runc/runtime.md

# Runtime and Lifecycle

## Scope of a Container

Barring access control concerns, the entity using a runtime to create a container MUST be able to use the operations defined in this specification against that same container.
Whether other entities using the same, or other, instance of the runtime can see that container is out of scope of this specification.

## State

The state of a container MUST include, at least, the following properties:

* **`ociVersion`**: (string) is the OCI specification version used when creating the container.
* **`id`**: (string) is the container's ID.
This MUST be unique across all containers on this host.
There is no requirement that it be unique across hosts.
* **`pid`**: (int) is the ID of the main process within the container, as seen by the host.
* **`bundlePath`**: (string) is the absolute path to the container's bundle directory.
This is provided so that consumers can find the container's configuration and root filesystem on the host.

When serialized in JSON, the format MUST adhere to the following pattern:

```json
{
    "ociVersion": "0.2.0",
    "id": "oci-container1",
    "pid": 4422,
    "bundlePath": "/containers/redis"
}
```

See [Query State](#query-state) for information on retrieving the state of a container.

## Lifecycle
The lifecycle describes the timeline of events that happen from when a container is created to when it ceases to exist.

1. OCI compliant runtime's `create` command is invoked with a reference to the location of the bundle and a unique identifier.
2. The container's runtime environment MUST be created according to the configuration in [`config.json`](config.md).
   While the resources requested in the [`config.json`](config.md) MUST be created, the user-specified code (from [`process`](config.md#process-configuration) MUST NOT be run at this time.
   Any updates to `config.json` after this step MUST NOT affect the container.
3. Once the container is created additional actions MAY be performed based on the features the runtime chooses to support.
   However, some actions might only be available based on the current state of the container (e.g. only available while it is started).
4. Runtime's `start` command is invoked with the unique identifier of the container.
   The runtime MUST run the user-specified code, as specified by [`process`](config.md#process-configuration).
5. The container's process is stopped.
   This MAY happen due to them erroring out, exiting, crashing or the runtime's `kill` operation being invoked.
6. Runtime's `delete` command is invoked with the unique identifier of the container.
   The container MUST be destroyed by undoing the steps performed during create phase (step 2).

## Errors

In cases where the specified operation generates an error, this specification does not mandate how, or even if, that error is returned or exposed to the user of an implementation.
Unless otherwise stated, generating an error MUST leave the state of the environment as if the operation were never attempted - modulo any possible trivial ancillary changes such as logging.

## Operations

OCI compliant runtimes MUST support the following operations, unless the operation is not supported by the base operating system.

Note: these operations are not specifying any command-line APIs, and the paramenters are inputs for general operations.

### Query State

`state <container-id>`

This operation MUST generate an error if it is not provided the ID of a container.
Attempting to query a container that does not exist MUST generate an error.
This operation MUST return the state of a container as specified in the [State](#state) section.

### Create

`create <container-id> <path-to-bundle>`

This operation MUST generate an error if it is not provided a path to the bundle and the container ID to associate with the container.
If the ID provided is not unique across all containers within the scope of the runtime, or is not valid in any other way, the implementation MUST generate an error and a new container MUST not be created.
Using the data in [`config.json`](config.md), this operation MUST create a new container.
This means that all of the resources associated with the container MUST be created, however, the user-specified process MUST NOT be run at this time.

The runtime MAY validate `config.json` against this spec, either generically or with respect to the local system capabilities, before creating the container ([step 2](#lifecycle)).
Runtime callers who are interested in pre-create validation can run [bundle-validation tools](implementations.md#testing--tools) before invoking the create operation.

Any changes made to the [`config.json`](config.md) file after this operation will not have an effect on the container.

### Start
`start <container-id>`

This operation MUST generate an error if it is not provided the container ID.
Attempting to start a container that does not exist MUST generate an error.
Attempting to start an already started container MUST have no effect on the container and MUST generate an error.
This operation MUST run the user-specified code as specified by [`process`](config.md#process-configuration).
If the runtime fails to run the code as specified, an error MUST be generated.

