[PATCH] services: containerd: Provision separately from docker service.

  • Open
  • quality assurance status badge
Details
3 participants
  • Carlo Zancanaro
  • Oleg Pykhalov
  • pelzflorian (Florian Pelz)
Owner
unassigned
Submitted by
Oleg Pykhalov
Severity
normal
O
O
Oleg Pykhalov wrote on 2 Jun 15:04 +0200
(address . guix-patches@gnu.org)(name . Oleg Pykhalov)(address . go.wigust@gmail.com)
cover.1717333221.git.go.wigust@gmail.com
containerd can now operate autonomously, decoupled from docker. While docker
serves as a control interface for containerd, alternative controllers like
nerdctl or kubelet offer viable options for managing containerization
processes.

Oleg Pykhalov (2):
services: containerd: Provision separately from docker service.
news: Add entry for ‘docker-service-type’ changes.

doc/guix.texi | 39 ++++++++++++++++++++++-
etc/news.scm | 17 +++++++++++
gnu/services/docker.scm | 68 ++++++++++++++++++++++++++++-------------
gnu/tests/docker.scm | 46 +++++++++++++++++++++++++++-
4 files changed, 147 insertions(+), 23 deletions(-)


base-commit: 6f72ad465c1e2df965e8d73b209497b4ef456527
--
2.41.0
O
O
Oleg Pykhalov wrote on 2 Jun 15:15 +0200
(address . 71324@debbugs.gnu.org)(name . Oleg Pykhalov)(address . go.wigust@gmail.com)
ba9339f59fec1cd49c8d4e9f26834883f5c1aaed.1717333221.git.go.wigust@gmail.com
containerd can operate independently without relying on Docker for its
configuration.

* gnu/services/docker.scm (docker-configuration): Deprecate containerd field.
(containerd-configuration, containerd-service-type): New variables.
(docker-shepherd-service): Use containerd-configuration. Delete duplicated
variable binding. Allow to configure environment variables.
(docker-service-type): Delete extension with containerd-service-type.
* gnu/tests/docker.scm (%docker-os, %oci-os): Add containerd service.
(run-docker-test, run-docker-system-test, run-oci-container-test): Run
containerd service.

Change-Id: Ife0924e50a3e0aa2302d6592dae51ed894600004
---
doc/guix.texi | 39 ++++++++++++++++++++++-
gnu/services/docker.scm | 68 ++++++++++++++++++++++++++++-------------
gnu/tests/docker.scm | 46 +++++++++++++++++++++++++++-
3 files changed, 130 insertions(+), 23 deletions(-)

