Supporting OCI hooks

Description

The running of standard OCI hooks within the lifecycle of a container is supported. There are three types of standard hooks:

  • prestart hook: executed after the isula start command is executed and before the init process of the container is started.
  • poststart hook: executed after the init process is started and before the isula start command is returned.
  • poststop hook: executed after the container is stopped and before the stop command is returned.

The configuration format specifications of OCI hooks are as follows:

  • path: (Mandatory) The value must be a character string and must be an absolute path. The specified file must have the execute permission.
  • args: (Optional) The value must be a character string array. The syntax is the same as that of args in execv.
  • env: (Optional) The value must be a character string array. The syntax is the same as that of environment variables. The content is a key-value pair, for example, PATH=/usr/bin.
  • timeout: (Optional) The value must be an integer that is greater than 0. It indicates the timeout interval for hook execution. If the running time of the hook process exceeds the configured time, the hook process is killed.

The hook configuration is in JSON format and usually stored in a file ended with json. An example is as follows:

{
        "prestart": [
            {
                "path": "/usr/bin/echo",
                "args": ["arg1", "arg2"],
                "env":  [ "key1=value1"],
                "timeout": 30
            },
            {
                "path": "/usr/bin/ls",
                "args": ["/tmp"]
            }
        ],
        "poststart": [
            {
                "path": "/usr/bin/ls",
                "args": ["/tmp"],
                "timeout": 5
            }
        ],
        "poststop": [
            {
                "path": "/tmp/cleanup.sh",
                "args": ["cleanup.sh", "-f"]
            }
        ]
}

APIs

Both iSulad and iSula provide the hook APIs. The default hook configurations provided by iSulad apply to all containers. The hook APIs provided by iSula apply only to the currently created container.

The default OCI hook configurations provided by iSulad are as follows:

  • Set the configuration item hook-spec in the /etc/isulad/daemon.json configuration file to specify the path of the hook configuration file. Example: “hook-spec”: “/etc/default/isulad/hooks/default.json”
  • Use the isulad –hook-spec parameter to set the path of the hook configuration file.

The OCI hook configurations provided by iSula are as follows:

  • isula create –hook-spec: specifies the path of the hook configuration file in JSON format.
  • isula run –hook-spec: specifies the path of the hook configuration file in JSON format.

The configuration for run takes effect in the creation phase.

Usage Restrictions

  • The path specified by hook-spec must be an absolute path.

  • The file specified by hook-spec must exist.

  • The path specified by hook-spec must contain a common text file in JSON format.

  • The file specified by hook-spec cannot exceed 10 MB.

  • path configured for hooks must be an absolute path.

  • The file that is designated by path configured for hooks must exist.

  • The file that is designated by path configured for hooks must have the execute permission.

  • The owner of the file that is designated by path configured for hooks must be user root.

  • Only user root has the write permission on the file that is designated by path configured for hooks.

  • The value of timeout configured for hooks must be greater than 0.

      

有奖捉虫

“有虫”文档片段

存在的问题

提交类型 issue
有点复杂...
找人问问吧。
PR
小问题,全程线上修改...
一键搞定!
问题类型
规范和低错类

● 错别字或拼写错误;标点符号使用错误;

● 链接错误、空单元格、格式错误;

● 英文中包含中文字符;

● 界面和描述不一致,但不影响操作;

● 表述不通顺,但不影响理解;

● 版本号不匹配:如软件包名称、界面版本号;

易用性

● 关键步骤错误或缺失,无法指导用户完成任务;

● 缺少必要的前提条件、注意事项等;

● 图形、表格、文字等晦涩难懂;

● 逻辑不清晰,该分类、分项、分步骤的没有给出;

正确性

● 技术原理、功能、规格等描述和软件不一致,存在错误;

● 原理图、架构图等存在错误;

● 命令、命令参数等错误;

● 代码片段错误;

● 命令无法完成对应功能;

● 界面错误,无法指导操作;

风险提示

● 对重要数据或系统存在风险的操作,缺少安全提示;

内容合规

● 违反法律法规,涉及政治、领土主权等敏感词;

● 内容侵权;

您对文档的总体满意度

非常不满意
非常满意
创Issue赢奖品
根据您的反馈,会自动生成issue模板。您只需点击按钮,创建issue即可。