### Kill
`kill <container-id> <signal>`

This operation MUST generate an error if it is not provided the container ID.
Attempting to send a signal to a container that is not running MUST have no effect on the container and MUST generate an error.
This operation MUST send the specified signal to the process in the container.

### Delete
`delete <container-id>`

This operation MUST generate an error if it is not provided the container ID.
Attempting to delete a container that does not exist MUST generate an error.
Attempting to delete a container whose process is still running MUST generate an error.
Deleting a container MUST delete the resources that were created during the `create` step.
Note that resources associated with the container, but not created by this container, MUST NOT be deleted.
Once a container is deleted its ID MAY be used by a subsequent container.


## Hooks
Many of the operations specified in this specification have "hooks" that allow for additional actions to be taken before or after each operation.
See [runtime configuration for hooks](./config.md#hooks) for more information.
*: re-org the spec We had an in-person spec discussion, lets separate the spec into some high-level sections to clarify future discussion. Crosby agreed to let me merge to master :) 2015-06-25 08:15:48 +08:00			`# Runtime and Lifecycle`
created spec docs 2015-06-06 08:39:27 +08:00
Expand on the definition of our ops Signed-off-by: Doug Davis <dug@us.ibm.com> 2015-10-14 01:31:03 +08:00			`## Scope of a Container`

