diff --git a/ansible/group_vars/all b/ansible/group_vars/all index eeb6511e7a2..7a23ed10b9f 100644 --- a/ansible/group_vars/all +++ b/ansible/group_vars/all @@ -212,7 +212,7 @@ invoker: userCpus: "{{ invoker_user_cpus | default() }}" # Specify if it is allowed to deploy more than 1 invoker on a single machine. allowMultipleInstances: "{{ invoker_allow_multiple_instances | default(false) }}" - # Specify if it should use docker-runc or docker to pause/unpause containers + # Specify if it should use runc or docker to pause/unpause containers useRunc: "{{ invoker_use_runc | default(true) }}" docker: become: "{{ invoker_docker_become | default(false) }}" diff --git a/ansible/roles/invoker/tasks/clean.yml b/ansible/roles/invoker/tasks/clean.yml index b8f0b2f34c9..7254e2437f0 100644 --- a/ansible/roles/invoker/tasks/clean.yml +++ b/ansible/roles/invoker/tasks/clean.yml @@ -66,9 +66,9 @@ - name: pause/resume at runc-level to restore docker consistency shell: | DOCKER_PAUSED=$(docker ps --filter status=paused --filter name=wsk{{ invoker_index }} -q --no-trunc) - for C in $DOCKER_PAUSED; do docker-runc --root {{ invoker.docker.runcdir }} pause $C; done + for C in $DOCKER_PAUSED; do runc --root {{ invoker.docker.runcdir }} pause $C; done DOCKER_RUNNING=$(docker ps --filter status=running --filter name=wsk{{ invoker_index }} -q --no-trunc) - for C2 in $DOCKER_RUNNING; do docker-runc --root {{ invoker.docker.runcdir }} resume $C2; done + for C2 in $DOCKER_RUNNING; do runc --root {{ invoker.docker.runcdir }} resume $C2; done TOTAL=$(($(echo $DOCKER_PAUSED | wc -w)+$(echo $DOCKER_RUNNING | wc -w))) echo "Handled $TOTAL remaining actions." register: runc_output diff --git a/ansible/roles/invoker/tasks/deploy.yml b/ansible/roles/invoker/tasks/deploy.yml index fba7bf94bd1..2f95645081c 100644 --- a/ansible/roles/invoker/tasks/deploy.yml +++ b/ansible/roles/invoker/tasks/deploy.yml @@ -383,8 +383,8 @@ {{ docker_sock | default('/var/run/docker.sock') }}:/var/run/docker.sock" ### # The root runc directory varies based on the version of docker and runc. -# When docker>=18.06 uses docker-runc the directory is /run/docker/runtime-runc/moby. -# While docker-runc itself uses /run/runc for a root user or /run/user//runc for a non-root user. +# When docker>=18.06 uses runc the directory is /run/docker/runtime-runc/moby. +# While runc itself uses /run/runc for a root user or /run/user//runc for a non-root user. # Currently, the invoker is running as a root user so the below configuration works as expected. # But when the invoker needs to run as a non-root user or the version docker needs to be changed, # the following configuration should be properly updated as well. diff --git a/core/controller/Dockerfile b/core/controller/Dockerfile index 287935326f2..670c0dbebfe 100644 --- a/core/controller/Dockerfile +++ b/core/controller/Dockerfile @@ -28,7 +28,7 @@ ENV SWAGGER_UI_DOWNLOAD_SHA256=3d7ef5ddc59e10f132fe99771498f0f1ba7a2cbfb9585f986 # If you change the docker version here, it has implications on invoker runc support. # Docker server version and the invoker docker version must be the same to enable runc usage. # If this cannot be guaranteed, set `invoker_use_runc: false` in the ansible env. -ENV DOCKER_VERSION=18.06.3-ce +ENV DOCKER_VERSION=23.0.6 RUN apk add --update openssl @@ -36,10 +36,10 @@ RUN apk add --update openssl # Install docker client RUN curl -sSL -o docker-${DOCKER_VERSION}.tgz https://download.docker.com/linux/static/stable/x86_64/docker-${DOCKER_VERSION}.tgz && \ tar --strip-components 1 -xvzf docker-${DOCKER_VERSION}.tgz -C /usr/bin docker/docker && \ - tar --strip-components 1 -xvzf docker-${DOCKER_VERSION}.tgz -C /usr/bin docker/docker-runc && \ + tar --strip-components 1 -xvzf docker-${DOCKER_VERSION}.tgz -C /usr/bin docker/runc && \ rm -f docker-${DOCKER_VERSION}.tgz && \ chmod +x /usr/bin/docker && \ - chmod +x /usr/bin/docker-runc + chmod +x /usr/bin/runc ################################################################################################## # Install swagger-ui diff --git a/core/controller/Dockerfile-debian b/core/controller/Dockerfile-debian index f17dde803dc..4d4d4488fc5 100644 --- a/core/controller/Dockerfile-debian +++ b/core/controller/Dockerfile-debian @@ -28,7 +28,7 @@ ENV SWAGGER_UI_DOWNLOAD_SHA256=3d7ef5ddc59e10f132fe99771498f0f1ba7a2cbfb9585f986 # If you change the docker version here, it has implications on invoker runc support. # Docker server version and the invoker docker version must be the same to enable runc usage. # If this cannot be guaranteed, set `invoker_use_runc: false` in the ansible env. -ENV DOCKER_VERSION=18.06.3-ce +ENV DOCKER_VERSION=23.0.6 RUN apt-get -y install openssl @@ -36,10 +36,10 @@ RUN apt-get -y install openssl # Install docker client RUN curl -sSL -o docker-${DOCKER_VERSION}.tgz https://download.docker.com/linux/static/stable/x86_64/docker-${DOCKER_VERSION}.tgz && \ tar --strip-components 1 -xvzf docker-${DOCKER_VERSION}.tgz -C /usr/bin docker/docker && \ - tar --strip-components 1 -xvzf docker-${DOCKER_VERSION}.tgz -C /usr/bin docker/docker-runc && \ + tar --strip-components 1 -xvzf docker-${DOCKER_VERSION}.tgz -C /usr/bin docker/runc && \ rm -f docker-${DOCKER_VERSION}.tgz && \ chmod +x /usr/bin/docker && \ - chmod +x /usr/bin/docker-runc + chmod +x /usr/bin/runc ################################################################################################## # Install swagger-ui diff --git a/core/invoker/Dockerfile b/core/invoker/Dockerfile index ca1561d7d2e..36581e4cff8 100644 --- a/core/invoker/Dockerfile +++ b/core/invoker/Dockerfile @@ -19,7 +19,7 @@ FROM scala ENV UID=1001 \ NOT_ROOT_USER=owuser \ - DOCKER_VERSION=18.06.3-ce + DOCKER_VERSION=23.0.6 # If you change the docker version here, it has implications on invoker runc support. # Docker server version and the invoker docker version must be the same to enable runc usage. # If this cannot be guaranteed, set `invoker_use_runc: false` in the ansible env. @@ -31,10 +31,10 @@ RUN apk add --update openssl # Install docker client RUN curl -sSL -o docker-${DOCKER_VERSION}.tgz https://download.docker.com/linux/static/stable/x86_64/docker-${DOCKER_VERSION}.tgz && \ tar --strip-components 1 -xvzf docker-${DOCKER_VERSION}.tgz -C /usr/bin docker/docker && \ - tar --strip-components 1 -xvzf docker-${DOCKER_VERSION}.tgz -C /usr/bin docker/docker-runc && \ + tar --strip-components 1 -xvzf docker-${DOCKER_VERSION}.tgz -C /usr/bin docker/runc && \ rm -f docker-${DOCKER_VERSION}.tgz && \ chmod +x /usr/bin/docker && \ - chmod +x /usr/bin/docker-runc + chmod +x /usr/bin/runc ADD build/distributions/invoker.tar ./ diff --git a/core/invoker/Dockerfile-debian b/core/invoker/Dockerfile-debian index ed205a30b28..8069f773b15 100644 --- a/core/invoker/Dockerfile-debian +++ b/core/invoker/Dockerfile-debian @@ -19,7 +19,7 @@ FROM scala ENV UID=1001 \ NOT_ROOT_USER=owuser - ENV DOCKER_VERSION=18.06.3-ce + ENV DOCKER_VERSION=23.0.6 # If you change the docker version here, it has implications on invoker runc support. # Docker server version and the