-
Notifications
You must be signed in to change notification settings - Fork 1.9k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add a driver for rkt #165
Add a driver for rkt #165
Conversation
achanda
commented
Sep 29, 2015
- Adds a driver for rkt
- Adds associated tests
@ryanuber ah, I was looking for something like that. Thanks for the pointer. Let me look around. |
} | ||
d.logger.Printf("[DEBUG] Started ACI: %q", name) | ||
h := &rktHandle{ | ||
proc: cmd.Process, |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Should this be acmd
? It's using the cmd
from line 92 above, where we invoke rkt trust
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks, fixed.
Thanks for the contribution! Let us know what you find out about the rkt interface Ryan mentioned |
@ryanuber @catsby I had a chat with the rkt guys. While they are working on a way to provide read only info (image etc.), there are no plans to drive rkt through an API. What makes that more difficult is that rkt does not run a daemon in the background. Kubernetes uses rkt in a similar way as this PR. I took a look at their code and noticed that they are spawning the binary in a similar way. However, their rkt package is too tightly integrated with kubernetes. |
|
||
node.Attributes["driver.rkt"] = "1" | ||
node.Attributes["driver.rkt.version"] = rktMatches[0] | ||
node.Attributes["driver.appc.version"] = appcMatches[1] |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This should probably still be nested under the driver.rkt
namespace, since appc
itself isn't the driver.
@achanda thanks for looking into the client stuff! Understood, and I think this approach is fine if that's the case. I left a few minor comments but overall looking really good! Can you also add some driver documentation in the |
@ryanuber all done. |
return false, fmt.Errorf("Unable to parse Rkt version string: %#v", rktMatches) | ||
} | ||
|
||
node.Attributes["driver.rkt"] = "1" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Missed this on the first pass, we set this to true
in the Docker driver here. I think we should keep these uniform.
Thanks! I took a final pass and just noted a few more (super) minor things. Thanks again, looks like a merge is coming soon! |
if !ok || trust_prefix == "" { | ||
return nil, fmt.Errorf("Missing trust prefix for rkt") | ||
} | ||
trust_args := []string{ |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I would remove this an inline it into the exec.Command.
} | ||
data, err := json.Marshal(pid) | ||
if err != nil { | ||
log.Printf("[ERR] failed to marshal rkt PID to JSON: %s", err) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
You will want to pass the logger from the Driver into the Handle. We support redirecting logs to files or other sources so this would break that it interface by using the default logger.
Make it skip if rkt is not installed
Run blocks
@ryanuber I changed to |
cmd.Stdout = &outBuf | ||
cmd.Stderr = &errBuf | ||
d.logger.Printf("[DEBUG] driver.rkt: starting rkt command: %q", cmd.Args) | ||
if err := cmd.Start(); err != nil { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This one should still be Run because you don't want to do rkt run before trust has finished
The trust needs to be added before anything can progress
Name: "etcd", | ||
Config: map[string]string{ | ||
"trust_prefix": "coreos.com/etcd", | ||
"name": "coreos.com/etcd:v2.0.4", |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
You will want to run something that exits to test the wait. This test just times out right now
Can you also run gofmt on all of the files. They are off a little. You can do this by running |
This overrides the default exec command in the ACI
@achanda thanks for working through this with us! We are amped to have rkt supported in Nomad. |
Thanks @ryanuber and all other reviewers :) |
@achanda: This was missed in the original review but the driver does not do resource enforcement which is part of the driver API. This poses a problem because Nomad can make no guarantee about the cpu/memory usage of the task and which ports it is using. Given your experience with |
@dadgar CPU, memory and network isolation can be definitely be achieved using |
@achanda: Awesome look forward to it. This was caught as we were reviewing for the Nomad 0.2 release. So to make the cut, this would need to be done by Monday, otherwise we could just disable for 0.2 and enable it in a latter version. Sorry for the short notice. |
@dadgar ok, let me see what I can do. |
@dadgar here is what I found, since the |
@achanda: The system-d run solution is not quite enough. That provides CPU/Memory isolation but it doesn't fix port allocations. Whatever is in the manifest is what will be used. That needs to be fixed as well. My opinion is these really should be adjustable during So we discussed it and we are going to leave the driver in for 0.2 but update the documentation to mark it as experimental. This allows the driver to be improved as changes to the rkt ecosystem occur. |
I'm going to lock this pull request because it has been closed for 120 days ⏳. This helps our maintainers find and focus on the active contributions. |