This is an automated email from the ASF dual-hosted git repository.
style95 pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/openwhisk.git
The following commit(s) were added to refs/heads/master by this push:
new 8af209262 Upgrade the docker version to 23.0.6 (#5436)
8af209262 is described below
commit 8af209262c98e07b8cc3cb688d5d48f633f2d006
Author: Dominic Kim <[email protected]>
AuthorDate: Wed Mar 6 09:13:05 2024 +0900
Upgrade the docker version to 23.0.6 (#5436)
* Upgrade the docker version to 23.0.6
* Maximize build space
* Revert cleaning up docker volumes
---
ansible/group_vars/all | 2 +-
ansible/roles/invoker/tasks/clean.yml | 4 ++--
ansible/roles/invoker/tasks/deploy.yml | 4 ++--
core/controller/Dockerfile | 6 +++---
core/controller/Dockerfile-debian | 6 +++---
core/invoker/Dockerfile | 6 +++---
core/invoker/Dockerfile-debian | 6 +++---
core/invoker/src/main/resources/application.conf | 2 +-
.../openwhisk/core/containerpool/docker/DockerContainer.scala | 2 +-
.../apache/openwhisk/core/containerpool/docker/RuncClient.scala | 2 +-
docs/deploy.md | 8 ++++----
.../core/containerpool/docker/test/RuncClientTests.scala | 2 +-
12 files changed, 25 insertions(+), 25 deletions(-)
diff --git a/ansible/group_vars/all b/ansible/group_vars/all
index eeb6511e7..7a23ed10b 100644
--- a/ansible/group_vars/all
+++ b/ansible/group_vars/all
@@ -212,7 +212,7 @@ invoker:
userCpus: "{{ invoker_user_cpus | default() }}"
# Specify if it is allowed to deploy more than 1 invoker on a single machine.
allowMultipleInstances: "{{ invoker_allow_multiple_instances |
default(false) }}"
- # Specify if it should use docker-runc or docker to pause/unpause containers
+ # Specify if it should use runc or docker to pause/unpause containers
useRunc: "{{ invoker_use_runc | default(true) }}"
docker:
become: "{{ invoker_docker_become | default(false) }}"
diff --git a/ansible/roles/invoker/tasks/clean.yml
b/ansible/roles/invoker/tasks/clean.yml
index b8f0b2f34..7254e2437 100644
--- a/ansible/roles/invoker/tasks/clean.yml
+++ b/ansible/roles/invoker/tasks/clean.yml
@@ -66,9 +66,9 @@
- name: pause/resume at runc-level to restore docker consistency
shell: |
DOCKER_PAUSED=$(docker ps --filter status=paused --filter name=wsk{{
invoker_index }} -q --no-trunc)
- for C in $DOCKER_PAUSED; do docker-runc --root {{
invoker.docker.runcdir }} pause $C; done
+ for C in $DOCKER_PAUSED; do runc --root {{ invoker.docker.runcdir }}
pause $C; done
DOCKER_RUNNING=$(docker ps --filter status=running --filter name=wsk{{
invoker_index }} -q --no-trunc)
- for C2 in $DOCKER_RUNNING; do docker-runc --root {{
invoker.docker.runcdir }} resume $C2; done
+ for C2 in $DOCKER_RUNNING; do runc --root {{ invoker.docker.runcdir }}
resume $C2; done
TOTAL=$(($(echo $DOCKER_PAUSED | wc -w)+$(echo $DOCKER_RUNNING | wc
-w)))
echo "Handled $TOTAL remaining actions."
register: runc_output
diff --git a/ansible/roles/invoker/tasks/deploy.yml
b/ansible/roles/invoker/tasks/deploy.yml
index fba7bf94b..2f9564508 100644
--- a/ansible/roles/invoker/tasks/deploy.yml
+++ b/ansible/roles/invoker/tasks/deploy.yml
@@ -383,8 +383,8 @@
{{ docker_sock | default('/var/run/docker.sock') }}:/var/run/docker.sock"
###
# The root runc directory varies based on the version of docker and runc.
-# When docker>=18.06 uses docker-runc the directory is
/run/docker/runtime-runc/moby.
-# While docker-runc itself uses /run/runc for a root user or
/run/user/<uid>/runc for a non-root user.
+# When docker>=18.06 uses runc the directory is /run/docker/runtime-runc/moby.
+# While runc itself uses /run/runc for a root user or /run/user/<uid>/runc for
a non-root user.
# Currently, the invoker is running as a root user so the below configuration
works as expected.
# But when the invoker needs to run as a non-root user or the version docker
needs to be changed,
# the following configuration should be properly updated as well.
diff --git a/core/controller/Dockerfile b/core/controller/Dockerfile
index 287935326..670c0dbeb 100644
--- a/core/controller/Dockerfile
+++ b/core/controller/Dockerfile
@@ -28,7 +28,7 @@ ENV
SWAGGER_UI_DOWNLOAD_SHA256=3d7ef5ddc59e10f132fe99771498f0f1ba7a2cbfb9585f986
# If you change the docker version here, it has implications on invoker runc
support.
# Docker server version and the invoker docker version must be the same to
enable runc usage.
# If this cannot be guaranteed, set `invoker_use_runc: false` in the ansible
env.
-ENV DOCKER_VERSION=18.06.3-ce
+ENV DOCKER_VERSION=23.0.6
RUN apk add --update openssl
@@ -36,10 +36,10 @@ RUN apk add --update openssl
# Install docker client
RUN curl -sSL -o docker-${DOCKER_VERSION}.tgz
https://download.docker.com/linux/static/stable/x86_64/docker-${DOCKER_VERSION}.tgz
&& \
tar --strip-components 1 -xvzf docker-${DOCKER_VERSION}.tgz -C /usr/bin
docker/docker && \
- tar --strip-components 1 -xvzf docker-${DOCKER_VERSION}.tgz -C /usr/bin
docker/docker-runc && \
+ tar --strip-components 1 -xvzf docker-${DOCKER_VERSION}.tgz -C /usr/bin
docker/runc && \
rm -f docker-${DOCKER_VERSION}.tgz && \
chmod +x /usr/bin/docker && \
- chmod +x /usr/bin/docker-runc
+ chmod +x /usr/bin/runc
##################################################################################################
# Install swagger-ui
diff --git a/core/controller/Dockerfile-debian
b/core/controller/Dockerfile-debian
index f17dde803..4d4d4488f 100644
--- a/core/controller/Dockerfile-debian
+++ b/core/controller/Dockerfile-debian
@@ -28,7 +28,7 @@ ENV
SWAGGER_UI_DOWNLOAD_SHA256=3d7ef5ddc59e10f132fe99771498f0f1ba7a2cbfb9585f986
# If you change the docker version here, it has implications on invoker runc
support.
# Docker server version and the invoker docker version must be the same to
enable runc usage.
# If this cannot be guaranteed, set `invoker_use_runc: false` in the ansible
env.
-ENV DOCKER_VERSION=18.06.3-ce
+ENV DOCKER_VERSION=23.0.6
RUN apt-get -y install openssl
@@ -36,10 +36,10 @@ RUN apt-get -y install openssl
# Install docker client
RUN curl -sSL -o docker-${DOCKER_VERSION}.tgz
https://download.docker.com/linux/static/stable/x86_64/docker-${DOCKER_VERSION}.tgz
&& \
tar --strip-components 1 -xvzf docker-${DOCKER_VERSION}.tgz -C /usr/bin
docker/docker && \
- tar --strip-components 1 -xvzf docker-${DOCKER_VERSION}.tgz -C /usr/bin
docker/docker-runc && \
+ tar --strip-components 1 -xvzf docker-${DOCKER_VERSION}.tgz -C /usr/bin
docker/runc && \
rm -f docker-${DOCKER_VERSION}.tgz && \
chmod +x /usr/bin/docker && \
- chmod +x /usr/bin/docker-runc
+ chmod +x /usr/bin/runc
##################################################################################################
# Install swagger-ui
diff --git a/core/invoker/Dockerfile b/core/invoker/Dockerfile
index ca1561d7d..36581e4cf 100644
--- a/core/invoker/Dockerfile
+++ b/core/invoker/Dockerfile
@@ -19,7 +19,7 @@ FROM scala
ENV UID=1001 \
NOT_ROOT_USER=owuser \
- DOCKER_VERSION=18.06.3-ce
+ DOCKER_VERSION=23.0.6
# If you change the docker version here, it has implications on invoker runc
support.
# Docker server version and the invoker docker version must be the same to
enable runc usage.