invoker docker version must be the same to enable runc usage. # If this cannot be guaranteed, set `invoker_use_runc: false` in the ansible env. @@ -31,10 +31,10 @@ RUN apt-get -y install openssl # Install docker client RUN curl -sSL -o docker-${DOCKER_VERSION}.tgz https://download.docker.com/linux/static/stable/x86_64/docker-${DOCKER_VERSION}.tgz && \ tar --strip-components 1 -xvzf docker-${DOCKER_VERSION}.tgz -C /usr/bin docker/docker && \ - tar --strip-components 1 -xvzf docker-${DOCKER_VERSION}.tgz -C /usr/bin docker/docker-runc && \ + tar --strip-components 1 -xvzf docker-${DOCKER_VERSION}.tgz -C /usr/bin docker/runc && \ rm -f docker-${DOCKER_VERSION}.tgz && \ chmod +x /usr/bin/docker && \ - chmod +x /usr/bin/docker-runc + chmod +x /usr/bin/runc ADD build/distributions/invoker.tar ./ diff --git a/core/invoker/src/main/resources/application.conf b/core/invoker/src/main/resources/application.conf index 61c33e063d8..ba7f50bf39b 100644 --- a/core/invoker/src/main/resources/application.conf +++ b/core/invoker/src/main/resources/application.conf @@ -50,7 +50,7 @@ whisk { } docker.container-factory { - # Use runc (docker-runc) for pause/resume functionality in DockerContainerFactory + # Use runc for pause/resume functionality in DockerContainerFactory use-runc: true } diff --git a/core/invoker/src/main/scala/org/apache/openwhisk/core/containerpool/docker/DockerContainer.scala b/core/invoker/src/main/scala/org/apache/openwhisk/core/containerpool/docker/DockerContainer.scala index 378000b52ca..f0dd13c82ca 100644 --- a/core/invoker/src/main/scala/org/apache/openwhisk/core/containerpool/docker/DockerContainer.scala +++ b/core/invoker/src/main/scala/org/apache/openwhisk/core/containerpool/docker/DockerContainer.scala @@ -55,7 +55,7 @@ object DockerContainer { * @param network network to launch the container in * @param dnsServers list of dns servers to use in the container * @param name optional name for the container - * @param useRunc use docker-runc to pause/unpause container? + * @param useRunc use runc to pause/unpause container? * @return a Future which either completes with a DockerContainer or one of two specific failures */ def create(transid: TransactionId, diff --git a/core/invoker/src/main/scala/org/apache/openwhisk/core/containerpool/docker/RuncClient.scala b/core/invoker/src/main/scala/org/apache/openwhisk/core/containerpool/docker/RuncClient.scala index 79b213ebbfb..54f393cb638 100644 --- a/core/invoker/src/main/scala/org/apache/openwhisk/core/containerpool/docker/RuncClient.scala +++ b/core/invoker/src/main/scala/org/apache/openwhisk/core/containerpool/docker/RuncClient.scala @@ -56,7 +56,7 @@ class RuncClient(timeouts: RuncClientTimeouts = loadConfigOrThrow[RuncClientTime // Determines how to run docker. Failure to find a Docker binary implies // a failure to initialize this instance of DockerClient. - protected val runcCmd: Seq[String] = Seq("/usr/bin/docker-runc") + protected val runcCmd: Seq[String] = Seq("/usr/bin/runc") def pause(id: ContainerId)(implicit transid: TransactionId): Future[Unit] = runCmd(Seq("pause", id.asString), timeouts.pause).map(_ => ()) diff --git a/docs/deploy.md b/docs/deploy.md index 93cf05ca81d..ffbe00bd766 100644 --- a/docs/deploy.md +++ b/docs/deploy.md @@ -48,12 +48,12 @@ OpenWhisk used to support both shared state and a sharding model. The former has The sharding loadbalancer has the caveat of being limited in its scalability in its current implementation. It uses "horizontal" sharding, which means that the slots on each