Add LayerFolders to Windows platform config

[sunjayBhatia]

LayerFolders is a property that is missing from the runtime spec that is required for all useful containers on Windows.

This issue mentions extending the runtime spec with "required" platform specific fields.

[wking]

PullApprove doesn't like your Signed-off-by [1]. I'm guessing that's because the author is Sunjay Bhatia and the Signed-off-by is Matthew Horan. If you're forwarding Matthew's original Signed-off-by, you can use: Signed-off-by: Matthew Horan <mhoran@pivotal.io> Signed-off-by: Sunjay Bhatia <sbhatia@pivotal.io> Using clause (c) in the DCO [2,3]. [1]: https://pullapprove.com/opencontainers/runtime-spec/pull-request/828/ [2]: http://developercertificate.org [3]: https://github.com/opencontainers/runtime-spec/blob/v1.0.0-rc5/README.md#sign-your-work

[wking]

Just to be clear, this is something that is not covered by mounts or by image-spec unpacking? These layers need to be assembled by the runtime at container-creation time?

[sunjayBhatia]

These layers need to be assembled by the runtime at container-creation time?

Yes, this is true. As mentioned in #817 (comment), the underlying subsystem requires that a list of layer paths be passed to the kernel in order to spin up the container. These are not mounts, and I don't believe any functionality like image-spec unpacking is applicable in this case.

[wking]

For required arrays, you probably also want to require at least one entry (otherwise you might as well make the property OPTIONAL). See #769 for an example of the spec wording and minItems JSON Schema I've used for that sort of thing before.

[TomSweeneyRedHat]

Not my call, but it looks like the variables are all camelCase in here. Should this instead be "layerFolders"?

[sunjayBhatia]

thanks @wking @TomSweeneyRedHat, we made these changes and modified the commit for this PR

[sunjayBhatia]

Thanks for the note about PullApprove. We use git-duet to automatically sign our commits when pairing, and it only adds a single sign-off which corresponds to the other pair. That doesn't work with the requirements of PullApprove.

[wking]

On Mon, May 15, 2017 at 12:51:53PM -0700, Sunjay Bhatia wrote: Thanks for the note about PullApprove. We use git-duet…

I've filed git-duet/git-duet#51 in case they have any ideas about making this easier for git-duet users.

[lowenna]

@sunjayBhatia Thanks for submitting this - I was just about to add it myself!

(@wking FYI, this is the last of the additions required for Windows - the complete set is #801, #814, #815, #816, #817 and #818)

@sunjayBhatia There's a few issues here which need addressing. The LayerPaths is correct as an array of ordered folders, but it needs to be part of an object at the same level to Resources similar to how it is defined in moby/moby libcontainerd\types_windows.go.

type LayerOption struct {
	// LayerFolderPath is the path to the current layer folder. Empty for Hyper-V containers.
	LayerFolderPath string `json:",omitempty"`
	// Layer paths of the parent layers
	LayerPaths []string
}

It also needs an update to schema\config-windows.json. Let me know if you need any help with this. And thanks again 😸

[sunjayBhatia]

@jhowardmsft I'm not sure I agree with including the LayerFolderPath as something that gets included in the runtime spec, mostly because it feels like duplicate info and tying the spec to Docker implementation/hcsshim types/fields feels a little odd.

The "current layer" (sandbox layer in hcsshim parlance) seems to be equivalent to the bundle directory that an OCI compliant CLI (like runc) is given when creating a container. The bundle config.json should specify a Root.Path to the image that containers created from the bundle are based on and the CLI should activate a sandbox layer in the bundle directory since that is where the container's file system lives. When actually creating a Windows Server container from the current layer with hcsshim, we can pass the bundle directory as LayerFolderPath in the hcsshim.ContainerConfig.

With other config options, we have little choice to do anything other than bubble up the hcsshim.ContainerConfig fields up to this spec but I feel like we don't have to do that here.

[sunjayBhatia]

Updated schema/config-windows.json to reflect the new field

[tianon]

(Taking back my LGTM for now -- @jhowardmsft tells me he's going to review and comment on this one. ❤️)

[sunjayBhatia]

@wking any more thoughts on this?