			`Barring access control concerns, the entity using a runtime to create a container MUST be able to use the operations defined in this specification against that same container.`
			`Whether other entities using the same, or other, instance of the runtime can see that container is out of scope of this specification.`
Add runtime state configuration and structs This adds runtime state information for oci container's so that it can be persisted and used by external tools. Signed-off-by: Michael Crosby <crosbymichael@gmail.com> 2015-07-30 05:09:30 +08:00
Expand on the definition of our ops Signed-off-by: Doug Davis <dug@us.ibm.com> 2015-10-14 01:31:03 +08:00			`## State`
Add some clarity around the state.json file Signed-off-by: Doug Davis <dug@us.ibm.com> 2015-10-03 04:21:31 +08:00
[ Runtime \| State] Fix typo propeties --> properties Signed-off-by: Rob Dolin <RobDolin@microsoft.com> 2016-04-27 08:49:31 +08:00			`The state of a container MUST include, at least, the following properties:`
Add some clarity around the state.json file Signed-off-by: Doug Davis <dug@us.ibm.com> 2015-10-03 04:21:31 +08:00
Expand on the definition of our ops Signed-off-by: Doug Davis <dug@us.ibm.com> 2015-10-14 01:31:03 +08:00			* `ociVersion`: (string) is the OCI specification version used when creating the container.
Add some clarity around the state.json file Signed-off-by: Doug Davis <dug@us.ibm.com> 2015-10-03 04:21:31 +08:00			* `id`: (string) is the container's ID.
			`This MUST be unique across all containers on this host.`
			`There is no requirement that it be unique across hosts.`
			* `pid`: (int) is the ID of the main process within the container, as seen by the host.
			* `bundlePath`: (string) is the absolute path to the container's bundle directory.
			`This is provided so that consumers can find the container's configuration and root filesystem on the host.`
Add runtime state configuration and structs This adds runtime state information for oci container's so that it can be persisted and used by external tools. Signed-off-by: Michael Crosby <crosbymichael@gmail.com> 2015-07-30 05:09:30 +08:00
Expand on the definition of our ops Signed-off-by: Doug Davis <dug@us.ibm.com> 2015-10-14 01:31:03 +08:00			`When serialized in JSON, the format MUST adhere to the following pattern:`
*.md: normalize the "example" anchors Signed-off-by: Vincent Batts <vbatts@hashbangbash.com> 2016-03-17 09:26:12 +08:00
Add runtime state configuration and structs This adds runtime state information for oci container's so that it can be persisted and used by external tools. Signed-off-by: Michael Crosby <crosbymichael@gmail.com> 2015-07-30 05:09:30 +08:00			```json
			`{`
Expand on the definition of our ops Signed-off-by: Doug Davis <dug@us.ibm.com> 2015-10-14 01:31:03 +08:00			`"ociVersion": "0.2.0",`
			`"id": "oci-container1",`
Add runtime state configuration and structs This adds runtime state information for oci container's so that it can be persisted and used by external tools. Signed-off-by: Michael Crosby <crosbymichael@gmail.com> 2015-07-30 05:09:30 +08:00			`"pid": 4422,`
Example lists "root' but text mentions "bundlePath" Signed-off-by: Andrii Melnykov <andy.melnikov@gmail.com> 2015-11-29 18:59:49 +08:00			`"bundlePath": "/containers/redis"`
Add runtime state configuration and structs This adds runtime state information for oci container's so that it can be persisted and used by external tools. Signed-off-by: Michael Crosby <crosbymichael@gmail.com> 2015-07-30 05:09:30 +08:00			`}`
			```

Expand on the definition of our ops Signed-off-by: Doug Davis <dug@us.ibm.com> 2015-10-14 01:31:03 +08:00			`See [Query State](#query-state) for information on retrieving the state of a container.`

*: re-org the spec We had an in-person spec discussion, lets separate the spec into some high-level sections to clarify future discussion. Crosby agreed to let me merge to master :) 2015-06-25 08:15:48 +08:00			`## Lifecycle`
Add lifecycle for containers The lifecycle described is generic and should apply all platforms. It provides leeway for the runtimes to be flexible in how they implement it. Signed-off-by: Mrunal Patel <mrunalp@gmail.com> 2015-10-23 03:50:40 +08:00			`The lifecycle describes the timeline of events that happen from when a container is created to when it ceases to exist.`
runtime: Restore leading blank line before lifecycle list Restore the line removed by be594153 (Split create and start, 2016-04-01, #384). Without this, GitHub renders the list as a single paragraph. Signed-off-by: W. Trevor King <wking@tremily.us> 2016-05-27 14:08:11 +08:00
Split create and start Signed-off-by: Doug Davis <dug@us.ibm.com> 2016-04-01 23:42:13 +08:00			1. OCI compliant runtime's `create` command is invoked with a reference to the location of the bundle and a unique identifier.
Expand on the definition of our ops Signed-off-by: Doug Davis <dug@us.ibm.com> 2015-10-14 01:31:03 +08:00			2. The container's runtime environment MUST be created according to the configuration in [`config.json`](config.md).