# If this cannot be guaranteed, set `invoker_use_runc: false` in the ansible
env.
@@ -31,10 +31,10 @@ RUN apk add --update openssl
# Install docker client
RUN curl -sSL -o docker-${DOCKER_VERSION}.tgz
https://download.docker.com/linux/static/stable/x86_64/docker-${DOCKER_VERSION}.tgz
&& \
tar --strip-components 1 -xvzf docker-${DOCKER_VERSION}.tgz -C /usr/bin
docker/docker && \
- tar --strip-components 1 -xvzf docker-${DOCKER_VERSION}.tgz -C /usr/bin
docker/docker-runc && \
+ tar --strip-components 1 -xvzf docker-${DOCKER_VERSION}.tgz -C /usr/bin
docker/runc && \
rm -f docker-${DOCKER_VERSION}.tgz && \
chmod +x /usr/bin/docker && \
- chmod +x /usr/bin/docker-runc
+ chmod +x /usr/bin/runc
ADD build/distributions/invoker.tar ./
diff --git a/core/invoker/Dockerfile-debian b/core/invoker/Dockerfile-debian
index ed205a30b..8069f773b 100644
--- a/core/invoker/Dockerfile-debian
+++ b/core/invoker/Dockerfile-debian
@@ -19,7 +19,7 @@ FROM scala
ENV UID=1001 \
NOT_ROOT_USER=owuser
- ENV DOCKER_VERSION=18.06.3-ce
+ ENV DOCKER_VERSION=23.0.6
# If you change the docker version here, it has implications on invoker runc
support.
# Docker server version and the invoker docker version must be the same to
enable runc usage.
# If this cannot be guaranteed, set `invoker_use_runc: false` in the ansible
env.
@@ -31,10 +31,10 @@ RUN apt-get -y install openssl
# Install docker client
RUN curl -sSL -o docker-${DOCKER_VERSION}.tgz
https://download.docker.com/linux/static/stable/x86_64/docker-${DOCKER_VERSION}.tgz
&& \
tar --strip-components 1 -xvzf docker-${DOCKER_VERSION}.tgz -C /usr/bin
docker/docker && \
- tar --strip-components 1 -xvzf docker-${DOCKER_VERSION}.tgz -C /usr/bin
docker/docker-runc && \
+ tar --strip-components 1 -xvzf docker-${DOCKER_VERSION}.tgz -C /usr/bin
docker/runc && \
rm -f docker-${DOCKER_VERSION}.tgz && \
chmod +x /usr/bin/docker && \
- chmod +x /usr/bin/docker-runc
+ chmod +x /usr/bin/runc
ADD build/distributions/invoker.tar ./
diff --git a/core/invoker/src/main/resources/application.conf
b/core/invoker/src/main/resources/application.conf
index 61c33e063..ba7f50bf3 100644
--- a/core/invoker/src/main/resources/application.conf
+++ b/core/invoker/src/main/resources/application.conf
@@ -50,7 +50,7 @@ whisk {
}
docker.container-factory {
- # Use runc (docker-runc) for pause/resume functionality in
DockerContainerFactory
+ # Use runc for pause/resume functionality in DockerContainerFactory
use-runc: true
}
diff --git
a/core/invoker/src/main/scala/org/apache/openwhisk/core/containerpool/docker/DockerContainer.scala
b/core/invoker/src/main/scala/org/apache/openwhisk/core/containerpool/docker/DockerContainer.scala
index 378000b52..f0dd13c82 100644
---
a/core/invoker/src/main/scala/org/apache/openwhisk/core/containerpool/docker/DockerContainer.scala
+++
b/core/invoker/src/main/scala/org/apache/openwhisk/core/containerpool/docker/DockerContainer.scala
@@ -55,7 +55,7 @@ object DockerContainer {
* @param network network to launch the container in
* @param dnsServers list of dns servers to use in the container
* @param name optional name for the container
- * @param useRunc use docker-runc to pause/unpause container?
+ * @param useRunc use runc to pause/unpause container?
