Run windows containers

Signed-off-by: James Sturtevant <[email protected]>
containerd · Nov 4, 2021 · 8a63d20 · 8a63d20
1 parent 3cd738b
commit 8a63d20
Show file tree

Hide file tree

Showing 7 changed files with 247 additions and 170 deletions.
diff --git a/README.md b/README.md
@@ -194,6 +194,8 @@ Please certify your [Developer Certificate of Origin (DCO)](https://developercer
 
 :nerd_face: = nerdctl specific
 
+:window: = Windows enabled
+
 Unlisted `docker` CLI flags are unimplemented yet in `nerdctl` CLI.
 It does not necessarily mean that the corresponding features are missing in containerd.
 
@@ -202,10 +204,10 @@ It does not necessarily mean that the corresponding features are missing in cont
 
 
  - [Run & Exec](#run--exec)
- - [:whale: nerdctl run](#whale-nerdctl-run)
- - [:whale: nerdctl exec](#whale-nerdctl-exec)
+ - [:whale: :window: nerdctl run](#whale-nerdctl-run)
+ - [:whale: :window: nerdctl exec](#whale-nerdctl-exec)
  - [Container management](#container-management)
- - [:whale: nerdctl ps](#whale-nerdctl-ps)
+ - [:whale: :window: nerdctl ps](#whale-nerdctl-ps)
  - [:whale: nerdctl inspect](#whale-nerdctl-inspect)
  - [:whale: nerdctl logs](#whale-nerdctl-logs)
  - [:whale: nerdctl port](#whale-nerdctl-port)
@@ -221,8 +223,8 @@ It does not necessarily mean that the corresponding features are missing in cont
  - [:whale: nerdctl build](#whale-nerdctl-build)
  - [:whale: nerdctl commit](#whale-nerdctl-commit)
  - [Image management](#image-management)
- - [:whale: nerdctl images](#whale-nerdctl-images)
- - [:whale: nerdctl pull](#whale-nerdctl-pull)
+ - [:whale: :window: nerdctl images](#whale-nerdctl-images)
+ - [:whale: :window: nerdctl pull](#whale-nerdctl-pull)
  - [:whale: nerdctl push](#whale-nerdctl-push)
  - [:whale: nerdctl load](#whale-nerdctl-load)
  - [:whale: nerdctl save](#whale-nerdctl-save)
@@ -246,7 +248,7 @@ It does not necessarily mean that the corresponding features are missing in cont
  - [:whale: nerdctl volume inspect](#whale-nerdctl-volume-inspect)
  - [:whale: nerdctl volume rm](#whale-nerdctl-volume-rm)
  - [Namespace management](#namespace-management)
- - [:nerd_face: nerdctl namespace ls](#nerd_face-nerdctl-namespace-ls)
+ - [:nerd_face: :window: nerdctl namespace ls](#nerd_face-nerdctl-namespace-ls)
  - [System](#system)
  - [:whale: nerdctl events](#whale-nerdctl-events)
  - [:whale: nerdctl info](#whale-nerdctl-info)
@@ -280,11 +282,11 @@ Run a command in a new container.
 Usage: `nerdctl run [OPTIONS] IMAGE [COMMAND] [ARG...]`
 
 Basic flags:
-- :whale: `-i, --interactive`: Keep STDIN open even if not attached"
-- :whale: `-t, --tty`: Allocate a pseudo-TTY
+- :whale: :window: `-i, --interactive`: Keep STDIN open even if not attached"
+- :whale: :window: `-t, --tty`: Allocate a pseudo-TTY
  - :warning: WIP: currently `-t` requires `-i`, and conflicts with `-d`
-- :whale: `-d, --detach`: Run container in background and print container ID
-- :whale: `--restart=(no|always)`: Restart policy to apply when a container exits
+- :whale: :window: `-d, --detach`: Run container in background and print container ID
+- :whale: :window: `--restart=(no|always)`: Restart policy to apply when a container exits
  - Default: "no"
  - :warning: No support for `on-failure` and `unless-stopped`
 - :whale: `--rm`: Automatically remove the container when it exits
@@ -293,29 +295,29 @@ Basic flags:
 - :whale: `--pid=(host)`: PID namespace to use
 