Split create and start Signed-off-by: Doug Davis <dug@us.ibm.com> 2016-04-01 23:42:13 +08:00			While the resources requested in the [`config.json`](config.md) MUST be created, the user-specified code (from [`process`](config.md#process-configuration) MUST NOT be run at this time.
			Any updates to `config.json` after this step MUST NOT affect the container.
			`3. Once the container is created additional actions MAY be performed based on the features the runtime chooses to support.`
runtime: Consistent indent for "However, some actions..." The shorter-than-normal (for the rest of this list) indent landed with the line in be594153 (Split create and start, 2016-04-01, #384). Signed-off-by: W. Trevor King <wking@tremily.us> 2016-05-27 13:43:03 +08:00			`However, some actions might only be available based on the current state of the container (e.g. only available while it is started).`
Split create and start Signed-off-by: Doug Davis <dug@us.ibm.com> 2016-04-01 23:42:13 +08:00			4. Runtime's `start` command is invoked with the unique identifier of the container.
			The runtime MUST run the user-specified code, as specified by [`process`](config.md#process-configuration).
			`5. The container's process is stopped.`
			This MAY happen due to them erroring out, exiting, crashing or the runtime's `kill` operation being invoked.
			6. Runtime's `delete` command is invoked with the unique identifier of the container.
			`The container MUST be destroyed by undoing the steps performed during create phase (step 2).`
runtime: Add prestart/poststop hooks Signed-off-by: Mrunal Patel <mrunalp@gmail.com> Add hooks to the spec Signed-off-by: Mrunal Patel <mrunalp@gmail.com> 2015-08-04 01:52:52 +08:00
Move errors section out of operations The `Errors` section is more like a general description about runtime, if it's a sub-section of `Operations`, it'll be hard for both implementations and tests to define what this `errors` operation really is. Signed-off-by: Qiang Huang <h.huangqiang@huawei.com> 2016-05-23 15:48:20 +08:00			`## Errors`
Expand on the definition of our ops Signed-off-by: Doug Davis <dug@us.ibm.com> 2015-10-14 01:31:03 +08:00
			`In cases where the specified operation generates an error, this specification does not mandate how, or even if, that error is returned or exposed to the user of an implementation.`
			`Unless otherwise stated, generating an error MUST leave the state of the environment as if the operation were never attempted - modulo any possible trivial ancillary changes such as logging.`

Move errors section out of operations The `Errors` section is more like a general description about runtime, if it's a sub-section of `Operations`, it'll be hard for both implementations and tests to define what this `errors` operation really is. Signed-off-by: Qiang Huang <h.huangqiang@huawei.com> 2016-05-23 15:48:20 +08:00			`## Operations`

			`OCI compliant runtimes MUST support the following operations, unless the operation is not supported by the base operating system.`

Clarify the operation is not for command-line api Replace: https://github.com/opencontainers/runtime-spec/pull/447 Signed-off-by: Qiang Huang <h.huangqiang@huawei.com> 2016-05-24 15:12:36 +08:00			`Note: these operations are not specifying any command-line APIs, and the paramenters are inputs for general operations.`

Expand on the definition of our ops Signed-off-by: Doug Davis <dug@us.ibm.com> 2015-10-14 01:31:03 +08:00			`### Query State`

			`state <container-id>`

			`This operation MUST generate an error if it is not provided the ID of a container.`
Split create and start Signed-off-by: Doug Davis <dug@us.ibm.com> 2016-04-01 23:42:13 +08:00			`Attempting to query a container that does not exist MUST generate an error.`
Expand on the definition of our ops Signed-off-by: Doug Davis <dug@us.ibm.com> 2015-10-14 01:31:03 +08:00			`This operation MUST return the state of a container as specified in the [State](#state) section.`

Split create and start Signed-off-by: Doug Davis <dug@us.ibm.com> 2016-04-01 23:42:13 +08:00			`### Create`
Expand on the definition of our ops Signed-off-by: Doug Davis <dug@us.ibm.com> 2015-10-14 01:31:03 +08:00
Split create and start Signed-off-by: Doug Davis <dug@us.ibm.com> 2016-04-01 23:42:13 +08:00			`create <container-id> <path-to-bundle>`
Expand on the definition of our ops Signed-off-by: Doug Davis <dug@us.ibm.com> 2015-10-14 01:31:03 +08:00
			`This operation MUST generate an error if it is not provided a path to the bundle and the container ID to associate with the container.`
Split create and start Signed-off-by: Doug Davis <dug@us.ibm.com> 2016-04-01 23:42:13 +08:00			`If the ID provided is not unique across all containers within the scope of the runtime, or is not valid in any other way, the implementation MUST generate an error and a new container MUST not be created.`
			Using the data in [`config.json`](config.md), this operation MUST create a new container.
			`This means that all of the resources associated with the container MUST be created, however, the user-specified process MUST NOT be run at this time.`
Expand on the definition of our ops Signed-off-by: Doug Davis <dug@us.ibm.com> 2015-10-14 01:31:03 +08:00