Toggle diff (252 lines)
diff --git a/doc/guix.texi b/doc/guix.texi
index c1ff049f03..d210a04d3a 100644
--- a/doc/guix.texi
+++ b/doc/guix.texi
@@ -40465,6 +40465,43 @@ Miscellaneous Services
The @code{(gnu services docker)} module provides the following services.
+@cindex containerd, container runtime
+@defvar containerd-service-type
+
+This service type operates containerd
+@url{https://containerd.io,containerd}, a daemon responsible for
+overseeing the entire container lifecycle on its host system. This
+includes image handling, storage management, container execution,
+supervision, low-level storage operations, network connections, and
+more.
+
+@end defvar
+
+@deftp {Data Type} containerd-configuration
+This is the data type representing the configuration of containerd.
+
+@table @asis
+
+@item @code{containerd} (default: @code{containerd})
+The containerd daemon package to use.
+
+@item @code{debug?} (default @code{#f})
+Enable or disable debug output.
+
+@item @code{environment-variables} (default: @code{'()})
+List of environment variables to set for @command{containerd}.
+
+This must be a list of strings where each string has the form
+@samp{@var{key}=@var{value}} as in this example:
+
+@lisp
+(list "HTTP_PROXY=socks5://127.0.0.1:9150"
+ "HTTPS_PROXY=socks5://127.0.0.1:9150")
+@end lisp
+
+@end table
+@end deftp
+
@defvar docker-service-type
This is the type of the service that runs @url{https://www.docker.com,Docker},
@@ -40485,7 +40522,7 @@ Miscellaneous Services
The Docker client package to use.
@item @code{containerd} (default: @var{containerd})
-The Containerd package to use.
+This field is deprecated in favor of @code{containerd-service-type} service.
@item @code{proxy} (default @var{docker-libnetwork-cmd-proxy})
The Docker user-land networking proxy package to use.
diff --git a/gnu/services/docker.scm b/gnu/services/docker.scm
index 7aff8dcc5f..a5375d1ccc 100644
--- a/gnu/services/docker.scm
+++ b/gnu/services/docker.scm
@@ -49,7 +49,9 @@ (define-module (gnu services docker)
#:use-module (ice-9 format)
#:use-module (ice-9 match)
- #:export (docker-configuration
+ #:export (containerd-configuration
+ containerd-service-type
+ docker-configuration
docker-service-type
singularity-service-type
oci-image
@@ -95,7 +97,7 @@ (define-configuration docker-configuration
"Docker client package.")
(containerd
(file-like containerd)
- "containerd package.")
+ "Deprecated. Do not use.")
(proxy
(file-like docker-libnetwork-cmd-proxy)
"The proxy package to support inter-container and outside-container
@@ -117,6 +119,18 @@ (define-configuration docker-configuration
"JSON configuration file to pass to dockerd")
(no-serialization))
+(define-configuration containerd-configuration
+ (containerd
+ (file-like containerd)
+ "containerd package.")
+ (debug?
+ (boolean #f)
+ "Enable or disable debug output.")
+ (environment-variables
+ (list '())
+ "Environment variables to set for containerd.")
+ (no-serialization))
+
(define %docker-accounts
(list (user-group (name "docker") (system? #t))))
@@ -134,24 +148,37 @@ (define (%docker-activation config)
(mkdir-p #$state-dir))))
(define (containerd-shepherd-service config)
- (let* ((package (docker-configuration-containerd config))
- (debug? (docker-configuration-debug? config))
- (containerd (docker-configuration-containerd config)))
+ (match-record config <containerd-configuration>
+ (containerd debug? environment-variables)
(shepherd-service
- (documentation "containerd daemon.")
- (provision '(containerd))
- (start #~(make-forkexec-constructor
- (list (string-append #$package "/bin/containerd")
- #$@(if debug?
- '("--log-level=debug")
- '()))
- ;; For finding containerd-shim binary.
- #:environment-variables
- (list (string-append "PATH=" #$containerd "/bin"))
- #:pid-file "/run/containerd/containerd.pid"
- #:pid-file-timeout 300
- #:log-file "/var/log/containerd.log"))
- (stop #~(make-kill-destructor)))))
+ (documentation "containerd daemon.")
+ (provision '(containerd))
+ (start #~(make-forkexec-constructor
+ (list (string-append #$containerd "/bin/containerd")
+ #$@(if debug?
+ '("--log-level=debug")
+ '()))
+ ;; For finding containerd-shim binary.
+ #:environment-variables
+ (list #$@environment-variables
+ (string-append "PATH=" #$containerd "/bin"))
+ #:pid-file "/run/containerd/containerd.pid"
+ #:pid-file-timeout 300
+ #:log-file "/var/log/containerd.log"))
+ (stop #~(make-kill-destructor)))))
+
+(define containerd-service-type
+ (service-type (name 'containerd)
+ (description "Run containerd container runtime.")
+ (extensions
+ (list
+ ;; Make sure the 'ctr' command is available.
+ (service-extension profile-service-type
+ (compose list containerd-configuration-containerd))
+ (service-extension shepherd-root-service-type
+ (lambda (config)
+ (list (containerd-shepherd-service config))))))
+ (default-value (containerd-configuration))))
(define (docker-shepherd-service config)
(let* ((docker (docker-configuration-docker config))
@@ -208,8 +235,7 @@ (define docker-service-type
%docker-activation)
(service-extension shepherd-root-service-type
(lambda (config)
- (list (containerd-shepherd-service config)
- (docker-shepherd-service config))))
+ (list (docker-shepherd-service config))))
(service-extension account-service-type
(const %docker-accounts))))
(default-value (docker-configuration))))
diff --git a/gnu/tests/docker.scm b/gnu/tests/docker.scm
index d550136b4a..46c886580c 100644
--- a/gnu/tests/docker.scm
+++ b/gnu/tests/docker.scm
@@ -54,6 +54,7 @@ (define %docker-os
(service dbus-root-service-type)
(service polkit-service-type)
(service elogind-service-type)
+ (service containerd-service-type)
(service docker-service-type)))
(define (run-docker-test docker-tarball)
@@ -88,7 +89,21 @@ (define (run-docker-test docker-tarball)
(test-runner-current (system-test-runner #$output))
(test-begin "docker")
- (test-assert "service running"
+ (test-assert "containerd service running"
+ (marionette-eval
+ '(begin
+ (use-modules (gnu services herd))
+ (match (start-service 'containerd)
+ (#f #f)
+ (('service response-parts ...)
+ (match (assq-ref response-parts 'running)
+ ((pid) (number? pid))))))
+ marionette))
+
+ (test-assert "containerd PID file present"
+ (wait-for-file "/run/containerd/containerd.pid" marionette))
+
+ (test-assert "dockerd service running"
(marionette-eval
'(begin
(use-modules (gnu services herd))
@@ -234,6 +249,20 @@ (define (run-docker-system-test tarball)
(test-runner-current (system-test-runner #$output))
(test-begin "docker")
+ (test-assert "containerd service running"
+ (marionette-eval
+ '(begin
+ (use-modules (gnu services herd))
+ (match (start-service 'containerd)
+ (#f #f)
+ (('service response-parts ...)
+ (match (assq-ref response-parts 'running)
+ ((pid) (number? pid))))))
+ marionette))
+
+ (test-assert "containerd PID file present"
+ (wait-for-file "/run/containerd/containerd.pid" marionette))
+
(test-assert "service running"
(marionette-eval
'(begin
@@ -327,6 +356,7 @@ (define %oci-os
(service dbus-root-service-type)
(service polkit-service-type)
(service elogind-service-type)
+ (service containerd-service-type)
(service docker-service-type)
(extra-special-file "/shared.txt"
(plain-file "shared.txt" "hello"))
@@ -384,6 +414,20 @@ (define (run-oci-container-test)
(test-runner-current (system-test-runner #$output))
(test-begin "oci-container")
+ (test-assert "containerd service running"
+ (marionette-eval
+ '(begin
+ (use-modules (gnu services herd))
+ (match (start-service 'containerd)
+ (#f #f)
+ (('service response-parts ...)
+ (match (assq-ref response-parts 'running)
+ ((pid) (number? pid))))))
+ marionette))
+
+ (test-assert "containerd PID file present"
+ (wait-for-file "/run/containerd/containerd.pid" marionette))
+
(test-assert "dockerd running"
(marionette-eval
'(begin
--
2.41.0
O
O
Oleg Pykhalov wrote on 2 Jun 15:17 +0200
[PATCH] news: Add entry for 'docker-service-type' changes.
(address . 71324@debbugs.gnu.org)(name . Oleg Pykhalov)(address . go.wigust@gmail.com)
0ec66ae6dac10ef005782e8a1e9245b57e10d9d4.1717334243.git.go.wigust@gmail.com
* etc/news.scm: Add entry.

Change-Id: I98d562d8b435b697b7c6529c5e788b5e2db9fa2a
---
etc/news.scm | 17 +++++++++++++++++
1 file changed, 17 insertions(+)

Toggle diff (30 lines)
diff --git a/etc/news.scm b/etc/news.scm
index a511b7ffbc..3c11121161 100644
--- a/etc/news.scm
+++ b/etc/news.scm
@@ -31,6 +31,23 @@
(channel-news
(version 0)
+ (entry (commit "ba9339f59fec1cd49c8d4e9f26834883f5c1aaed")
+ (title
+ (en "The containerd service is separated from @code{docker-service-type}")
+ (ru "?????? containerd ??????? ?? @code{docker-service-type}"))
+ (body
+ (en "containerd service has been decoupled from the
+@code{docker-service-type}. Moving forward, users are required to specify
+containerd settings manually for their configurations.
+
+Run @command{info \"(guix) Miscellaneous Services\"} for more info.")
+ (ru "?????? containerd ??? ??????? ?? @code{docker-service-type}.
+?????? ????????????? ??????????? ????????? ????????? containerd ??????? ???
+????? ????????????.
+
+???????? @command{info \"(guix) Miscellaneous Services\"} ??? ????????? ?????
+????????? ????????.")))
+
(entry (commit "8d1d98a3aa3448b9d983e4bd64243a938b96e8ab")
(title
(en "@command{guix git authenticate} usage simplified")
--
2.41.0
P
P
pelzflorian (Florian Pelz) wrote on 3 Jun 11:30 +0200
(name . Oleg Pykhalov)(address . go.wigust@gmail.com)
87wmn6cr1i.fsf@pelzflorian.de
Thank you for the containerd service, Oleg.
The main patch’s commit message should contain that you changed
doc/guix.texi.
It is not clear to me, in the English news, when you write “Moving
forward, users are required to specify containerd settings manually for
their configurations”, do you really mean that only users *with manual
configurations* are required to specify containerd settings
*separately*?
Could you add this German translation:
Oleg Pykhalov <go.wigust@gmail.com> writes:
Toggle quote (4 lines)
> + (entry (commit "ba9339f59fec1cd49c8d4e9f26834883f5c1aaed")
> + (title
> + (en "The containerd service is separated from
> @code{docker-service-type}")
(de "containerd wurde ein eigener Dienst losgelöst von @code{docker-service-type}")
Toggle quote (7 lines)
> + (ru "?????? containerd ??????? ?? @code{docker-service-type}"))
> + (body
> + (en "containerd service has been decoupled from the
> +@code{docker-service-type}. Moving forward, users are required to specify
> +containerd settings manually for their configurations.
> +
> +Run @command{info \"(guix) Miscellaneous Services\"} for more info.")
(de "Es gibt einen eigenen containerd-Dienst losgelöst von
@code{docker-service-type}. In Zukunft müssen Nutzer dort manuelle
Einstellungen für containerd vornehmen.
Siehe @command{info \"(guix.de) Verschiedene Dienste\"} für genauere
Informationen.")
Toggle quote (6 lines)
> + (ru "?????? containerd ??? ??????? ?? @code{docker-service-type}.
> +?????? ????????????? ??????????? ????????? ????????? containerd ??????? ???
> +????? ????????????.
> +
> +???????? @command{info \"(guix) Miscellaneous Services\"} ??? ????????? ?????
> +????????? ????????.")))
I presume you should direct Russian readers to
@command{info \"(guix.ru) ????????????? ??????\"}
Regards,
Florian
O
O
Oleg Pykhalov wrote on 3 Jun 16:47 +0200
(name . pelzflorian (Florian Pelz))(address . pelzflorian@pelzflorian.de)
87y17mjd6j.fsf@gmail.com
Hello Florian,

Thank you for the review.

"pelzflorian (Florian Pelz)" <pelzflorian@pelzflorian.de> writes:

Toggle quote (3 lines)
> The main patch’s commit message should contain that you changed
> doc/guix.texi.

Ouch, missed it, thank you.

Toggle quote (6 lines)
> It is not clear to me, in the English news, when you write “Moving
> forward, users are required to specify containerd settings manually for
> their configurations”, do you really mean that only users *with manual
> configurations* are required to specify containerd settings
> *separately*?

