Getting Started with Containerd
containerd is available as a daemon for Linux and Windows. It manages the complete container lifecycle of its host system, from image transfer and storage to container execution and supervision to low-level storage to network attachments and beyond.
Why containerd? The answer relies on Docker 1.11 announcement:
We are excited to introduce Docker Engine 1.11, our first release built on runC ™ and containerd ™. With this release, Docker is the first to ship a runtime based on OCI technology
So naturally, after exploring runC for a bit, let’s explore containerd.
In this post, I will share details of how I setup containerd on a CentOS 7. I followed this document Build containerd from source .
I had already installed Go and runC (default runtime for containerd), so I skipped installing them.
$ go version
go version go1.12.5 linux/amd64
$ runc -v
runc version spec: 1.0.0If it’s needed Go can be installed by following this document → https://golang.org/doc/install
As for runC :
go get github.com/opencontainers/runc
cd $GOPATH/src/github.com/opencontainers/runc
make
sudo make installNow, back to my setup. First, I installed Btrfs :
$ sudo yum install btrfs-progs-develcontainerd needs Protoc 3.X compiler and headers, so I installed the from latest release of protobuf 3.8 from Google.
$ wget -c https://github.com/protocolbuffers/protobuf/releases/download/v3.8.0/protoc-3.8.0-linux-x86_64.zip
$ sudo unzip protoc-3.8.0-linux-x86_64.zip -d /usr/locallibseccomp
As for libseccomp, I cloned git repo and then compiled and installed it. First the required tools for compiling
$ git clone https://github.com/seccomp/libseccomp.git$ cd libseccomp/$ ./autogen.sh
./autogen.sh: line 22: autoreconf: command not foundSo I had to install autoconf and a few other pkgs$ sudo yum install autoconf automake libtool
Then I went through the compilation and installation
$ ./autogen.sh
$./configure
$ make
$ sudo make installThe following two steps, I had some difficulty . These steps may be unnecessary or could be done better.
I needed to set PKG_CONFIG_PATH to directory where libseccomp.pc exists
$ export PKG_CONFIG_PATH=/home/centos/libseccompI had to edit /usr/local/include/seccomp.h for version as it was showing 0.0.0
#define SCMP_VER_MAJOR 2
#define SCMP_VER_MINOR 4
#define SCMP_VER_MICRO 1Building and running containerd
After getting required software ready I continued with building containerd
go get github.com/containerd/containerd
cd $GOPATH/src/github.com/containerd/containerd
make
$ sudo make installI had to tell containerd about libseccomp which was installed under /usr/local/lib. To run on command line I had to add ENV
LD_LIBRARY_PATH=/usr/local/lib
LD_RUN_PATH=/usr/local/libexport LD_LIBRARY_PATH LD_RUN_PATH
Containerd uses /etc/containerd/config.toml configuration by default, so I created one :
# mkdir /etc/containerd/
#/usr/local/bin/containerd config default > /etc/containerd/config.tomlThen ran containerd from /usr/local/bin directory
# /usr/local/bin/containerdAt this point, containerd started up.
Using systemd to manage containerd
I wanted to use systemd to manage containerd, so I used the provided containerd.service file as a starting point:
# cp containerd.service /etc/systemd/system/
# chmod 664 /etc/systemd/system/containerd.serviceI added two lines to the containerd.service file for the same reason as above
Environment=LD_LIBRARY_PATH=/usr/local/lib
Environment=LD_RUN_PATH=/usr/local/libThen I enabled and started
# systemctl enable containerd# systemctl start containerd# systemctl status containerd
● containerd.service — containerd container runtime
Loaded: loaded (/etc/systemd/system/containerd.service; enabled; vendor preset: disabled)
Active: active (running) since
systemd status showed containerd is running. Checking ps command also showed containerd process is running
# ps -f -C containerd
UID PID PPID C STIME TTY TIME CMD
root 4148 1 0 18:50 ? 00:00:00 /usr/local/bin/containerdConnecting to containerd
containerd contains a client ‘ctr’ thaat can be used to issue commands against containerd daemon. To get started, I checked version:
# ctr version
Client:
Version: v1.2.0–602-g0e7a3c9
Revision: 0e7a3c9e513da1f1dda163d5872a974a4db07d02Server:
Version: v1.2.0–602-g0e7a3c9
Revision: 0e7a3c9e513da1f1dda163d5872a974a4db07d02
Then issued a simple command:
# ctr image ls
REF TYPE DIGEST SIZE PLATFORMS LABELS
#These results show containerd is running and we are able to connect to it and issue commands.
Be sure to check my other post about communicating with containerd over GRPC using java
Happy containerizing…