* @return a Future which either completes with a DockerContainer or one of
two specific failures
*/
def create(transid: TransactionId,
diff --git
a/core/invoker/src/main/scala/org/apache/openwhisk/core/containerpool/docker/RuncClient.scala
b/core/invoker/src/main/scala/org/apache/openwhisk/core/containerpool/docker/RuncClient.scala
index 79b213ebb..54f393cb6 100644
---
a/core/invoker/src/main/scala/org/apache/openwhisk/core/containerpool/docker/RuncClient.scala
+++
b/core/invoker/src/main/scala/org/apache/openwhisk/core/containerpool/docker/RuncClient.scala
@@ -56,7 +56,7 @@ class RuncClient(timeouts: RuncClientTimeouts =
loadConfigOrThrow[RuncClientTime
// Determines how to run docker. Failure to find a Docker binary implies
// a failure to initialize this instance of DockerClient.
- protected val runcCmd: Seq[String] = Seq("/usr/bin/docker-runc")
+ protected val runcCmd: Seq[String] = Seq("/usr/bin/runc")
def pause(id: ContainerId)(implicit transid: TransactionId): Future[Unit] =
runCmd(Seq("pause", id.asString), timeouts.pause).map(_ => ())
diff --git a/docs/deploy.md b/docs/deploy.md
index 93cf05ca8..ffbe00bd7 100644
--- a/docs/deploy.md
+++ b/docs/deploy.md
@@ -48,12 +48,12 @@ OpenWhisk used to support both shared state and a sharding
model. The former has
The sharding loadbalancer has the caveat of being limited in its scalability
in its current implementation. It uses "horizontal" sharding, which means that
the slots on each invoker are evenly divided to the loadbalancers. For example:
In a system with 2 loadbalancers and invokers which have 16 slots each, each
loadbalancer would get 8 slots on each invoker. In this specific case, a
cluster of loadbalancers > 16 instances does not make sense, since each
loadbalancer would only have a fra [...]
-# Invoker use of docker-runc
+# Invoker use of runc
-To improve performance, Invokers attempt to maintain warm containers for
frequently executed actions. To optimize resource usage, the action containers
are paused/unpaused between invocations. The system can be configured to use
either docker-runc or docker to perform the pause/unpause operations by setting
the value of the environment variable INVOKER_USE_RUNC to true or false
respectively. If not set, it will default to true (use docker-runc).
+To improve performance, Invokers attempt to maintain warm containers for
frequently executed actions. To optimize resource usage, the action containers
are paused/unpaused between invocations. The system can be configured to use
either runc or docker to perform the pause/unpause operations by setting the
value of the environment variable INVOKER_USE_RUNC to true or false
respectively. If not set, it will default to true (use runc).
-Using docker-runc obtains significantly better performance, but requires that
the version of docker-runc within the invoker container is an exact version
match to the docker-runc of the host environment. Failure to get an exact
version match will results in error messages like:
+Using runc obtains significantly better performance, but requires that the
version of runc within the invoker container is an exact version match to the
runc of the host environment. Failure to get an exact version match will
results in error messages like:
```
2017-09-29T20:15:54.551Z] [ERROR] [#sid_102] [RuncClient] code: 1, stdout: ,
stderr: json: cannot unmarshal object into Go value of type []string
[marker:invoker_runc.pause_error:6830148:259]
```
-When a docker-runc operations results in an error, the container will be
killed by the invoker. This results in missed opportunities for container
reuse and poor performance. Setting INVOKER_USE_RUNC to false can be used as a
workaround until proper usage of docker-runc can be configured for the
deployment.
+When a runc operations results in an error, the container will be killed by
the invoker. This results in missed opportunities for container reuse and poor
performance. Setting INVOKER_USE_RUNC to false can be used as a workaround
until proper usage of runc can be configured for the deployment.
diff --git
a/tests/src/test/scala/org/apache/openwhisk/core/containerpool/docker/test/RuncClientTests.scala
b/tests/src/test/scala/org/apache/openwhisk/core/containerpool/docker/test/RuncClientTests.scala
index 0c24a9f4f..b8c1a41c6 100644
---
a/tests/src/test/scala/org/apache/openwhisk/core/containerpool/docker/test/RuncClientTests.scala
+++
b/tests/src/test/scala/org/apache/openwhisk/core/containerpool/docker/test/RuncClientTests.scala
@@ -52,7 +52,7 @@ class RuncClientTests
implicit val transid = TransactionId.testing
val id = ContainerId("Id")
- val runcCommand = "docker-runc"
+ val runcCommand = "runc"
/** Returns a RuncClient with a mocked result for 'executeProcess' */
def runcClient(result: Future[String]) = new RuncClient()(global) {