Every docker-service-type user will need to add containerd-service-type
to their system configurations, otherwise a message about not any
service provides containerd will be displayed during reconfigure.

Toggle quote (26 lines)
> Could you add this German translation:
>
> Oleg Pykhalov <go.wigust@gmail.com> writes:
>> + (entry (commit "ba9339f59fec1cd49c8d4e9f26834883f5c1aaed")
>> + (title
>> + (en "The containerd service is separated from
>> @code{docker-service-type}")
>
> (de "containerd wurde ein eigener Dienst losgelöst von
> @code{docker-service-type}")
>
>> + (ru "?????? containerd ??????? ?? @code{docker-service-type}"))
>> + (body
>> + (en "containerd service has been decoupled from the
>> +@code{docker-service-type}. Moving forward, users are required to specify
>> +containerd settings manually for their configurations.
>> +
>> +Run @command{info \"(guix) Miscellaneous Services\"} for more info.")
>
> (de "Es gibt einen eigenen containerd-Dienst losgelöst von
> @code{docker-service-type}. In Zukunft müssen Nutzer dort manuelle
> Einstellungen für containerd vornehmen.
>
> Siehe @command{info \"(guix.de) Verschiedene Dienste\"} für genauere
> Informationen.")

Sure.

Toggle quote (10 lines)
>> + (ru "?????? containerd ??? ??????? ?? @code{docker-service-type}.
>> +?????? ????????????? ??????????? ????????? ????????? containerd ??????? ???
>> +????? ????????????.
>> +
>> +???????? @command{info \"(guix) Miscellaneous Services\"} ??? ????????? ?????
>> +????????? ????????.")))
>
> I presume you should direct Russian readers to
> @command{info \"(guix.ru) ????????????? ??????\"}

Yes, it will be definitely better, thank you.


Regards,
Oleg.
-----BEGIN PGP SIGNATURE-----

iQJIBAEBCgAyFiEEcjhxI46s62NFSFhXFn+OpQAa+pwFAmZd14QUHGdvLndpZ3Vz
dEBnbWFpbC5jb20ACgkQFn+OpQAa+pxDeQ//cNeopKCGusNXmxGFyK7zrKW4gbl0
xZqU2yiw4NXenG4I90cdUpoiaUKJkGnRbu+MmNBkZQOAA7AFnHjpIm6J73phIXRJ
Y2AFaZWJ+aze5lJKGbgBqwAjzP7V8wkIhdJrVOam5F9P2MLkRSYVz+X9CXxkiEeK
+8ICSKSqjgOjW4KtOrdNv19Z1Ti/OcNT/xThesLm5kyAT6zINoe5YLu60lDNeD/4
hMoNtnFBCkzQ+ZPs1wf7CkNiWWZLMm7vYmfDegY1OaH3D1Xtudf0ABLvJQ9OsW4f
2RyKlWXbihSk6fS2AqkkTkU5ugVfvPwyV3nzdxup4dw2KOD16d7RXO5vlnLo1Uc9
UDd+UzpeCGL96/M3n9wwTIKsfFiroGpZABFUa+Q/S0XvHSUXhQjHVu1AQvi0aFJY
n84Hpp6vYXzXqrJsB8NEBv20O+Y6fZrwwR+fCDdBno7SPGu2WmrLbijULjuQJT84
DzT1QpXLAGIkY/WEDLdoWsbMJOUmo7+3UNrlqsJPf9WOBln/hvSIgcfGJHhDa/4o
Ez4arg+ipSxzokHyBzoVoYbq11xZI3Xn1d8iNZZfJDrwLuj6TUJQvvBJ4PZcGtCK
ECfonYOh0yzMaeAJBx6CQifo/IPb+8/oFLMaRuVswMvExcKxPXSDZNyAJ8Ut4Gmr
BGTK0hTVu2WT36A=
=uZ9o
-----END PGP SIGNATURE-----

P
P
pelzflorian (Florian Pelz) wrote on 3 Jun 17:17 +0200
(name . Oleg Pykhalov)(address . go.wigust@gmail.com)
87r0de3vkh.fsf@pelzflorian.de
Hello Oleg,

Oleg Pykhalov <go.wigust@gmail.com> writes:
Toggle quote (4 lines)
> Every docker-service-type user will need to add containerd-service-type
> to their system configurations, otherwise a message about not any
> service provides containerd will be displayed during reconfigure.

I understand, but only now, that *every* user must make changes. Could
you add this sentence to the news *and* to doc/guix.texi?

Regards,
Florian
O
O
Oleg Pykhalov wrote on 4 Jun 00:30 +0200
[PATCH 1/2] services: containerd: Provision separately from docker service.
(address . 71324@debbugs.gnu.org)(name . Oleg Pykhalov)(address . go.wigust@gmail.com)
22d45fa8e5f64e42b509141c3579a0c1626a5fcf.1717453849.git.go.wigust@gmail.com
containerd can operate independently without relying on Docker for its
configuration.

* gnu/services/docker.scm (docker-configuration): Deprecate containerd field.
(containerd-configuration, containerd-service-type): New variables.
(docker-shepherd-service): Use containerd-configuration. Delete duplicated
variable binding. Allow to configure environment variables.
(docker-service-type): Delete extension with containerd-service-type.
* gnu/tests/docker.scm (%docker-os, %oci-os): Add containerd service.
(run-docker-test, run-docker-system-test, run-oci-container-test): Run
containerd service.
* doc/guix.texi (Miscellaneous Services): Document containerd-service-type.