[sunjayBhatia]

@jhowardmsft ^

[lowenna]

@sunjayBhatia TL;DR LGTM (not a maintainer). I'm good with this change.

However, addressing your comment above, it's slightly more complicated. We actually always need to populate a LayerFolderPath for HCS which needs to be a top-level item. I'll submit a PR for that shortly. And also at the same time, remove the sandbox path which I recently introduced. Between TP5 and RS1, there was a change in HCS such that if SandboxPath is set, it overwrites LayerFolderPath internally, even though LayerFolderPath is set. IOW, SandboxPath is completely redundant in all RTM version of Windows, and LayerFolderPath is required.

As for your comment about Root, there is no Root as such in Hyper-V containers, as the root is really only meaningful inside the Utility VM, not the host itself. In Windows Server Containers, there is a root which is a volume-style path (\\?\Volume{GUID} style) of the containers root file-system which is mounted on the host, and required.

Edit - I'm actually going to add it as SandboxPath as that's a better description than LayerFolderPath

Edit2 - There's no reason to add it. From a spec perspective, it can be in the LayerFolders as the top-most layer. And split by the runtime into the HCS API.

[wking]

This is the first instance (as far as I know) of a REQUIRED property that is a direct child of a platform property (windows, in this case). Because REQUIRED is only “if the parent is set”, I think you'll want to adjust this section to say that windows MUST be set when platform.os is windows.

Discussion in #830 may end up with platform being removed entirely. If that lands first, it will change the phrasing for the windows requirement, but requiring the windows object for configs aimed at the windows platform will still be something you want.

[sunjayBhatia]

Updated config.md to specify that the windows configuration section is required if the windows platform is set. We can update this again if #830 lands before this PR.

[wking]

I'm not entirely clear on the maintainers' preference for this (@mrunalp was going to document them), but it's possible that they'll want *Windows changed to Windows in the Go structure now that this property is required on one platform. At least, something like that was the reason given for not wanting pointers for User.UID and User.GID.

[sunjayBhatia]

Thats an interesting point. Will it be a little odd that the other platform specific fields are not pointers as well? I would expect the maintainers would like to keep these fields uniform.

[tianon]

LGTM

[lowenna]

Just spotted this. Should be all lower-case for consistency. And the config-windows.json schema file needs the matching update.

[wking]

Should be all lower-case for consistency.

There are currently some camelCase entries in config-windows.md. For example, the network properties.

[lowenna]

@darrenstahlmsft Could you open a PR to fix ^^

[sunjayBhatia]

@wking @jhowardmsft i modified the field name as per this suggestion, should I revert it back?

It looks like there are linux fields that use camel case as well.

[wking]

It looks like there are linux fields that use camel case as well.

The Linux config tries to consistently use camelCase. I don't know if the maintainers care what convention the Windows-only fields use; probably wait for them to weigh in.

[lowenna]

OK, lets leave this as is. I'll take an action item to clean up the casing once this is merged. Opened #857 to track.

[lowenna]

@wking - Are you OK with this now?

[wking]

On Thu, May 25, 2017 at 10:58:34AM -0700, John Howard wrote: @wking - Are you OK with this now?

I'm not familiar with the underlying tech, so I can't comment on that. I've just been pushing for internal consistency, and that looks pretty good to me with 284ab58. My only outstanding concern is the discrepancy between pointer policy for windows and process.user.uid [1], but Go types aren't part of the spec so we don't have to resolve that discrepancy before landing this PR. [1]: #828 (comment)

[lowenna]

ping @mrunalp @vbatts @crosbymichael Could one of you review please. Thanks. 👍

[lowenna]

I should note this is the last of the structural missing pieces in Windows for 1.0. I have proved now that the docker engine using the current spec plus this PR is fully functional.

[mrunalp]

LGTM

[TomSweeneyRedHat]

LGTM

[lowenna]

@mrunalp @tianon Can we merge? Has all the right number of "LGTM"s 😄

[lowenna]

Thanks @tianon ❤️