-service-type} должен быть
+добавлен в конфигурацию системы, в противном случае будет отображено сообщение
+о том, что ни один сервис не предоставляет поддержку для @code{containerd} во
+время выполнения команды @code{guix system reconfigure}.
+
+Смотрите @command{info \"(guix.ru) Разнообразные службы\"} для получения более
+детальных сведений.")
+         (de "Es gibt einen eigenen containerd-Dienst losgelöst von
+@code{docker-service-type}.  In Zukunft müssen Nutzer dort manuelle
+Einstellungen für containerd vornehmen.
+
+Siehe @command{info \"(guix.de) Verschiedene Dienste\"} für genauere
+Informationen.")))
+
  (entry (commit "8d1d98a3aa3448b9d983e4bd64243a938b96e8ab")
         (title
          (en "@command{guix git authenticate} usage simplified")
-- 
2.41.0

[bug#71324] [PATCH 2/2] news: Add entry for 'docker-service-type' changes.

[pelzflorian (Florian Pelz)]

Thank you for making the changes.  Could you similarly augment the
German translation in this way:

         (de "Es gibt einen eigenen containerd-Dienst losgelöst von
@code{docker-service-type}.  In Zukunft müssen Nutzer dort manuelle
Einstellungen für containerd vornehmen.  Der Dienst
@code{containerd-service-type} muss zur Systemkonfiguration hinzugefügt
werden, sonst wird durch @code{guix system reconfigure} eine Meldung
gezeigt, dass kein Dienst @code{containerd} zur Verfügung stellt.

Siehe @command{info \"(guix.de) Verschiedene Dienste\"} für genauere
Informationen.")))

Regards,
Florian

[bug#71324] [PATCH] news: Add entry for 'docker-service-type' changes.

[Carlo Zancanaro]

On Mon, Jun 03 2024, Oleg Pykhalov wrote:
> Every docker-service-type user will need to add containerd-service-type
> to their system configurations, otherwise a message about not any
> service provides containerd will be displayed during reconfigure.

Is this necessary? If I understand correctly, the docker service has a
hard dependency on containerd, so having to specify it every time is
unnecessary boilerplate. Could we add an extension for containerd that
does nothing, but which the docker service can use just to request its
inclusion? Something like:

--8<---------------cut here---------------start------------->8---
(define containerd-service-type
  (service-type (name 'containerd)
                (description ...)
                (extensions ...)
                ;; Declare an extension point, so containerd can be requested
                ;; by other services without affecting its configuration.
                (compose (const #t))
                (extend (lambda (config _) config))
                (default-value (containerd-configuration))))

(define docker-service-type
  (service-type ...
                (extensions
                 ...
                 (service-extension containerd-service-type (const #t)))))
--8<---------------cut here---------------end--------------->8---

That way users could instantiate containerd themselves if they need some
particular configuration, but if not it would be pulled in automatically
by the docker service. Hopefully this would cause less of an issue for
existing configs that don't use a custom containerd (like mine).

We could even, for backwards compatibility, allow the docker service
type to pass through the containerd package from its old configuration
(while printing a warning). This could make it possible to separate
containerd from docker without breaking any existing configurations.

Carlo

[bug#71324] [PATCH] news: Add entry for 'docker-service-type' changes.

[Oleg Pykhalov]

[-- Attachment #1: Type: text/plain, Size: 2481 bytes --]

Hello Carlo,

Thank you for your thoughtful review and valuable suggestions.

Carlo Zancanaro <carlo@zancanaro.id.au> writes:

> On Mon, Jun 03 2024, Oleg Pykhalov wrote:
>> Every docker-service-type user will need to add containerd-service-type
>> to their system configurations, otherwise a message about not any
>> service provides containerd will be displayed during reconfigure.
>
> Is this necessary? If I understand correctly, the docker service has a
> hard dependency on containerd, so having to specify it every time is
> unnecessary boilerplate. Could we add an extension for containerd that
> does nothing, but which the docker service can use just to request its
> inclusion? Something like:

Technically, Docker relies on a container runtime, not specifically
limited to containerd. While containerd is a popular choice, there are
alternative runtime options available as well.

> (define containerd-service-type
>   (service-type (name 'containerd)
>                 (description ...)
>                 (extensions ...)
>                 ;; Declare an extension point, so containerd can be requested
>                 ;; by other services without affecting its configuration.
>                 (compose (const #t))
>                 (extend (lambda (config _) config))
>                 (default-value (containerd-configuration))))
>
> (define docker-service-type
>   (service-type ...
>                 (extensions
>                  ...
>                  (service-extension containerd-service-type (const #t)))))
>
> That way users could instantiate containerd themselves if they need some
> particular configuration, but if not it would be pulled in automatically
> by the docker service. Hopefully this would cause less of an issue for
> existing configs that don't use a custom containerd (like mine).

Will this mechanism support the use of different container runtimes?

> We could even, for backwards compatibility, allow the docker service
> type to pass through the containerd package from its old configuration
> (while printing a warning). This could make it possible to separate
> containerd from docker without breaking any existing configurations.

If I understand correctly, could we potentially prevent users from
needing to provide the containerd-service-type and instead issue a
warning that they will need to provide it in the future? I believe this
would be a great solution, but I couldn't locate it while writing this
patch.


Regards,
Oleg.

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 861 bytes --]

[bug#71324] [PATCH] news: Add entry for 'docker-service-type' changes.

[Carlo Zancanaro]

HI Oleg,

On Tue, Jun 04 2024, Oleg Pykhalov wrote:
> Technically, Docker relies on a container runtime, not specifically
> limited to containerd. While containerd is a popular choice, there are
> alternative runtime options available as well.

Ah, okay. That complicates things if we want to support multiple
options. I misunderstood the situation.

> Will this mechanism support the use of different container runtimes?

No, unfortunately I don't think it would. The extensions are a static
property of the service type, so the request to create a containerd
service can't be turned on/off based on the configuration. You could
make the containerd configuration have a "do nothing" configuration by
default, but then that's confusing for using containerd directly.

To manage multiple container runtimes we could add additional docker
service types, with names like containerd-docker-service-type. That
might be a pain to maintain, depending on how many container runtimes
there are.

I have thought for a while now that would be nice to have a way for a
service extension to return a "disregard this extension" value. This
would allow us to have extensions that are turned on/off by config.
Unfortunately, it doesn't seem straightforward to do given the way
things are currently implemented.

> If I understand correctly, could we potentially prevent users from
> needing to provide the containerd-service-type and instead issue a
> warning that they will need to provide it in the future? I believe this
> would be a great solution, but I couldn't locate it while writing this
> patch.

I can't think of a way to warn the user if they haven't provided a
containerd service, but to create one anyway. The only way I could think
to do it would be to force them to provide an explicit configuration, so
we can detect that the service was not created with the default
configuration (i.e. by the docker service). That's not ideal.

Carlo