Change-Id: Ife0924e50a3e0aa2302d6592dae51ed894600004
---
doc/guix.texi | 44 +++++++++++++++++++++++++-
gnu/services/docker.scm | 68 ++++++++++++++++++++++++++++-------------
gnu/tests/docker.scm | 46 +++++++++++++++++++++++++++-
3 files changed, 135 insertions(+), 23 deletions(-)

Toggle diff (265 lines)
diff --git a/doc/guix.texi b/doc/guix.texi
index 1224104038..d2ba6784de 100644
--- a/doc/guix.texi
+++ b/doc/guix.texi
@@ -40484,12 +40484,54 @@ Miscellaneous Services
The @code{(gnu services docker)} module provides the following services.
+@cindex containerd, container runtime
+@defvar containerd-service-type
+
+This service type operates containerd
+@url{https://containerd.io,containerd}, a daemon responsible for
+overseeing the entire container lifecycle on its host system. This
+includes image handling, storage management, container execution,
+supervision, low-level storage operations, network connections, and
+more.
+
+@end defvar
+
+@deftp {Data Type} containerd-configuration
+This is the data type representing the configuration of containerd.
+
+@table @asis
+
+@item @code{containerd} (default: @code{containerd})
+The containerd daemon package to use.
+
+@item @code{debug?} (default @code{#f})
+Enable or disable debug output.
+
+@item @code{environment-variables} (default: @code{'()})
+List of environment variables to set for @command{containerd}.
+
+This must be a list of strings where each string has the form
+@samp{@var{key}=@var{value}} as in this example:
+
+@lisp
+(list "HTTP_PROXY=socks5://127.0.0.1:9150"
+ "HTTPS_PROXY=socks5://127.0.0.1:9150")
+@end lisp
+
+@end table
+@end deftp
+
@defvar docker-service-type
This is the type of the service that runs @url{https://www.docker.com,Docker},
a daemon that can execute application bundles (sometimes referred to as
``containers'') in isolated environments.
+The @code{containerd-service-type} service need to be added to a system
+configuration, otherwise a message about not any service provides
+@code{containerd} will be displayed during @code{guix system
+reconfigure}.
+
@end defvar
@deftp {Data Type} docker-configuration
@@ -40504,7 +40546,7 @@ Miscellaneous Services
The Docker client package to use.
@item @code{containerd} (default: @var{containerd})
-The Containerd package to use.
+This field is deprecated in favor of @code{containerd-service-type} service.
@item @code{proxy} (default @var{docker-libnetwork-cmd-proxy})
The Docker user-land networking proxy package to use.
diff --git a/gnu/services/docker.scm b/gnu/services/docker.scm
index 7aff8dcc5f..a5375d1ccc 100644
--- a/gnu/services/docker.scm
+++ b/gnu/services/docker.scm
@@ -49,7 +49,9 @@ (define-module (gnu services docker)
#:use-module (ice-9 format)
#:use-module (ice-9 match)
- #:export (docker-configuration
+ #:export (containerd-configuration
+ containerd-service-type
+ docker-configuration
docker-service-type
singularity-service-type
oci-image
@@ -95,7 +97,7 @@ (define-configuration docker-configuration
"Docker client package.")
(containerd
(file-like containerd)
- "containerd package.")
+ "Deprecated. Do not use.")
(proxy
(file-like docker-libnetwork-cmd-proxy)
"The proxy package to support inter-container and outside-container
@@ -117,6 +119,18 @@ (define-configuration docker-configuration
"JSON configuration file to pass to dockerd")
(no-serialization))
+(define-configuration containerd-configuration
+ (containerd
+ (file-like containerd)
+ "containerd package.")
+ (debug?
+ (boolean #f)
+ "Enable or disable debug output.")
+ (environment-variables
+ (list '())
+ "Environment variables to set for containerd.")
+ (no-serialization))
+
(define %docker-accounts
(list (user-group (name "docker") (system? #t))))
@@ -134,24 +148,37 @@ (define (%docker-activation config)
(mkdir-p #$state-dir))))
(define (containerd-shepherd-service config)
- (let* ((package (docker-configuration-containerd config))
- (debug? (docker-configuration-debug? config))
- (containerd (docker-configuration-containerd config)))
+ (match-record config <containerd-configuration>
+ (containerd debug? environment-variables)
(shepherd-service
- (documentation "containerd daemon.")
- (provision '(containerd))
- (start #~(make-forkexec-constructor
- (list (string-append #$package "/bin/containerd")
- #$@(if debug?
- '("--log-level=debug")
- '()))
- ;; For finding containerd-shim binary.
- #:environment-variables
- (list (string-append "PATH=" #$containerd "/bin"))
- #:pid-file "/run/containerd/containerd.pid"
- #:pid-file-timeout 300
- #:log-file "/var/log/containerd.log"))
- (stop #~(make-kill-destructor)))))
+ (documentation "containerd daemon.")
+ (provision '(containerd))
+ (start #~(make-forkexec-constructor
+ (list (string-append #$containerd "/bin/containerd")
+ #$@(if debug?
+ '("--log-level=debug")
+ '()))
+ ;; For finding containerd-shim binary.
+ #:environment-variables
+ (list #$@environment-variables
+ (string-append "PATH=" #$containerd "/bin"))
+ #:pid-file "/run/containerd/containerd.pid"
+ #:pid-file-timeout 300
+ #:log-file "/var/log/containerd.log"))
+ (stop #~(make-kill-destructor)))))
+
+(define containerd-service-type
+ (service-type (name 'containerd)
+ (description "Run containerd container runtime.")
+ (extensions
+ (list
+ ;; Make sure the 'ctr' command is available.
+ (service-extension profile-service-type
+ (compose list containerd-configuration-containerd))
+ (service-extension shepherd-root-service-type
+ (lambda (config)
+ (list (containerd-shepherd-service config))))))
+ (default-value (containerd-configuration))))
(define (docker-shepherd-service config)
(let* ((docker (docker-configuration-docker config))
@@ -208,8 +235,7 @@ (define docker-service-type
%docker-activation)
(service-extension shepherd-root-service-type
(lambda (config)
- (list (containerd-shepherd-service config)
- (docker-shepherd-service config))))
+ (list (docker-shepherd-service config))))
(service-extension account-service-type
(const %docker-accounts))))
(default-value (docker-configuration))))
diff --git a/gnu/tests/docker.scm b/gnu/tests/docker.scm
index d550136b4a..46c886580c 100644
--- a/gnu/tests/docker.scm
+++ b/gnu/tests/docker.scm
@@ -54,6 +54,7 @@ (define %docker-os
(service dbus-root-service-type)
(service polkit-service-type)
(service elogind-service-type)
+ (service containerd-service-type)
(service docker-service-type)))
(define (run-docker-test docker-tarball)
@@ -88,7 +89,21 @@ (define (run-docker-test docker-tarball)
(test-runner-current (system-test-runner #$output))
(test-begin "docker")
- (test-assert "service running"
+ (test-assert "containerd service running"
+ (marionette-eval
+ '(begin
+ (use-modules (gnu services herd))
+ (match (start-service 'containerd)
+ (#f #f)
+ (('service response-parts ...)
+ (match (assq-ref response-parts 'running)
+ ((pid) (number? pid))))))
+ marionette))
+
+ (test-assert "containerd PID file present"
+ (wait-for-file "/run/containerd/containerd.pid" marionette))
+
+ (test-assert "dockerd service running"
(marionette-eval
'(begin
(use-modules (gnu services herd))
@@ -234,6 +249,20 @@ (define (run-docker-system-test tarball)
(test-runner-current (system-test-runner #$output))
(test-begin "docker")
+ (test-assert "containerd service running"
+ (marionette-eval
+ '(begin
+ (use-modules (gnu services herd))
+ (match (start-service 'containerd)
+ (#f #f)
+ (('service response-parts ...)
+ (match (assq-ref response-parts 'running)
+ ((pid) (number? pid))))))
+ marionette))
+
+ (test-assert "containerd PID file present"
+ (wait-for-file "/run/containerd/containerd.pid" marionette))
+
(test-assert "service running"
(marionette-eval
'(begin
@@ -327,6 +356,7 @@ (define %oci-os
(service dbus-root-service-type)
(service polkit-service-type)
(service elogind-service-type)
+ (service containerd-service-type)
(service docker-service-type)
(extra-special-file "/shared.txt"
(plain-file "shared.txt" "hello"))
@@ -384,6 +414,20 @@ (define (run-oci-container-test)
(test-runner-current (system-test-runner #$output))
(test-begin "oci-container")
+ (test-assert "containerd service running"
+ (marionette-eval
+ '(begin
+ (use-modules (gnu services herd))
+ (match (start-service 'containerd)
+ (#f #f)
+ (('service response-parts ...)
+ (match (assq-ref response-parts 'running)
+ ((pid) (number? pid))))))
+ marionette))
+
+ (test-assert "containerd PID file present"
+ (wait-for-file "/run/containerd/containerd.pid" marionette))
+
(test-assert "dockerd running"
(marionette-eval
'(begin