invoker are evenly divided to the loadbalancers. For example: In a system with 2 loadbalancers and invokers which have 16 slots each, each loadbalancer would get 8 slots on each invoker. In this specific case, a cluster of loadbalancers > 16 instances does not make sense, since each loadbalancer would only have a fraction of a slot above that. The code guards against that but it is strongly recommended not to deploy more sharding loadbalancers than there are slots on each invoker. -# Invoker use of docker-runc +# Invoker use of runc -To improve performance, Invokers attempt to maintain warm containers for frequently executed actions. To optimize resource usage, the action containers are paused/unpaused between invocations. The system can be configured to use either docker-runc or docker to perform the pause/unpause operations by setting the value of the environment variable INVOKER_USE_RUNC to true or false respectively. If not set, it will default to true (use docker-runc). +To improve performance, Invokers attempt to maintain warm containers for frequently executed actions. To optimize resource usage, the action containers are paused/unpaused between invocations. The system can be configured to use either runc or docker to perform the pause/unpause operations by setting the value of the environment variable INVOKER_USE_RUNC to true or false respectively. If not set, it will default to true (use runc). -Using docker-runc obtains significantly better performance, but requires that the version of docker-runc within the invoker container is an exact version match to the docker-runc of the host environment. Failure to get an exact version match will results in error messages like: +Using runc obtains significantly better performance, but requires that the version of runc within the invoker container is an exact version match to the runc of the host environment. Failure to get an exact version match will results in error messages like: ``` 2017-09-29T20:15:54.551Z] [ERROR] [#sid_102] [RuncClient] code: 1, stdout: , stderr: json: cannot unmarshal object into Go value of type []string [marker:invoker_runc.pause_error:6830148:259] ``` -When a docker-runc operations results in an error, the container will be killed by the invoker. This results in missed opportunities for container reuse and poor performance. Setting INVOKER_USE_RUNC to false can be used as a workaround until proper usage of docker-runc can be configured for the deployment. +When a runc operations results in an error, the container will be killed by the invoker. This results in missed opportunities for container reuse and poor performance. Setting INVOKER_USE_RUNC to false can be used as a workaround until proper usage of runc can be configured for the deployment. diff --git a/tests/src/test/scala/org/apache/openwhisk/core/containerpool/docker/test/RuncClientTests.scala b/tests/src/test/scala/org/apache/openwhisk/core/containerpool/docker/test/RuncClientTests.scala index 0c24a9f4f9d..b8c1a41c6b1 100644 --- a/tests/src/test/scala/org/apache/openwhisk/core/containerpool/docker/test/RuncClientTests.scala +++ b/tests/src/test/scala/org/apache/openwhisk/core/containerpool/docker/test/RuncClientTests.scala @@ -52,7 +52,7 @@ class RuncClientTests implicit val transid = TransactionId.testing val id = ContainerId("Id") - val runcCommand = "docker-runc" + val runcCommand = "runc" /** Returns a RuncClient with a mocked result for 'executeProcess' */ def runcClient(result: Future[String]) = new RuncClient()(global) {