Last active
August 29, 2015 14:04
-
-
Save glyn/e52612085e7e8529ad91 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Objectives: | |
1. Avoid file system implementation bias on libcontainer API | |
2. Make the caller of the API responsible for storing/persisting the state necessary to re-create | |
a container from the underlying cgroups, etc. | |
3. Ideally, clarify the notion of ownership in the API to avoid write conflicts due to misunderstanding. | |
At a minimum this needs to be clearly documented. | |
Current situation | |
Caller passes a file system path on Create. libcontainer stores a "memento" (file) there sufficient to | |
re-create the Container instance. When this or another caller wants to re-create the container, it | |
passes the original path on Load() and libcontainer reads the memento and returns a corresponding | |
Container instance. | |
Problems | |
1. The choice of file system based implementation is exposed on the API. It would be hard to switch to | |
different implementation without impacting callers. | |
2. The caller has to manage writeable directories and pass these in, even when persistence isn't needed. | |
3. The notion of ownership is unclear: the caller of Load could easily use the returned Container | |
to interfere with the use of another Container instance. | |
Proposal | |
Add a method to the Container interface to obtain a "memento" (possibly just an "opaque" array or slice | |
of bytes) and add a method to the Factory interface to (re-)construct a Container from a memento. The | |
caller is free to persist the memento to a file if they want to. | |
The memento includes the Container's id (sufficient to find the cgroup hierarchy), the init pid, | |
the start time of the init pid, network bridges, and the container configuration. | |
The "owner" should be responsible for managing the memento, but the API is happy to dish out mementos | |
and construct Containers from mementos as requested. | |
The API provides a way of registering a callback function which is driven when the memento content | |
changes. The callback is passed the new memento. The callback could, for example, update the | |
file with the new memento. Only the "owner" should be able to register a callback, so the callback is | |
a synchronous notification in the owner's process. For simplicity, the callback must not call the API | |
and if it does, the behaviour is undefined. | |
Optionally, the Factory could have methods to load either a Container or a read-only view of a Container | |
from a memento, thus clarifying ownership. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment