Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: run action for OCI bundle #1093

Merged
merged 3 commits into from
Nov 2, 2022
Merged

feat: run action for OCI bundle #1093

merged 3 commits into from
Nov 2, 2022

Conversation

dtrudg
Copy link
Member

@dtrudg dtrudg commented Oct 27, 2022

Description of the Pull Request (PR):

As a first step toward run/shell/exec actions on native OCI images, implement a minimal singularity run --oci mybundle which:

  • Requires an on-disk bundle with appropriate config.json.
  • Runs this bundle using crun or runc.
  • Makes no attempt to handle any arguments or options.
  • Does not modify the config.json - i.e. it must match namespace / mapping requirements for rootless execution etc.

At this stage, the functionality is essentially equivalent to singularity oci run and is not yet useful.

The primary purpose of the PR is to refactor some of the code that passes args for launching a container.

In addition, we now use crun in preference to runc if available. crun supports e.g. single uid->uid mapping in a usernamespace (without root mapping).

This fixes or addresses the following GitHub issues:

Before submitting a PR, make sure you have done the following:

@dtrudg dtrudg added this to the SingularityCE 3.11 milestone Oct 27, 2022
@dtrudg dtrudg self-assigned this Oct 27, 2022
@dtrudg dtrudg force-pushed the oci-actions branch 11 times, most recently from dd91282 to 66bebdb Compare November 1, 2022 11:37
dtrudg added 3 commits November 1, 2022 14:43
@dtrudg
feat: run action for OCI bundle
730dd44 
As a first step toward run/shell/exec actions on native OCI images,
implement a minimal `singularity run --oci mybundle` which:

* Requires an on-disk bundle with appropriate `config.json`.
* Runs this bundle using `crun` or `runc`.
* Makes no attempt to handle any arguments or options.
* Does not modify the `config.json` - i.e. it must match namespace /
  mapping requirements for rootless execution etc.

At this stage, the functionality is essentially equivalent to
`singularity oci run` and is not yet useful.

The primary purpose of the PR is to refactor some of the code that
passes args for launching a container.

In addition, we now use `crun` in preference to `runc` if
available. `crun` supports e.g. single uid->uid mapping in a
usernamespace (without root mapping).

Closes sylabs#598
@dtrudg
e2e: oci: add subtests, move help to parallel
5e3b403 
Add subtest information to the large multi-step OCI test functions for
easier debugging.

Move the test of `oci help` out of the SEQ/ordered section. It can run
in parallel, and only once regardless of cgroups managers available.
@dtrudg
chore(ci): use crun 1.6
b0768ac 
The Ubuntu packaged crun is very old. Use a release from GitHub instead.
@dtrudg dtrudg marked this pull request as ready for review November 1, 2022 15:05
@dtrudg dtrudg merged commit 51d94f5 into sylabs:main Nov 2, 2022
@dtrudg dtrudg deleted the oci-actions branch November 2, 2022 09:24
@dtrudg dtrudg mentioned this pull request Nov 11, 2022
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@tri-adam tri-adam tri-adam approved these changes

Assignees

@dtrudg dtrudg

Labels
None yet
Projects
None yet
Milestone
SingularityCE 3.11
Development

Successfully merging this pull request may close these issues.

Experimental support for run/shell/exec of native OCI containers via OCI engine
2 participants
@dtrudg @tri-adam