 Platform flags:
-- :whale: `--platform=(amd64|arm64|...)`: Set platform
+- :whale: :window: `--platform=(amd64|arm64|...)`: Set platform
 
 Network flags:
 - :whale: `--net, --network=(bridge|host|none|<CNI>)`: Connect a container to a network
  - Default: "bridge"
  - :nerd_face: Unlike Docker, this flag can be specified multiple times (`--net foo --net bar`)
-- :whale: `-p, --publish`: Publish a container's port(s) to the host
+- :whale: :window: `-p, --publish`: Publish a container's port(s) to the host
 - :whale: `--dns`: Set custom DNS servers
-- :whale: `-h, --hostname`: Container host name
+- :whale: :window: `-h, --hostname`: Container host name
 - :whale: `--add-host`: Add a custom host-to-IP mapping (host:ip)
 
 Cgroup flags:
-- :whale: `--cpus`: Number of CPUs
+- :whale: :window: `--cpus`: Number of CPUs
 - :whale: `--cpu-shares`: CPU shares (relative weight)
 - :whale: `--cpuset-cpus`: CPUs in which to allow execution (0-3, 0,1)
-- :whale: `--memory`: Memory limit
+- :whale: :window: `--memory`: Memory limit
 - :whale: `--pids-limit`: Tune container pids limit
 - :whale: `--cgroupns=(host|private)`: Cgroup namespace to use
  - Default: "private" on cgroup v2 hosts, "host" on cgroup v1 hosts
 - :whale: `--device`: Add a host device to the container
 
 User flags:
-- :whale: `-u, --user`: Username or UID (format: <name|uid>[:<group|gid>])
+- :whale: :window: `-u, --user`: Username or UID (format: <name|uid>[:<group|gid>])
 
 Security flags:
 - :whale: `--security-opt seccomp=<PROFILE_JSON_FILE>`: specify custom seccomp profile
@@ -324,13 +326,13 @@ Security flags:
 - :whale: `--cap-add=<CAP>`: Add Linux capabilities
 - :whale: `--cap-drop=<CAP>`: Drop Linux capabilities
 - :whale: `--privileged`: Give extended privileges to this container
-
+- :nerd_face: :window: `--host-process`: Windows hostprocess container
 Runtime flags:
 - :whale: `--runtime`: Runtime to use for this container, e.g. \"crun\", or \"io.containerd.runsc.v1\".
 - :whale: `--sysctl`: Sysctl options, e.g \"net.ipv4.ip_forward=1\"
 
 Volume flags:
-- :whale: `-v, --volume`: Bind mount a volume
+- :whale: :window: `-v, --volume`: Bind mount a volume
 - :whale: `--tmpfs`: Mount a tmpfs directory
 
 Rootfs flags:
@@ -339,16 +341,16 @@ Rootfs flags:
  Corresponds to Podman CLI.
 
 Env flags:
-- :whale: `--entrypoint`: Overwrite the default ENTRYPOINT of the image
-- :whale: `-w, --workdir`: Working directory inside the container
-- :whale: `-e, --env`: Set environment variables
-- :whale: `--env-file`: Set environment variables from file
+- :whale: :window: `--entrypoint`: Overwrite the default ENTRYPOINT of the image
+- :whale: :window: `-w, --workdir`: Working directory inside the container
+- :whale: :window: `-e, --env`: Set environment variables
+- :whale: :window: `--env-file`: Set environment variables from file
 
 Metadata flags:
-- :whale: `--name`: Assign a name to the container
-- :whale: `-l, --label`: Set meta data on a container
-- :whale: `--label-file`: Read in a line delimited file of labels
-- :whale: `--cidfile`: Write the container ID to the file
+- :whale: :window: `--name`: Assign a name to the container
+- :whale: :window: `-l, --label`: Set meta data on a container
+- :whale: :window: `--label-file`: Read in a line delimited file of labels
+- :whale: :window: `--cidfile`: Write the container ID to the file
 - :nerd_face: `--pidfile`: file path to write the task's pid. The CLI syntax conforms to Podman convention.
 