base-commit: bc06affabcf68bbe93e9afee13bef8cc8c6336a2
--
2.41.0
O
O
Oleg Pykhalov wrote on 4 Jun 00:30 +0200
[PATCH 2/2] news: Add entry for 'docker-service-type' changes.
(address . 71324@debbugs.gnu.org)(name . Oleg Pykhalov)(address . go.wigust@gmail.com)
c72c03bc553a5a6a21e9644ee5cbab260dab88cc.1717453849.git.go.wigust@gmail.com
* etc/news.scm: Add entry.

Change-Id: I98d562d8b435b697b7c6529c5e788b5e2db9fa2a
---
etc/news.scm | 29 +++++++++++++++++++++++++++++
1 file changed, 29 insertions(+)

Toggle diff (42 lines)
diff --git a/etc/news.scm b/etc/news.scm
index a511b7ffbc..29bf8a1909 100644
--- a/etc/news.scm
+++ b/etc/news.scm
@@ -31,6 +31,35 @@
(channel-news
(version 0)
+ (entry (commit "22d45fa8e5f64e42b509141c3579a0c1626a5fcf")
+ (title
+ (en "The containerd service is separated from @code{docker-service-type}")
+ (ru "?????? containerd ??????? ?? @code{docker-service-type}"))
+ (body
+ (en "containerd service has been decoupled from the
+@code{docker-service-type}. Moving forward, users are required to specify
+containerd settings manually for their configurations. The
+@code{containerd-service-type} service need to be added to a system
+configuration, otherwise a message about not any service provides
+@code{containerd} will be displayed during @code{guix system reconfigure}.
+
+Run @command{info \"(guix) Miscellaneous Services\"} for more info.")
+ (ru "?????? containerd ??? ??????? ?? @code{docker-service-type}.
+?????? ????????????? ??????????? ????????? ????????? containerd ??????? ???
+????? ????????????. ?????? @code{containerd-service-type} ?????? ????
+???????? ? ???????????? ???????, ? ????????? ?????? ????? ?????????? ?????????
+? ???, ??? ?? ???? ?????? ?? ????????????? ????????? ??? @code{containerd} ??
+????? ?????????? ??????? @code{guix system reconfigure}.
+
+???????? @command{info \"(guix.ru) ????????????? ??????\"} ??? ????????? ?????
+????????? ????????.")
+ (de "Es gibt einen eigenen containerd-Dienst losgelöst von
+@code{docker-service-type}. In Zukunft müssen Nutzer dort manuelle
+Einstellungen für containerd vornehmen.
+
+Siehe @command{info \"(guix.de) Verschiedene Dienste\"} für genauere
+Informationen.")))
+
(entry (commit "8d1d98a3aa3448b9d983e4bd64243a938b96e8ab")
(title
(en "@command{guix git authenticate} usage simplified")
--
2.41.0
P
P
pelzflorian (Florian Pelz) wrote on 4 Jun 12:13 +0200
(name . Oleg Pykhalov)(address . go.wigust@gmail.com)
87tti92eyq.fsf@pelzflorian.de
Thank you for making the changes. Could you similarly augment the
German translation in this way:

(de "Es gibt einen eigenen containerd-Dienst losgelöst von
@code{docker-service-type}. In Zukunft müssen Nutzer dort manuelle
Einstellungen für containerd vornehmen. Der Dienst
@code{containerd-service-type} muss zur Systemkonfiguration hinzugefügt
werden, sonst wird durch @code{guix system reconfigure} eine Meldung
gezeigt, dass kein Dienst @code{containerd} zur Verfügung stellt.

Siehe @command{info \"(guix.de) Verschiedene Dienste\"} für genauere
Informationen.")))

Regards,
Florian
C
C
Carlo Zancanaro wrote on 4 Jun 13:11 +0200
Re: [bug#71324] [PATCH] news: Add entry for 'docker-service-type' changes.
(name . Oleg Pykhalov)(address . go.wigust@gmail.com)
87zfs13qth.fsf@zancanaro.id.au
On Mon, Jun 03 2024, Oleg Pykhalov wrote:
Toggle quote (4 lines)
> Every docker-service-type user will need to add containerd-service-type
> to their system configurations, otherwise a message about not any
> service provides containerd will be displayed during reconfigure.

Is this necessary? If I understand correctly, the docker service has a
hard dependency on containerd, so having to specify it every time is
unnecessary boilerplate. Could we add an extension for containerd that
does nothing, but which the docker service can use just to request its
inclusion? Something like:

Toggle snippet (17 lines)
(define containerd-service-type
(service-type (name 'containerd)
(description ...)
(extensions ...)
;; Declare an extension point, so containerd can be requested
;; by other services without affecting its configuration.
(compose (const #t))
(extend (lambda (config _) config))
(default-value (containerd-configuration))))

(define docker-service-type
(service-type ...
(extensions
...
(service-extension containerd-service-type (const #t)))))

That way users could instantiate containerd themselves if they need some
particular configuration, but if not it would be pulled in automatically
by the docker service. Hopefully this would cause less of an issue for
existing configs that don't use a custom containerd (like mine).

We could even, for backwards compatibility, allow the docker service
type to pass through the containerd package from its old configuration
(while printing a warning). This could make it possible to separate
containerd from docker without breaking any existing configurations.

Carlo
O
O
Oleg Pykhalov wrote on 4 Jun 15:41 +0200
(name . Carlo Zancanaro)(address . carlo@zancanaro.id.au)
87zfs0g70p.fsf@gmail.com
Hello Carlo,

Thank you for your thoughtful review and valuable suggestions.

Carlo Zancanaro <carlo@zancanaro.id.au> writes:

Toggle quote (11 lines)
> On Mon, Jun 03 2024, Oleg Pykhalov wrote:
>> Every docker-service-type user will need to add containerd-service-type
>> to their system configurations, otherwise a message about not any
>> service provides containerd will be displayed during reconfigure.
>
> Is this necessary? If I understand correctly, the docker service has a
> hard dependency on containerd, so having to specify it every time is
> unnecessary boilerplate. Could we add an extension for containerd that
> does nothing, but which the docker service can use just to request its
> inclusion? Something like:

Technically, Docker relies on a container runtime, not specifically
limited to containerd. While containerd is a popular choice, there are
alternative runtime options available as well.