runtime: Explicitly allow 'start' to not validate config.json This spec places RFC-2119 requirements on both bundles (bundle.md, config.md, ...) and runtimes (runtime.md, runtime-linux.md). While it's possible to envision a system where bundle validation is required before container setup begins, it is also possible to decoupled validation and allow the runtime to blindly stumble through as far as it can. We already link to ocitools and OCT for testing both runtimes and bundles [1], so users interested in pre-start validation can use those tools. This commit explicitly documents the non-requirement and links to those tools, to make life less surprising for everybody. [1]: https://github.com/opencontainers/runtime-spec/blob/v0.5.0/implementations.md#testing--tools Signed-off-by: W. Trevor King <wking@tremily.us> 2016-05-03 02:33:13 +08:00			The runtime MAY validate `config.json` against this spec, either generically or with respect to the local system capabilities, before creating the container ([step 2](#lifecycle)).
Split create and start Signed-off-by: Doug Davis <dug@us.ibm.com> 2016-04-01 23:42:13 +08:00			`Runtime callers who are interested in pre-create validation can run [bundle-validation tools](implementations.md#testing--tools) before invoking the create operation.`

			Any changes made to the [`config.json`](config.md) file after this operation will not have an effect on the container.

			`### Start`
			`start <container-id>`
runtime: Explicitly allow 'start' to not validate config.json This spec places RFC-2119 requirements on both bundles (bundle.md, config.md, ...) and runtimes (runtime.md, runtime-linux.md). While it's possible to envision a system where bundle validation is required before container setup begins, it is also possible to decoupled validation and allow the runtime to blindly stumble through as far as it can. We already link to ocitools and OCT for testing both runtimes and bundles [1], so users interested in pre-start validation can use those tools. This commit explicitly documents the non-requirement and links to those tools, to make life less surprising for everybody. [1]: https://github.com/opencontainers/runtime-spec/blob/v0.5.0/implementations.md#testing--tools Signed-off-by: W. Trevor King <wking@tremily.us> 2016-05-03 02:33:13 +08:00
Split create and start Signed-off-by: Doug Davis <dug@us.ibm.com> 2016-04-01 23:42:13 +08:00			`This operation MUST generate an error if it is not provided the container ID.`
			`Attempting to start a container that does not exist MUST generate an error.`
			`Attempting to start an already started container MUST have no effect on the container and MUST generate an error.`
			This operation MUST run the user-specified code as specified by [`process`](config.md#process-configuration).
			`If the runtime fails to run the code as specified, an error MUST be generated.`

			`### Kill`
			`kill <container-id> <signal>`
Expand on the definition of our ops Signed-off-by: Doug Davis <dug@us.ibm.com> 2015-10-14 01:31:03 +08:00
Split create and start Signed-off-by: Doug Davis <dug@us.ibm.com> 2016-04-01 23:42:13 +08:00			`This operation MUST generate an error if it is not provided the container ID.`
			`Attempting to send a signal to a container that is not running MUST have no effect on the container and MUST generate an error.`
			`This operation MUST send the specified signal to the process in the container.`
Expand on the definition of our ops Signed-off-by: Doug Davis <dug@us.ibm.com> 2015-10-14 01:31:03 +08:00
Split create and start Signed-off-by: Doug Davis <dug@us.ibm.com> 2016-04-01 23:42:13 +08:00			`### Delete`
			`delete <container-id>`
Expand on the definition of our ops Signed-off-by: Doug Davis <dug@us.ibm.com> 2015-10-14 01:31:03 +08:00
			`This operation MUST generate an error if it is not provided the container ID.`
Split create and start Signed-off-by: Doug Davis <dug@us.ibm.com> 2016-04-01 23:42:13 +08:00			`Attempting to delete a container that does not exist MUST generate an error.`
			`Attempting to delete a container whose process is still running MUST generate an error.`
			Deleting a container MUST delete the resources that were created during the `create` step.
			`Note that resources associated with the container, but not created by this container, MUST NOT be deleted.`
			`Once a container is deleted its ID MAY be used by a subsequent container.`
Expand on the definition of our ops Signed-off-by: Doug Davis <dug@us.ibm.com> 2015-10-14 01:31:03 +08:00
*.md: markdown formatting Closes https://github.com/opencontainers/specs/issues/83 Signed-off-by: Vincent Batts <vbatts@hashbangbash.com> 2015-09-09 22:17:06 +08:00
Split create and start Signed-off-by: Doug Davis <dug@us.ibm.com> 2016-04-01 23:42:13 +08:00			`## Hooks`
Expand on the definition of our ops Signed-off-by: Doug Davis <dug@us.ibm.com> 2015-10-14 01:31:03 +08:00			`Many of the operations specified in this specification have "hooks" that allow for additional actions to be taken before or after each operation.`
			`See [runtime configuration for hooks](./config.md#hooks) for more information.`