 Shared memory flags:
@@ -893,7 +895,7 @@ Usage: `nerdctl volume rm [OPTIONS] VOLUME [VOLUME...]`
 
 ## Namespace management
 
-### :nerd_face: nerdctl namespace ls
+### :nerd_face: :window: nerdctl namespace ls
 List containerd namespaces such as "default", "moby", or "k8s.io".
 
 Usage: `nerdctl namespace ls [OPTIONS]`
@@ -1037,13 +1039,13 @@ Unimplemented `docker-compose ps` (V1) flags: `--quiet`, `--services`, `--filter
 Unimplemented `docker compose ps` (V2) flags: `--format`, `--status`
 
 ## Global flags
-- :nerd_face: `-a`, `--address`: containerd address, optionally with "unix:https://" prefix
+- :nerd_face: :window: `-a`, `--address`: containerd address, optionally with "unix:https://" prefix
 - :whale: `-H`, `--host`: Docker-compatible alias for `-a`, `--address`
-- :nerd_face: `-n`, `--namespace`: containerd namespace
-- :nerd_face: `--snapshotter`: containerd snapshotter
-- :nerd_face: `--cni-path`: CNI binary path (default: `/opt/cni/bin`) [`$CNI_PATH`]
-- :nerd_face: `--cni-netconfpath`: CNI netconf path (default: `/etc/cni/net.d`) [`$NETCONFPATH`]
-- :nerd_face: `--data-root`: nerdctl data root, e.g. "/var/lib/nerdctl"
+- :nerd_face: :window: `-n`, `--namespace`: containerd namespace
+- :nerd_face: :window: `--snapshotter`: containerd snapshotter
+- :nerd_face: :window: `--cni-path`: CNI binary path (default: `/opt/cni/bin`) [`$CNI_PATH`]
+- :nerd_face: :window: `--cni-netconfpath`: CNI netconf path (default: `/etc/cni/net.d`) [`$NETCONFPATH`]
+- :nerd_face: :window: `--data-root`: nerdctl data root, e.g. "/var/lib/nerdctl"
 - :nerd_face: `--cgroup-manager=(cgroupfs|systemd|none)`: cgroup manager
  - Default: "systemd" on cgroup v2 (rootful & rootless), "cgroupfs" on v1 rootful, "none" on v1 rootless
 - :nerd_face: `--insecure-registry`: skips verifying HTTPS certs, and allows falling back to plain HTTP

diff --git a/cmd/nerdctl/client.go b/cmd/nerdctl/client.go
@@ -63,6 +63,7 @@ func newClient(cmd *cobra.Command, opts ...containerd.ClientOpt) (*containerd.Cl
 
 // getDataStore returns a string like "/var/lib/nerdctl/1935db59".
 // "1935db9" is from `$(echo -n "/run/containerd/containerd.sock" | sha256sum | cut -c1-8)``
+// on Windows it will return "%PROGRAMFILES%/nerdctl/1935db59"
 func getDataStore(cmd *cobra.Command) (string, error) {
  dataRoot, err := cmd.Flags().GetString("data-root")
  if err != nil {
@@ -91,14 +92,14 @@ func getAddrHash(addr string) (string, error) {
 
  if runtime.GOOS != "windows" {
  addr = strings.TrimPrefix(addr, "unix:https://")
- }
 
- var err error
- addr, err = filepath.EvalSymlinks(addr)
- if err != nil {
- return "", err
+ var err error
+ addr, err = filepath.EvalSymlinks(addr)
+ if err != nil {
+ return "", err
+ }
  }
-
+ 
  d := digest.SHA256.FromString(addr)
  h := d.Encoded()[0:addrHashLen]
  return h, nil