Toggle quote (21 lines)
> (define containerd-service-type
> (service-type (name 'containerd)
> (description ...)
> (extensions ...)
> ;; Declare an extension point, so containerd can be requested
> ;; by other services without affecting its configuration.
> (compose (const #t))
> (extend (lambda (config _) config))
> (default-value (containerd-configuration))))
>
> (define docker-service-type
> (service-type ...
> (extensions
> ...
> (service-extension containerd-service-type (const #t)))))
>
> That way users could instantiate containerd themselves if they need some
> particular configuration, but if not it would be pulled in automatically
> by the docker service. Hopefully this would cause less of an issue for
> existing configs that don't use a custom containerd (like mine).

Will this mechanism support the use of different container runtimes?

Toggle quote (5 lines)
> We could even, for backwards compatibility, allow the docker service
> type to pass through the containerd package from its old configuration
> (while printing a warning). This could make it possible to separate
> containerd from docker without breaking any existing configurations.

If I understand correctly, could we potentially prevent users from
needing to provide the containerd-service-type and instead issue a
warning that they will need to provide it in the future? I believe this
would be a great solution, but I couldn't locate it while writing this
patch.


Regards,
Oleg.
-----BEGIN PGP SIGNATURE-----

iQJIBAEBCgAyFiEEcjhxI46s62NFSFhXFn+OpQAa+pwFAmZfGXYUHGdvLndpZ3Vz
dEBnbWFpbC5jb20ACgkQFn+OpQAa+pzDjQ/+Jsx8LqEmC12vve2D/5r+AidLZiO7
A3ZP7OzOsYdYjlNVUjaPHl0oDVaywSx7ocoZHx/R5UC2B4G8nPSdrN61RLJirsOe
rbrJ7Cetbmilfu8svoE8Tjh5x7RDox2of9JJ0J3lTKGN1WjK7DOUez+2BKki3UAI
uSQ4LtuPZ0QPx4uFFquLsnxQ8t77XjlMyLLtVGkCpPBTzTu/Is61FCe5W6G6mnEo
Ic5df6PITl8Jyc4frQ8sByqIiRcBAM6CebS+X2LzL55Hfq2a1IXQOoG0MlRA13MB
FBYx2Ap+k5WQK+tRsiQp6XMI9r++/9Z9YUTpL0cDz0QrTb+vbTRw4Rnh/KEvJ3uM
70HrazWdRN+qCM2vbLBJopr1IiikahCYWaKchlSHGZRJEvMVOxMJEj4ykElQJfxT
cDWxgJICvl6R0rFMXMPUVu0TY3O/nVGCM0M2haZeiE7C5plHUKCOEvrOuNeQYRay
4P3YDIAi2gkrAmN3nn1WqIXdMocRESGE3jMIdB/fTi7kZiPluhzvgyA34SJCCJHs
Hr41rv0Tn5KO3ubH/r7jiLerBkN6RuJELHxLBU+XRs6FPUd0GS6c3/ya7TwNVV1f
FxqEEpxRHAs90L+avSUTp9HPnR3aQLgqtmcMIYdFsu4TXRjy8TC5I56QfM2O+fJX
xBQX89foOIXbG4s=
=WAtb
-----END PGP SIGNATURE-----

C
C
Carlo Zancanaro wrote on 4 Jun 16:22 +0200
(name . Oleg Pykhalov)(address . go.wigust@gmail.com)
87mso04wku.fsf@zancanaro.id.au
HI Oleg,

On Tue, Jun 04 2024, Oleg Pykhalov wrote:
Toggle quote (4 lines)
> Technically, Docker relies on a container runtime, not specifically
> limited to containerd. While containerd is a popular choice, there are
> alternative runtime options available as well.

Ah, okay. That complicates things if we want to support multiple
options. I misunderstood the situation.

Toggle quote (2 lines)
> Will this mechanism support the use of different container runtimes?

No, unfortunately I don't think it would. The extensions are a static
property of the service type, so the request to create a containerd
service can't be turned on/off based on the configuration. You could
make the containerd configuration have a "do nothing" configuration by
default, but then that's confusing for using containerd directly.

To manage multiple container runtimes we could add additional docker
service types, with names like containerd-docker-service-type. That
might be a pain to maintain, depending on how many container runtimes
there are.

I have thought for a while now that would be nice to have a way for a
service extension to return a "disregard this extension" value. This
would allow us to have extensions that are turned on/off by config.
Unfortunately, it doesn't seem straightforward to do given the way
things are currently implemented.

Toggle quote (6 lines)
> If I understand correctly, could we potentially prevent users from
> needing to provide the containerd-service-type and instead issue a
> warning that they will need to provide it in the future? I believe this
> would be a great solution, but I couldn't locate it while writing this
> patch.

I can't think of a way to warn the user if they haven't provided a
containerd service, but to create one anyway. The only way I could think
to do it would be to force them to provide an explicit configuration, so
we can detect that the service was not created with the default
configuration (i.e. by the docker service). That's not ideal.

Carlo
?
Your comment

Commenting via the web interface is currently disabled.

To comment on this conversation send an email to 71324@debbugs.gnu.org

To respond to this issue using the mumi CLI, first switch to it
mumi current 71324
Then, you may apply the latest patchset in this issue (with sign off)
mumi am -- -s
Or, compose a reply to this issue
mumi compose
Or, send patches to this issue
mumi send-email *.patch